-
Notifications
You must be signed in to change notification settings - Fork 5
/
api.h
79 lines (49 loc) · 2.57 KB
/
api.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/*
p0f - API query code
--------------------
Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx>
Distributed under the terms and conditions of GNU LGPL.
*/
#ifndef _HAVE_API_H
#define _HAVE_API_H
#include "types.h"
#define P0F_QUERY_MAGIC 0x50304601
#define P0F_RESP_MAGIC 0x50304602
#define P0F_STATUS_BADQUERY 0x00
#define P0F_STATUS_OK 0x10
#define P0F_STATUS_NOMATCH 0x20
#define P0F_ADDR_IPV4 0x04
#define P0F_ADDR_IPV6 0x06
#define P0F_STR_MAX 31
#define P0F_MATCH_FUZZY 0x01
#define P0F_MATCH_GENERIC 0x02
/* Keep these structures aligned to avoid architecture-specific padding. */
struct p0f_api_query {
u32 magic; /* Must be P0F_QUERY_MAGIC */
u8 addr_type; /* P0F_ADDR_* */
u8 addr[16]; /* IP address (big endian left align) */
} __attribute__((packed));
struct p0f_api_response {
u32 magic; /* Must be P0F_RESP_MAGIC */
u32 status; /* P0F_STATUS_* */
u32 first_seen; /* First seen (unix time) */
u32 last_seen; /* Last seen (unix time) */
u32 total_conn; /* Total connections seen */
u32 uptime_min; /* Last uptime (minutes) */
u32 up_mod_days; /* Uptime modulo (days) */
u32 last_nat; /* NAT / LB last detected (unix time) */
u32 last_chg; /* OS chg last detected (unix time) */
s16 distance; /* System distance */
u8 bad_sw; /* Host is lying about U-A / Server */
u8 os_match_q; /* Match quality */
u8 os_name[P0F_STR_MAX + 1]; /* Name of detected OS */
u8 os_flavor[P0F_STR_MAX + 1]; /* Flavor of detected OS */
u8 http_name[P0F_STR_MAX + 1]; /* Name of detected HTTP app */
u8 http_flavor[P0F_STR_MAX + 1]; /* Flavor of detected HTTP app */
u8 link_type[P0F_STR_MAX + 1]; /* Link type */
u8 language[P0F_STR_MAX + 1]; /* Language */
} __attribute__((packed));
#ifdef _FROM_P0F
void handle_query(struct p0f_api_query* q, struct p0f_api_response* r);
#endif /* _FROM_API */
#endif /* !_HAVE_API_H */