| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Jul 2008 16:26:06 +0200 (CEST) From: Jan Engelhardt <jengelh@...ozas.de> To: Evgeniy Polyakov <johnpol@....mipt.ru> cc: Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: Passive OS fingerprinting. On Tuesday 2008-07-01 15:08, Evgeniy Polyakov wrote: >> > >> >I'm not sure it is that simple. OSF uses common rules database >> >shared with OpenBSD (and other *BSDs as well), so converting it into u32 >> >match would require noticeble efforts. But in theory it is probably >> >doable. >> >> This would be preferrable in my opinion since they both allow >> programmable filters, but u32 appears to be more flexible. I'm >> very reluctant to add new iptables modules that don't increase >> expressiveness or provide other clear benefits since we already >> have an insane amount of modules. An iptables extension which you can use with -m osf --genre Linux but which internally uses xt_u32.ko would be the perfect solution ATM IMO. It would require a number of changes to the iptables API though... -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists