Passive OS fingerprint module included into netfilter tree
OSF allows to passively detect remote OS and perform various netfilter actions based on that knowledge. This module compares some data (WS, MSS, options and it’s order, ttl, df and others) from packets with SYN bit set with dynamically loaded OS fingerprints.
OSF was my first big kernel project, it is more than 6 years old already. During this time it was seriously improved by moving to RCU, extending configuration and parsing, and of course by fixing fair number of bugs.
It is not possible to print packet info into dmesg anymore, but instead it is possible to push packet into userspace and process it there via netfilter netlink log facilities. You will need to download the latest OSF release to get fingerprint loading application. Eventually I will extend it with some application to log packets in userspace, in a meantime one can use existing loggers.