Re: custom netfilter module
From: Kasper Dupont (kasperd_at_daimi.au.dk)
Date: 09/04/03
- Next message: madmax: "linux-2.5.75 modules problem"
- Previous message: Paul Spink: "custom netfilter module"
- In reply to: Paul Spink: "custom netfilter module"
- Next in thread: Paul Spink: "Re: custom netfilter module"
- Reply: Paul Spink: "Re: custom netfilter module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 04 Sep 2003 15:57:23 +0200
Paul Spink wrote:
>
> Hi there,
>
> I am trying to create a module that will examine all HTTP GET requests. My
> problem is whenever I insert my module, it only ever sees the first TCP
> packet of the connection (for the same <source IP:port> / <destination
> IP:port> combination), I never get to see the HTTP GET requests or
> subsequent TCP packets.
>
> The hook is registered on the NF_IP_POST_ROUTING hook. I set skb->nfcache |=
> NFC_UNKNOWN in my hook before returning NF_QUEUE. The queue handler prints
> out the source and destination IPs and ports into the system log, then calls
> nf_reinject with NF_ACCEPT to accept the packets.
>
> Any advice you can give me as to what I am doing wrong? And how I can log
> all the HTTP requests?
AFAIK routing is only done for the first packet of each connection,
afterwards the list of established connections is used for the rest
of the packets. I think you need to put it in the filter table, and
make sure not to put it after a rule that accepts all established
packets.
-- Kasper Dupont -- der bruger for meget tid paa usenet. For sending spam use mailto:aaarep@daimi.au.dk Their business was zero and it was shrinking.
- Next message: madmax: "linux-2.5.75 modules problem"
- Previous message: Paul Spink: "custom netfilter module"
- In reply to: Paul Spink: "custom netfilter module"
- Next in thread: Paul Spink: "Re: custom netfilter module"
- Reply: Paul Spink: "Re: custom netfilter module"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
