Libsf offers specific functionality, and as such it is a small library. The following four functions are general framework functions that initialize and destroy a libsf session as well as determine error information.
libsf_t *libsf_init(char type, char *device, char *target, u_short o_port, u_short c_port, u_char flags, char *err_buf);
libsf_init () initializes a libsf session, type is the type of fingerprinting session to initialize, either LIBSF_ACTIVE or LIBSF_PASSIVE. device is the canonical name of the network device to use for network activity. If it is NULL, libsf attempts to determine a suitable device, target is the presentation format IPv4 address of the host to fingerprint; if initializing a passive fingerprinting session, the user might opt not to specify an address and pass in a NULL pointer (in which case all incoming TCP SYN packets are subject to fingerprinting). o_port is the open TCP port to use for some of the active fingerprinting tests (if 0 libsf will probe for one). c_port is the closed TCP port to use for some of the active fingerprinting tests (if 0 libsf will probe for one). If initializing a passive session, the open and closed arguments are ignored. flags is a bitmask of control flags that should be 0 or one or more of the constants in Table 5.1. err_buf is a buffer of size LIBSF_ERRBUF_SIZE bytes used to hold any possible error messages. Upon success, the function returns a valid libsf descriptor for use in subsequent functions; upon failure, the function returns NULL and err_buf contains the reason. Table 5.1 summarizes the flags symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBSF_CTRL_VERBOSE |
Tell libsf to dump internal state messages to the console |
|
|
|
|
LIBSF_CTRL_DEBUG |
Tell libsf to dump debugging messages to the console |
| Note |
You can instantiate multiple libsf sessions concurrently with multiple calls to libsf_init () (each returning a unique descriptor). |
| Note |
You should use LIBSF_CTRL_VERBOSE if the application programmer wants to see what is going on internally with libsf (the status of tests and so on). |
| Note |
You should use LIBSF_CTRL_DEBUG if the application programmer wants to see all available internal debugging messages. |
int libsf_set_timeout(libsf_t *s, int timeout);
libsf_set_timeout () sets the network timeout timeout in seconds for the libsf session that s referenced. For an active fingerprinting session, this variable is the time that libsf is willing to wait for a response from its target host during its testing phase. For a passive fingerprinting session, this period is the time that libsf is willing to wait for a match from any host to correspond with a fingerprint in its database. Upon success, the function returns 1; upon failure, the function returns -1.
void libsf_destroy(libsf_t ∗s);
libsf_destroy () shuts down the libsf session that s references. It frees all memory associated with s and closes the file descriptors.
char *libsf_geterror(libsf_t *s);
libsf_geterror () is libsf's ubiquitous error-retrieving function. It culls the last error message that was posted within the context of the libsf descriptor that s referenced and returns the string. If no error occurred, the function returns NULL.