我正在尝试编写一个内核模块,该模块会将所有HTTP数据包数据转储到dmesg。 我在POST ROUTING中注册了一个nf_hook(也尝试了挂钩OUTPUT表),并打印所有运动为80的数据包(HTTP响应)
我阅读了以下帖子-Print TCP Packet Data
真的很有效!但我有一个问题,内核模块仅打印响应的第一行-HTTP/1.0 200 OK,而不打印所有HTTP标头和HTML。
这是我的钩子函数-
struct iphdr *iph; /* IPv4 header */
struct tcphdr *tcph; /* TCP header */
u16 sport,dport; /* Source and destination ports */
u32 saddr,daddr; /* Source and destination addresses */
unsigned char *user_data; /* TCP data begin pointer */
unsigned char *tail; /* TCP data end pointer */
unsigned char *it; /* TCP data iterator */
/* Network packet is empty,seems like some problem occurred. Skip it */
if (!skb)
return NF_accEPT;
iph = ip_hdr(skb); /* get IP header */
/* Skip if it's not TCP packet */
if (iph->protocol != IPPROTO_TCP)
return NF_accEPT;
tcph = tcp_hdr(skb); /* get TCP header */
/* Convert network endianness to host endiannes */
saddr = ntohl(iph->saddr);
daddr = ntohl(iph->daddr);
sport = ntohs(tcph->source);
dport = ntohs(tcph->dest);
/* Watch only port of interest */
if (sport != PTCP_WATCH_PORT)
return NF_accEPT;
/* Calculate pointers for begin and end of TCP packet data */
user_data = (unsigned char *)((unsigned char *)tcph + (tcph->doff * 4));
tail = skb_tail_pointer(skb);
/* ----- Print all needed information from received TCP packet ------ */
/* Show only HTTP packets */
if (user_data[0] != 'H' || user_data[1] != 'T' || user_data[2] != 'T' ||
user_data[3] != 'P') {
return NF_accEPT;
}
/* Print packet route */
pr_debug("print_tcp: %pI4h:%d -> %pI4h:%d\n",&saddr,sport,&daddr,dport);
/* Print TCP packet data (payload) */
pr_debug("print_tcp: data:\n");
for (it = user_data; it != tail; ++it) {
char c = *(char *)it;
if (c == '\0')
break;
printk("%c",c);
}
printk("\n\n");
return NF_accEPT;
我想打印整个数据包,而不仅仅是第一行。 为什么只打印第一行?我的猜测是有一些路由缓存(例如使用IPTABLES时),有没有办法禁用缓存?