1 /* 2 3 p0f - configuration 4 ------------------- 5 6 The defaults are rather sane. Be careful when changing them. 7 8 Copyright (C) 2003 by Michal Zalewski <lcamtuf@coredump.cx> 9 10 */ 11 12 #ifndef _HAVE_CONFIG_H 13 #define _HAVE_CONFIG_H 14 15 #define VER "2.0.3" 16 17 /* Paths and names to config files */ 18 19 #define CONFIG_DIR PREFIX "/share/" TARGETNAME 20 21 #define SYN_DB "p0f.fp" 22 #define SYNACK_DB "p0fa.fp" 23 #define RST_DB "p0fr.fp" 24 25 /* Maximum number of signatures allowed in the config file */ 26 27 #define MAXSIGS 1024 28 29 /* Max signature line length */ 30 31 #define MAXLINE 1024 32 33 /* Maximum distance from a host to be taken seriously. Between 35 and 64 34 is sane. Making it too high might result in some (very rare) false 35 positives, too low will result in needless UNKNOWNs. */ 36 37 #define MAXDIST 40 38 39 /* Maximum number of TCP packet options. Some systems really like to 40 put lots of NOPs there. */ 41 42 #define MAXOPT 16 43 44 /* Max. reasonable DNS name length */ 45 46 #define MY_MAXDNS 32 47 48 /* Query cache for -S option. This is only the default. Keep it sane - 49 increase this if your system gets lots of traffic and you get RESP_NOMATCH 50 too often. */ 51 52 #define DEFAULT_QUERY_CACHE 128 53 54 /* Maximum timestamp difference (hours) between two masquerade 55 signatures to be considered sane; should be reasonably high, as some 56 systems might be running at higher timestamp change frequencies 57 than usual. */ 58 59 #define MAX_TIMEDIF 600 60 61 /* Packet dump - bytes per line; this is a sane setting. */ 62 63 #define PKT_DLEN 16 64 65 /* Display no more than PKT_MAXPAY bytes of payload in -X mode. */ 66 67 #define PKT_MAXPAY 45 68 69 /* Size limit for size wildcards - see p0fr.fp for more information. */ 70 71 #define PACKET_BIG 100 72 73 /* Packet snap length. This is passed to libpcap, and should be never 74 below 100 or such. Keep it reasonably low for performance reasons. */ 75 76 #define PACKET_SNAPLEN 200 77 78 /* Query timeout on -Q socket. You must send data QUERY_TIMEOUT seconds 79 after establishing a connection. Set this to zero to disable timeouts 80 (not really recommended). */ 81 82 #define QUERY_TIMEOUT 2 83 84 /* Uncomment this to give extra points for distance difference in 85 masquerade detection. This is not recommended for Internet traffic, 86 but a very good idea for looking at your local network. */ 87 88 // #define DIST_EXTRASCORE 89 90 /* Uncomment this to display additional information as discussed in 91 p0f.fp. This functionality is a hack and will disregard options such 92 as greppable output or no details mode, so do not leave it on unless, 93 well, debugging. */ 94 95 // #define DEBUG_EXTRAS 96 97 /* If you encounter any problems with false positives because of 98 a system with random or incremental IP ID picking a zero value once 99 in a while (probability under 0.002%, but always), uncomment this to 100 disregard the 'Z' check in quirks section. */ 101 102 // #define IGNORE_ZEROID 103 104 #endif /* ! _HAVE_CONFIG_H */ 105