从TCP数据包有效负载获取主机字段
[英]Getting Host field from TCP packet payload
问题描述
I'm writing a kernel module in C, and trying to get the Host field from a TCP packet's payload, carrying http request headers. 
我正在用C编写一个内核模块,并尝试从带有HTTP请求标头的TCP数据包的有效负载中获取Host字段。 I've managed to do something similar with FTP (scan the payload and look for FTP commands), but I can't seem to be able to do the same and find the field. 我已经设法与FTP进行了类似的操作(扫描有效负载并查找FTP命令),但是我似乎无法做到这一点并找到该字段。
My module is connected to the POST_ROUTING hook. 我的模块已连接到POST_ROUTING挂钩。 each packet that goes to that hook, if it has a dst port of 80, is being recognized as an HTTP packet, and so my module starts to parse it. 如果到达该钩子的每个数据包的dst端口为80,则将其识别为HTTP数据包,因此我的模块开始对其进行解析。
for some reason, I can't seem to be able to get the HOST line (matter of fact, I only see the server HTTP 200 ok) 由于某些原因,我似乎无法获得HOST行(实际上,我只看到服务器HTTP 200正常)
are these headers always go on the packets that use port 80? 这些标头是否总是放在使用端口80的数据包上? if so, what is the best way to parse those packt's payload? 如果是这样,解析这些packt的有效载荷的最佳方法是什么? seems like going char by char is a lot of work. 似乎逐字符进行很多工作。 is there any better way? 有什么更好的办法吗?
Thanks 谢谢
EDIT: Got some progress. 编辑:取得了一些进展。 every packet I get from the server, I can read the payload with no problem. 从服务器收到的每个数据包,我都可以毫无问题地读取有效负载。 but every packet I send - it's like the payload is empty. 但是我发送的每个数据包-就像有效负载是空的。
I thought it's a problem of skb pointer, but i'm getting the TCP ports fine. 我认为这是skb指针的问题,但我的TCP端口很好。 just can't seem to read this damn payload. 只是似乎无法读取该死的有效载荷。 this is how i parse it: 这就是我解析它的方式:
unsigned char* user_data = (unsigned char *)((int)tcphd + (int)(tcphd->doff * 4));
unsigned char *it;
for (it = user_data; it != tail; ++it) {
unsigned char c = *(unsigned char *)it;
http_command[http_command_index] = c;
http_command_index++;
}
where tail: 尾巴在哪里:
tail = skb_tail_pointer(skb);
The pointer doesn't advance at all on the loop. 指针在循环上根本不前进。 it's like it's empty from the start or something, and I can't figure out why. 就像一开始是空的,还是什么,我不知道为什么。 help, please. 请帮助。
1 个解决方案
解决方案1
0 2016-06-06 09:55:59
I've managed to solve this. 我设法解决了这个问题。
using this , I've figured out how to parse all of the packet's payload. 使用此方法 ,我已经弄清楚了如何解析所有数据包的有效负载。 I hope this code explains it 我希望这段代码能解释它
int http_command_offset = iphd->ihl*4 + tcphd->doff*4;
int http_command_length = skb->len - http_command_offset;
http_command = kmalloc(http_command_length + 1, GFP_ATOMIC);
skb_copy_bits(skb, http_command_offset , (void*)http_command, http_command_length);
skb_cop_bits, just copies the payload entirely into the buffer i've created. skb_cop_bits,只需将有效负载完全复制到我创建的缓冲区中即可。 parsing it now is pretty simple. 现在解析它非常简单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.