stackoom
  简体   繁体   中英

Getting Host field from TCP packet payload

 原文  2016-06-05 18:32:18       c/ linux/ sockets/ tcp/ http-headers

Question

I'm writing a kernel module in C, and trying to get the Host field from a TCP packet's payload, carrying http request headers. I've managed to do something similar with FTP (scan the payload and look for FTP commands), but I can't seem to be able to do the same and find the field.

My module is connected to the POST_ROUTING hook. each packet that goes to that hook, if it has a dst port of 80, is being recognized as an HTTP packet, and so my module starts to parse it.
for some reason, I can't seem to be able to get the HOST line (matter of fact, I only see the server HTTP 200 ok)

are these headers always go on the packets that use port 80? if so, what is the best way to parse those packt's payload? seems like going char by char is a lot of work. is there any better way?

Thanks

EDIT: Got some progress. every packet I get from the server, I can read the payload with no problem. but every packet I send - it's like the payload is empty.

I thought it's a problem of skb pointer, but i'm getting the TCP ports fine. just can't seem to read this damn payload. this is how i parse it: 

unsigned char* user_data = (unsigned char *)((int)tcphd + (int)(tcphd->doff * 4));
unsigned char *it;
for (it = user_data; it != tail; ++it) {
    unsigned char c = *(unsigned char *)it;

    http_command[http_command_index] = c;
    http_command_index++;
}

where tail: 

 tail = skb_tail_pointer(skb);

The pointer doesn't advance at all on the loop. it's like it's empty from the start or something, and I can't figure out why. help, please.

1 answers

solution1
 0  2016-06-06 09:55:59

I've managed to solve this.

using this , I've figured out how to parse all of the packet's payload. I hope this code explains it 

int http_command_offset = iphd->ihl*4 + tcphd->doff*4; 
int http_command_length = skb->len - http_command_offset;
http_command =  kmalloc(http_command_length + 1, GFP_ATOMIC);
skb_copy_bits(skb, http_command_offset , (void*)http_command, http_command_length);

skb_cop_bits, just copies the payload entirely into the buffer i've created. parsing it now is pretty simple.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Calculating payload in a tcp packet structure How to parse TCP packet payload Reading tpacket3_hdr from Packet MMAP and getting payload body Receive packet by packet data from TCP socket? Extract UDP packet payload from a ethernet frame Getting HTTP header from packet after TCP, IP and Ethernet headers removed get HTTP HOST web address from packet how to modify packet header(IP header, TCP Header) before the host send them into the network Packet analysing in wireshark - How to distinguish HTTP protocol from TCP Getting interface name from packet with af_packet
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM