1 /*
2 
3    p0f - configuration
4    -------------------
5 
6    The defaults are rather sane. Be careful when changing them.
7 
8    Copyright (C) 2003 by Michal Zalewski <lcamtuf@coredump.cx>
9 
10 */
11 
12 #ifndef _HAVE_CONFIG_H
13 #define _HAVE_CONFIG_H
14 
15 #define VER		"2.0.3"
16 
17 /* Paths and names to config files */
18 
19 #define CONFIG_DIR	PREFIX "/share/" TARGETNAME
20 
21 #define SYN_DB		"p0f.fp"
22 #define SYNACK_DB	"p0fa.fp"
23 #define RST_DB		"p0fr.fp"
24 
25 /* Maximum number of signatures allowed in the config file */
26 
27 #define MAXSIGS         1024
28 
29 /* Max signature line length */
30 
31 #define MAXLINE         1024
32 
33 /* Maximum distance from a host to be taken seriously. Between 35 and 64
34    is sane. Making it too high might result in some (very rare) false
35    positives, too low will result in needless UNKNOWNs. */
36 
37 #define MAXDIST         40
38 
39 /* Maximum number of TCP packet options. Some systems really like to
40    put lots of NOPs there. */
41 
42 #define MAXOPT   	16
43 
44 /* Max. reasonable DNS name length */
45 
46 #define MY_MAXDNS	32
47 
48 /* Query cache for -S option. This is only the default. Keep it sane -
49    increase this if your system gets lots of traffic and you get RESP_NOMATCH
50    too often. */
51 
52 #define DEFAULT_QUERY_CACHE	128
53 
54 /* Maximum timestamp difference (hours) between two masquerade
55    signatures to be considered sane; should be reasonably high, as some
56    systems might be running at higher timestamp change frequencies
57    than usual. */
58 
59 #define MAX_TIMEDIF	600
60 
61 /* Packet dump - bytes per line; this is a sane setting. */
62 
63 #define PKT_DLEN	16
64 
65 /* Display no more than PKT_MAXPAY bytes of payload in -X mode. */
66 
67 #define PKT_MAXPAY	45
68 
69 /* Size limit for size wildcards - see p0fr.fp for more information. */
70 
71 #define PACKET_BIG      100
72 
73 /* Packet snap length. This is passed to libpcap, and should be never
74    below 100 or such. Keep it reasonably low for performance reasons. */
75 
76 #define PACKET_SNAPLEN	200
77 
78 /* Query timeout on -Q socket. You must send data QUERY_TIMEOUT seconds
79    after establishing a connection. Set this to zero to disable timeouts
80    (not really recommended). */
81 
82 #define QUERY_TIMEOUT	2
83 
84 /* Uncomment this to give extra points for distance difference in
85    masquerade detection. This is not recommended for Internet traffic,
86    but a very good idea for looking at your local network. */
87 
88 // #define DIST_EXTRASCORE
89 
90 /* Uncomment this to display additional information as discussed in
91    p0f.fp. This functionality is a hack and will disregard options such
92    as greppable output or no details mode, so do not leave it on unless,
93    well, debugging. */
94 
95 // #define DEBUG_EXTRAS
96 
97 /* If you encounter any problems with false positives because of
98    a system with random or incremental IP ID picking a zero value once
99    in a while (probability under 0.002%, but always), uncomment this to
100    disregard the 'Z' check in quirks section. */
101 
102 // #define IGNORE_ZEROID
103 
104 #endif /* ! _HAVE_CONFIG_H */
105