Passive OS fingerprinting netfilter module allows to passively detect remote OS and perform various netfilter actions based on that knowledge. This module compares some data (WS, MSS, options and it's order, ttl, df and others) from packets with SYN bit set with dynamically loaded OS fingerprints.

This is a rather minor release, where I completed ipt->xt name switch in the libary code.
In some environment it could cause a compilation errors (like old libipt_osf.c library and new xt_osf.h header), now everything lives in 'xt' namespace.

As usual, code is available in archive.

OSF was pushed upstream multiple times and all requested features were implemented (like switch from kernel connector to nfnetlink, codying style cleanups and the like), but patch is stuck in mail list without moving neither into iptables nor into vanilla tree though. Ping does not return reply so far. Let's see how this will end up.

EDITED TO ADD: Rebased OSF patch against current vanilla tree and resent to netdev@ and netfilter-devel@ lists.