doc: add osf expression to man page

author Fernando Fernandez Mancera <ffmancera@riseup.net>

Fri, 3 Aug 2018 22:17:50 +0000 (00:17 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Fri, 3 Aug 2018 22:38:54 +0000 (00:38 +0200)
author Fernando Fernandez Mancera <ffmancera@riseup.net>
Fri, 3 Aug 2018 22:17:50 +0000 (00:17 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Fri, 3 Aug 2018 22:38:54 +0000 (00:38 +0200)
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt

index 634930496b540e0d337f62d1e55211c144e8eb60..e7a022a5c6bead5cb4fad3a06aaff1d03bb7c165 100644 (file)
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -173,6 +173,35 @@ table inet x {
  }
  ----------------------
  
+OSF EXPRESSION
+~~~~~~~~~~~~~~
+[verse]
+osf {name}
+
+The osf expression does passive operating system fingerprinting. This
+expression compares some data (Window Size, MSS, options and their order, DF,
+and others) from packets with the SYN bit set.
+
+.Available osf attributes
+[options="header"]
+|==================
+|Name |Description| Type
+|name|
+Name of the OS signature to match. All signatures can be found at pf.os file.|
+Use "unknown" for OS signatures that the expression could not detect.
+|==================
+
+.Using osf expression
+---------------------
+# Accept packets that match the "Linux" OS signature.
+table inet x {
+    chain y {
+       type filter hook input priority 0; policy accept;
+        osf "Linux"
+    }
+}
+-----------------------
+
  FIB EXPRESSIONS
  ~~~~~~~~~~~~~~~
  [verse]
author	Fernando Fernandez Mancera <ffmancera@riseup.net>
	Fri, 3 Aug 2018 22:17:50 +0000 (00:17 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 3 Aug 2018 22:38:54 +0000 (00:38 +0200)