1/* 2 * Copyright (c) 2003+ Evgeniy Polyakov <johnpol@2ka.mxt.ru> 3 * 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 */ 19 20#ifndef _XT_OSF_H 21#define _XT_OSF_H 22 23#include <linux/types.h> 24 25#define MAXGENRELEN 32 26 27#define XT_OSF_GENRE (1<<0) 28#define XT_OSF_TTL (1<<1) 29#define XT_OSF_LOG (1<<2) 30#define XT_OSF_INVERT (1<<3) 31 32#define XT_OSF_LOGLEVEL_ALL 0 /* log all matched fingerprints */ 33#define XT_OSF_LOGLEVEL_FIRST 1 /* log only the first matced fingerprint */ 34#define XT_OSF_LOGLEVEL_ALL_KNOWN 2 /* do not log unknown packets */ 35 36#define XT_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */ 37#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */ 38#define XT_OSF_TTL_NOCHECK 2 /* Do not compare ip and fingerprint TTL at all */ 39 40struct xt_osf_info { 41 char genre[MAXGENRELEN]; 42 __u32 len; 43 __u32 flags; 44 __u32 loglevel; 45 __u32 ttl; 46}; 47 48/* 49 * Wildcard MSS (kind of). 50 * It is used to implement a state machine for the different wildcard values 51 * of the MSS and window sizes. 52 */ 53struct xt_osf_wc { 54 __u32 wc; 55 __u32 val; 56}; 57 58/* 59 * This struct represents IANA options 60 * http://www.iana.org/assignments/tcp-parameters 61 */ 62struct xt_osf_opt { 63 __u16 kind, length; 64 struct xt_osf_wc wc; 65}; 66 67struct xt_osf_user_finger { 68 struct xt_osf_wc wss; 69 70 __u8 ttl, df; 71 __u16 ss, mss; 72 __u16 opt_num; 73 74 char genre[MAXGENRELEN]; 75 char version[MAXGENRELEN]; 76 char subtype[MAXGENRELEN]; 77 78 /* MAX_IPOPTLEN is maximum if all options are NOPs or EOLs */ 79 struct xt_osf_opt opt[MAX_IPOPTLEN]; 80}; 81 82struct xt_osf_nlmsg { 83 struct xt_osf_user_finger f; 84 struct iphdr ip; 85 struct tcphdr tcp; 86}; 87 88/* Defines for IANA option kinds */ 89 90enum iana_options { 91 OSFOPT_EOL = 0, /* End of options */ 92 OSFOPT_NOP, /* NOP */ 93 OSFOPT_MSS, /* Maximum segment size */ 94 OSFOPT_WSO, /* Window scale option */ 95 OSFOPT_SACKP, /* SACK permitted */ 96 OSFOPT_SACK, /* SACK */ 97 OSFOPT_ECHO, 98 OSFOPT_ECHOREPLY, 99 OSFOPT_TS, /* Timestamp option */ 100 OSFOPT_POCP, /* Partial Order Connection Permitted */ 101 OSFOPT_POSP, /* Partial Order Service Profile */ 102 103 /* Others are not used in the current OSF */ 104 OSFOPT_EMPTY = 255, 105}; 106 107/* 108 * Initial window size option state machine: multiple of mss, mtu or 109 * plain numeric value. Can also be made as plain numeric value which 110 * is not a multiple of specified value. 111 */ 112enum xt_osf_window_size_options { 113 OSF_WSS_PLAIN = 0, 114 OSF_WSS_MSS, 115 OSF_WSS_MTU, 116 OSF_WSS_MODULO, 117 OSF_WSS_MAX, 118}; 119 120/* 121 * Add/remove fingerprint from the kernel. 122 */ 123enum xt_osf_msg_types { 124 OSF_MSG_ADD, 125 OSF_MSG_REMOVE, 126 OSF_MSG_MAX, 127}; 128 129enum xt_osf_attr_type { 130 OSF_ATTR_UNSPEC, 131 OSF_ATTR_FINGER, 132 OSF_ATTR_MAX, 133}; 134 135#endif /* _XT_OSF_H */ 136