1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
#ifndef __OSFP_COMMON_H__
#define __OSFP_COMMON_H__
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <malloc.h>
#include <stdarg.h>
#include <time.h>
#include <sys/fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "utarray.h"
#include "uthash.h"
#include "utlist.h"
#include "utringbuffer.h"
#include "utstack.h"
#include "utstring.h"
#include "cJSON.h"
#include "osfp.h"
static inline unsigned long long osfp_rdtsc(void)
{
union {
unsigned long long tsc_64;
struct {
unsigned int lo_32;
unsigned int hi_32;
};
} tsc;
asm volatile("rdtsc" :
"=a" (tsc.lo_32),
"=d" (tsc.hi_32));
return tsc.tsc_64;
}
extern unsigned int osfp_profile_enable;
#define osfp_profile_cycle(x) volatile unsigned long long x = 0
#define osfp_profile_get_cycle(x) do { \
if (__builtin_expect(!!(osfp_profile_enable), 0)) { \
x = osfp_rdtsc(); \
} else { \
x = 0; \
} \
} while(0)
struct osfp_profile_counter {
unsigned long long count;
unsigned long long curr_cycle;
unsigned long long max_cycle;
unsigned long long min_cycle;
unsigned long long total_cycle;
};
extern struct osfp_profile_counter osfp_profile_fingerprinting;
extern struct osfp_profile_counter osfp_profile_prefilter;
extern struct osfp_profile_counter osfp_profile_score;
extern struct osfp_profile_counter osfp_profile_result_build;
extern struct osfp_profile_counter osfp_profile_result_export;
void osfp_profile_counter_update(struct osfp_profile_counter *profile, unsigned long long curr_cycle);
void osfp_profile_print_stats(void);
void osfp_profile_set(unsigned int enabled);
#define OSFP_BIT_U32(n) (1UL << (n))
#define OSFP_PERCENTILE 100
#define OSFP_ETHERNET_HEADER_LEN 14
#define OSFP_VLAN_HEADER_LEN 4
#define OSFP_IPV4_HEADER_LEN 20
#define OSFP_IPV6_HEADER_LEN 40
#define OSFP_TCP_HEADER_LEN 20
#define OSFP_TCP_DATA_OFF_MAX 60
#define OSFP_TCP_OPTLENMAX 64
#define OSFP_TCP_OPTMAX 20
//# TCP Options (opt_type) - http://www.iana.org/assignments/tcp-parameters
#define OSFP_TCP_OPT_EOL 0 //# end of option list
#define OSFP_TCP_OPT_NOP 1 //# no operation
#define OSFP_TCP_OPT_MSS 2 //# maximum segment size
#define OSFP_TCP_OPT_WSCALE 3 //# window scale factor, RFC 1072
#define OSFP_TCP_OPT_SACKOK 4 //# SACK permitted, RFC 2018
#define OSFP_TCP_OPT_SACK 5 //# SACK, RFC 2018
#define OSFP_TCP_OPT_ECHO 6 //# echo (obsolete), RFC 1072
#define OSFP_TCP_OPT_ECHOREPLY 7 //# echo reply (obsolete), RFC 1072
#define OSFP_TCP_OPT_TIMESTAMP 8 //# timestamps, RFC 1323
#define OSFP_TCP_OPT_POCONN 9 //# partial order conn, RFC 1693
#define OSFP_TCP_OPT_POSVC 10 //# partial order service, RFC 1693
#define OSFP_TCP_OPT_CC 11 //# connection count, RFC 1644
#define OSFP_TCP_OPT_CCNEW 12 //# CC.NEW, RFC 1644
#define OSFP_TCP_OPT_CCECHO 13 //# CC.ECHO, RFC 1644
#define OSFP_TCP_OPT_ALTSUM 14 //# alt checksum request, RFC 1146
#define OSFP_TCP_OPT_ALTSUMDATA 15 //# alt checksum data, RFC 1146
#define OSFP_TCP_OPT_SKEETER 16 //# Skeeter
#define OSFP_TCP_OPT_BUBBA 17 //# Bubba
#define OSFP_TCP_OPT_TRAILSUM 18 //# trailer checksum
#define OSFP_TCP_OPT_MD5 19 //# MD5 signature, RFC 2385
