1/* 2 * Copyright (c) 2003+ Evgeniy Polyakov <johnpol@2ka.mxt.ru> 3 * 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19#ifndef _XT_OSF_H 20#define _XT_OSF_H 21 22#include <linux/types.h> 23 24#define MAXGENRELEN 32 25 26#define XT_OSF_GENRE (1<<0) 27#define XT_OSF_TTL (1<<1) 28#define XT_OSF_LOG (1<<2) 29#define XT_OSF_INVERT (1<<3) 30 31#define XT_OSF_LOGLEVEL_ALL 0 /* log all matched fingerprints */ 32#define XT_OSF_LOGLEVEL_FIRST 1 /* log only the first matced fingerprint */ 33#define XT_OSF_LOGLEVEL_ALL_KNOWN 2 /* do not log unknown packets */ 34 35#define XT_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */ 36#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */ 37#define XT_OSF_TTL_NOCHECK 2 /* Do not compare ip and fingerprint TTL at all */ 38 39struct xt_osf_info { 40 char genre[MAXGENRELEN]; 41 __u32 len; 42 __u32 flags; 43 __u32 loglevel; 44 __u32 ttl; 45}; 46 47/* 48 * Wildcard MSS (kind of). 49 * It is used to implement a state machine for the different wildcard values 50 * of the MSS and window sizes. 51 */ 52struct xt_osf_wc { 53 __u32 wc; 54 __u32 val; 55}; 56 57/* 58 * This struct represents IANA options 59 * http://www.iana.org/assignments/tcp-parameters 60 */ 61struct xt_osf_opt { 62 __u16 kind, length; 63 struct xt_osf_wc wc; 64}; 65 66struct xt_osf_user_finger { 67 struct xt_osf_wc wss; 68 69 __u8 ttl, df; 70 __u16 ss, mss; 71 __u16 opt_num; 72 73 char genre[MAXGENRELEN]; 74 char version[MAXGENRELEN]; 75 char subtype[MAXGENRELEN]; 76 77 /* MAX_IPOPTLEN is maximum if all options are NOPs or EOLs */ 78 struct xt_osf_opt opt[MAX_IPOPTLEN]; 79}; 80 81struct xt_osf_nlmsg { 82 struct xt_osf_user_finger f; 83 struct iphdr ip; 84 struct tcphdr tcp; 85}; 86 87/* Defines for IANA option kinds */ 88 89enum iana_options { 90 OSFOPT_EOL = 0, /* End of options */ 91 OSFOPT_NOP, /* NOP */ 92 OSFOPT_MSS, /* Maximum segment size */ 93 OSFOPT_WSO, /* Window scale option */ 94 OSFOPT_SACKP, /* SACK permitted */ 95 OSFOPT_SACK, /* SACK */ 96 OSFOPT_ECHO, 97 OSFOPT_ECHOREPLY, 98 OSFOPT_TS, /* Timestamp option */ 99 OSFOPT_POCP, /* Partial Order Connection Permitted */ 100 OSFOPT_POSP, /* Partial Order Service Profile */ 101 102 /* Others are not used in the current OSF */ 103 OSFOPT_EMPTY = 255, 104}; 105 106/* 107 * Initial window size option state machine: multiple of mss, mtu or 108 * plain numeric value. Can also be made as plain numeric value which 109 * is not a multiple of specified value. 110 */ 111enum xt_osf_window_size_options { 112 OSF_WSS_PLAIN = 0, 113 OSF_WSS_MSS, 114 OSF_WSS_MTU, 115 OSF_WSS_MODULO, 116 OSF_WSS_MAX, 117}; 118 119/* 120 * Add/remove fingerprint from the kernel. 121 */ 122enum xt_osf_msg_types { 123 OSF_MSG_ADD, 124 OSF_MSG_REMOVE, 125 OSF_MSG_MAX, 126}; 127 128enum xt_osf_attr_type { 129 OSF_ATTR_UNSPEC, 130 OSF_ATTR_FINGER, 131 OSF_ATTR_MAX, 132}; 133 134#endif /* _XT_OSF_H */ 135