X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=extensions%2Flibipt_osf.c;h=6747404658928d0356012846e3f4d20616bd0ec1;hb=6afea0b41dfbc3824956d11d960ad80097218feb;hp=205f071e641f6fc65d40ce698c45b846bc587ec8;hpb=f7b70cf9e00324b89b02de213bcd0dde7044d035;p=iptables.git

diff --git a/extensions/libipt_osf.c b/extensions/libipt_osf.c
index 205f071..6747404 100644
--- a/extensions/libipt_osf.c
+++ b/extensions/libipt_osf.c
@@ -35,24 +35,27 @@
 
 static void help(void)
 {
-	printf("OS fingerprint match v%s options:\n"
-		"  --genre [!] string          Match a OS genre bypassive fingerprinting.\n",
-		IPTABLES_VERSION);
+	printf("OS fingerprint match options:\n"
+		"--genre [!] string	Match a OS genre by passive fingerprinting.\n"
+		"--smart		Use some smart extensions to determine OS (do not use TTL).\n"
+		"--log level		Log all(or only first) determined genres even if "
+					"they do not match desired one. "
+					"Level may be 0(all) or 1(only first entry).\n"
+		"--netlink		Log through netlink(NETLINK_NFLOG).\n",
+		"--connector		Log through kernel connector [in 2.6.12-mm+].\n"
+		);
 }
 
 
 static struct option opts[] = {
-	{ .name = "genre",     .has_arg = 1, .flag = 0, .val = '1' },
+	{ .name = "genre",	.has_arg = 1, .flag = 0, .val = '1' },
+	{ .name = "smart",	.has_arg = 0, .flag = 0, .val = '2' },
+	{ .name = "log",	.has_arg = 1, .flag = 0, .val = '3' },
+	{ .name = "netlink",	.has_arg = 0, .flag = 0, .val = '4' },
+	{ .name = "connector",	.has_arg = 0, .flag = 0, .val = '5' },
 	{ .name = 0 }
 };
 
-
-static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-{
-	*nfcache |= NFC_UNKNOWN;
-}
-
-
 static void parse_string(const unsigned char *s, struct ipt_osf_info *info)
 {
 	if (strlen(s) < MAXGENRELEN) 
@@ -71,15 +74,40 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 	
 	switch(c) 
 	{
-		case '1':
-			if (*flags)
-				exit_error(PARAMETER_PROBLEM, "Can't specify multiple strings");
+		case '1': /* --genre */
+			if (*flags & IPT_OSF_GENRE)
+				exit_error(PARAMETER_PROBLEM, "Can't specify multiple genre parameter");
 			check_inverse(optarg, &invert, &optind, 0);
 			parse_string(argv[optind-1], info);
 			if (invert)
 				info->invert = 1;
 			info->len=strlen((char *)info->genre);
-			*flags = 1;
+			*flags |= IPT_OSF_GENRE;
+			break;
+		case '2': /* --smart */
+			if (*flags & IPT_OSF_SMART)
+				exit_error(PARAMETER_PROBLEM, "Can't specify multiple smart parameter");
+			*flags |= IPT_OSF_SMART;
+			info->flags |= IPT_OSF_SMART;
+			break;
+		case '3': /* --log */
+			if (*flags & IPT_OSF_LOG)
+				exit_error(PARAMETER_PROBLEM, "Can't specify multiple log parameter");
+			*flags |= IPT_OSF_LOG;
+			info->loglevel = atoi(argv[optind-1]);
+			info->flags |= IPT_OSF_LOG;
+			break;
+		case '4': /* --netlink */
+			if (*flags & IPT_OSF_NETLINK)
+				exit_error(PARAMETER_PROBLEM, "Can't specify multiple netlink parameter");
+			*flags |= IPT_OSF_NETLINK;
+			info->flags |= IPT_OSF_NETLINK;
+			break;
+		case '5': /* --connector */
+			if (*flags & IPT_OSF_CONNECTOR)
+				exit_error(PARAMETER_PROBLEM, "Can't specify multiple connector parameter");
+			*flags |= IPT_OSF_CONNECTOR;
+			info->flags |= IPT_OSF_CONNECTOR;
 			break;
 		default:
 			return 0;
@@ -115,7 +143,6 @@ static struct iptables_match osf_match = {
     .size          = IPT_ALIGN(sizeof(struct ipt_osf_info)),
     .userspacesize = IPT_ALIGN(sizeof(struct ipt_osf_info)),
     .help          = &help,
-    .init          = &init,
     .parse         = &parse,
     .final_check   = &final_check,
     .print         = &print,