#define OSFP_TCP_OPT_SCPS 20 //# SCPS capabilities
#define OSFP_TCP_OPT_SNACK 21 //# selective negative acks
#define OSFP_TCP_OPT_REC 22 //# record boundaries
#define OSFP_TCP_OPT_CORRUPT 23 //# corruption experienced
#define OSFP_TCP_OPT_SNAP 24 //# SNAP
#define OSFP_TCP_OPT_TCPCOMP 26 //# TCP compression filter
#define OSFP_TCP_OPT_MAX 27 //# Quick-Start Response
#define OSFP_TCP_OPT_USRTO 28 //# User Timeout Option (also, other known unauthorized use) [***][1] [RFC5482]
#define OSFP_TCP_OPT_AUTH 29 //# TCP Authentication Option (TCP-AO) [RFC5925]
#define OSFP_TCP_OPT_MULTIPATH 30 //# Multipath TCP (MPTCP)
#define OSFP_TCP_OPT_FASTOPEN 34 //# TCP Fast Open Cookie [RFC7413]
#define OSFP_TCP_OPY_ENCNEG 69 //# Encryption Negotiation (TCP-ENO) [RFC8547]
#define OSFP_TCP_OPT_EXP1 253 //# RFC3692-style Experiment 1 (also improperly used for shipping products)
#define OSFP_TCP_OPT_EXP2 254 //# RFC3692-style Experiment 2 (also improperly used for shipping products)
#define OSFP_TCP_OPT_SACKOK_LEN 2
#define OSFP_TCP_OPT_WS_LEN 3
#define OSFP_TCP_OPT_TS_LEN 10
#define OSFP_TCP_OPT_MSS_LEN 4
#define OSFP_TCP_OPT_SACK_MIN_LEN 10 /* hdr 2, 1 pair 8 = 10 */
#define OSFP_TCP_OPT_SACK_MAX_LEN 34 /* hdr 2, 4 pair 32= 34 */
#define OSFP_TCP_OPT_TFO_MIN_LEN 4 /* kind, len, 2 bytes cookie: 4 */
#define OSFP_TCP_OPT_TFO_MAX_LEN 18 /* kind, len, 18 */
/**
* @brief 定义操作系统类别的名称常量。
*/
#define OSFP_OS_CLASS_NAME_UNKNOWN "Unknown"
#define OSFP_OS_CLASS_NAME_WINDOWS "Windows"
#define OSFP_OS_CLASS_NAME_LINUX "Linux"
#define OSFP_OS_CLASS_NAME_MAC_OS "Mac OS"
#define OSFP_OS_CLASS_NAME_IOS "iOS"
#define OSFP_OS_CLASS_NAME_ANDROID "Android"
#define OSFP_OS_CLASS_NAME_OTHERS "Others"
/**
* @brief 枚举表示不同的操作系统类别。
*/
enum osfp_os_class_id {
OSFP_OS_CLASS_UNKNOWN, // 未知
OSFP_OS_CLASS_WINDOWS, // Windows
OSFP_OS_CLASS_LINUX, // Linux
OSFP_OS_CLASS_MAC_OS, // Mac OS
OSFP_OS_CLASS_IOS, // iOS
OSFP_OS_CLASS_ANDROID, // Android
OSFP_OS_CLASS_OTHERS, // 其他
OSFP_OS_CLASS_MAX,
};
#define OSFP_OS_CLASS_FLAG_WINDOWS OSFP_BIT_U32(OSFP_OS_CLASS_WINDOWS)
#define OSFP_OS_CLASS_FLAG_LINUX OSFP_BIT_U32(OSFP_OS_CLASS_LINUX)
#define OSFP_OS_CLASS_FLAG_MAC_OS OSFP_BIT_U32(OSFP_OS_CLASS_MAC_OS)
#define OSFP_OS_CLASS_FLAG_IOS OSFP_BIT_U32(OSFP_OS_CLASS_IOS)
#define OSFP_OS_CLASS_FLAG_ANDROID OSFP_BIT_U32(OSFP_OS_CLASS_ANDROID)
enum osfp_error_code {
OSFP_NOERR,
OSFP_EINVAL,
OSFP_ENOMEM,
OSFP_ERR_SCORE_DB_READ_FILE,
OSFP_ERR_SCORE_DB_PARSE_FILE,
OSFP_ERR_SCORE_DB_UNSUPPORTED,
OSFP_ERR_FINGERPRINTING_UNSUPPORTED,
};
/**
* @brief 结构体用于 osfp_result 中的详细结果。
*/
struct osfp_result_detail {
unsigned int score; // 得分
unsigned int possibility; // 可能性
};
/**
* @brief 结构体用于表示操作系统识别结果。
*/
struct osfp_result {
char *json_str; // JSON 字符串
enum osfp_os_class_id likely_os_class; // 最可能的操作系统类别
struct osfp_result_detail details[OSFP_OS_CLASS_MAX]; // 详细结果数组
};
/**
* @brief 结构体用于表示操作系统指纹库。
*/
struct osfp_db {
char *db_json_path; // 操作系统指纹库 JSON 文件路径
void *score_db; // 分数数据库指针
};
enum osfp_os_class_id osfp_os_class_name_to_id(char *name);
const char *osfp_os_class_id_to_name(enum osfp_os_class_id os_class);
#endif
|
