mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-10-30 20:12:53 +00:00
80 lines
2.6 KiB
C
80 lines
2.6 KiB
C
|
/*
|
||
|
|
p0f - API query code
|
||
|
|
--------------------
|
||
|
|
|
||
|
|
Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>
|
||
|
|
|
||
|
|
Distributed under the terms and conditions of GNU LGPL.
|
||
|
|
|
||
|
|
*/
|
||
|
|
|
||
|
|
#ifndef _HAVE_API_H
|
||
|
|
#define _HAVE_API_H
|
||
|
|
|
||
|
|
#include "types.h"
|
||
|
|
|
||
|
|
#define P0F_QUERY_MAGIC 0x50304601
|
||
|
|
#define P0F_RESP_MAGIC 0x50304602
|
||
|
|
|
||
|
|
#define P0F_STATUS_BADQUERY 0x00
|
||
|
|
#define P0F_STATUS_OK 0x10
|
||
|
|
#define P0F_STATUS_NOMATCH 0x20
|
||
|
|
|
||
|
|
#define P0F_ADDR_IPV4 0x04
|
||
|
|
#define P0F_ADDR_IPV6 0x06
|
||
|
|
|
||
|
|
#define P0F_STR_MAX 31
|
||
|
|
|
||
|
|
#define P0F_MATCH_FUZZY 0x01
|
||
|
|
#define P0F_MATCH_GENERIC 0x02
|
||
|
|
|
||
|
|
/* Keep these structures aligned to avoid architecture-specific padding. */
|
||
|
|
|
||
|
|
struct p0f_api_query {
|
||
|
|
|
||
|
|
u32 magic; /* Must be P0F_QUERY_MAGIC */
|
||
|
|
u8 addr_type; /* P0F_ADDR_* */
|
||
|
|
u8 addr[16]; /* IP address (big endian left align) */
|
||
|
|
|
||
|
|
} __attribute__((packed));
|
||
|
|
|
||
|
|
struct p0f_api_response {
|
||
|
|
|
||
|
|
u32 magic; /* Must be P0F_RESP_MAGIC */
|
||
|
|
u32 status; /* P0F_STATUS_* */
|
||
|
|
|
||
|
|
u32 first_seen; /* First seen (unix time) */
|
||
|
|
u32 last_seen; /* Last seen (unix time) */
|
||
|
|
u32 total_conn; /* Total connections seen */
|
||
|
|
|
||
|
|
u32 uptime_min; /* Last uptime (minutes) */
|
||
|
|
u32 up_mod_days; /* Uptime modulo (days) */
|
||
|
|
|
||
|
|
u32 last_nat; /* NAT / LB last detected (unix time) */
|
||
|
|
u32 last_chg; /* OS chg last detected (unix time) */
|
||
|
|
|
||
|
|
s16 distance; /* System distance */
|
||
|
|
|
||
|
|
u8 bad_sw; /* Host is lying about U-A / Server */
|
||
|
|
u8 os_match_q; /* Match quality */
|
||
|
|
|
||
|
|
u8 os_name[P0F_STR_MAX + 1]; /* Name of detected OS */
|
||
|
|
u8 os_flavor[P0F_STR_MAX + 1]; /* Flavor of detected OS */
|
||
|
|
|
||
|
|
u8 http_name[P0F_STR_MAX + 1]; /* Name of detected HTTP app */
|
||
|
|
u8 http_flavor[P0F_STR_MAX + 1]; /* Flavor of detected HTTP app */
|
||
|
|
|
||
|
|
u8 link_type[P0F_STR_MAX + 1]; /* Link type */
|
||
|
|
|
||
|
|
u8 language[P0F_STR_MAX + 1]; /* Language */
|
||
|
|
|
||
|
|
} __attribute__((packed));
|
||
|
|
|
||
|
|
#ifdef _FROM_P0F
|
||
|
|
|
||
|
|
void handle_query(struct p0f_api_query* q, struct p0f_api_response* r);
|
||
|
|
|
||
|
|
#endif /* _FROM_API */
|
||
|
|
|
||
|
|
#endif /* !_HAVE_API_H */
|