- 论坛徽章:
- 0
|
思路是当收取HTTP GET包时, 构造一个HTTP Redirect response包, 重定向过去.
HTTP GET ( PSH/ACK ) ->
<- HTTP Redirect (PSH/ACK)
不过在过程中发现构造的response客户端始终都无法正确识别, 不知道是TCP 哪个部分出了问题! 恳请各位大牛帮忙看一看!万分感谢!
构造TCP sk_buff代码:- struct sk_buff* tcp_newpack( u32 saddr, u32 daddr,
- u16 sport, u16 dport,
- u32 seq, u32 ack_seq,
- const struct tcp_out_options *opts,
- u8 *msg, int len )
- {
- struct sk_buff *skb = NULL;
- int total_len, eth_len, ip_len, header_len;
- int tcp_opt_len, tcp_len;
- struct tcphdr *th;
- struct iphdr *iph;
- __wsum tcp_hdr_csum;
- __be32 *ptr = NULL;
-
- tcp_opt_len = 0;
- if ( likely(OPTION_TS & opts->options) ){
- tcp_opt_len = TCPOLEN_TSTAMP_ALIGNED;
- }
- // 设置各个协议数据长度
- tcp_len = len + sizeof( *th ) + tcp_opt_len;
- ip_len = tcp_len + sizeof( *iph );
-
- eth_len = ip_len + ETH_HLEN;
- //
- total_len = eth_len + NET_IP_ALIGN;
- total_len += LL_MAX_HEADER;
-
- header_len = total_len - len;
- // 分配skb
- skb = alloc_skb( total_len, GFP_ATOMIC );
- if ( !skb ) {
- dbg_err( "alloc_skb length %d failed.\n", total_len );
- return NULL;
- }
- // 预先保留skb的协议首部长度大小
- skb_reserve( skb, header_len );
- // 拷贝负载数据
- skb_copy_to_linear_data( skb, msg, len );
- skb->len += len;
-
- if ( tcp_opt_len ){
- ptr = (__be32 *)skb_push( skb, tcp_opt_len );
- *ptr++ = htonl((TCPOPT_NOP << 24) |
- (TCPOPT_NOP << 16) |
- (TCPOPT_TIMESTAMP << 8) |
- TCPOLEN_TIMESTAMP);
- *ptr++ = htonl(opts->tsval);
- *ptr++ = htonl(opts->tsecr);
- }
- // skb->data 移动到udp首部
- skb_push( skb, sizeof( *th ) );
- skb_reset_transport_header( skb );
- th = tcp_hdr( skb );
-
- if ( tcp_opt_len ) {
- th->doff = (tcp_opt_len + sizeof(*th)) >> 2;
- }
- else {
- th->doff = 5;
- }
- th->source = sport;
- th->dest = dport;
- th->seq = seq;
- th->ack_seq = ack_seq;
-
- th->urg_ptr = 0;
-
- th->psh = 0x1;
- th->ack = 0x1;
-
- th->window = htons( 63857 );
-
- th->check = 0;
- #if 0
- tcp_hdr_csum = csum_partial( th, tcp_len - TCP_HDR_LEN(th), 0 );
- th->check = csum_tcpudp_magic( saddr,
- daddr,
- tcp_len, IPPROTO_TCP,
- tcp_hdr_csum );
- #else
- th->check = tcp_v4_check(tcp_len,
- saddr, daddr,
- csum_partial(th,
- tcp_len, 0));
- #endif
- if ( th->check == 0 )
- th->check = CSUM_MANGLED_0;
- skb_iphdr_init( skb, IPPROTO_TCP, saddr, daddr, ip_len );
- return skb;
- }
- int skb_iphdr_init( struct sk_buff *skb, u8 protocol,
- u32 saddr, u32 daddr, int ip_len )
- {
- struct iphdr *iph = NULL;
-
- // skb->data 移动到ip首部
- skb_push( skb, sizeof( *iph ) );
- skb_reset_network_header( skb );
- iph = ip_hdr( skb );
- /* iph->version = 4; iph->ihl = 5; */
- #if 0
- put_unaligned( 0x45, ( unsigned char * )iph );
- iph->tos = 0;
- put_unaligned( htons( ip_len ), &( iph->tot_len ) );
- iph->id = 0;
- iph->frag_off = htons(IP_DF);
- iph->ttl = 64;
- iph->protocol = IPPROTO_UDP;
- iph->check = 0;
- put_unaligned( saddr, &( iph->saddr ) );
- put_unaligned( daddr, &( iph->daddr ) );
- iph->check = ip_fast_csum( ( unsigned char * )iph, iph->ihl );
- #else
- iph->version = 4;
- iph->ihl = 5;
- iph->tos = 0;
- iph->tot_len = htons( ip_len );
- iph->id = 0;
- iph->frag_off = htons(IP_DF);
- iph->ttl = 64;
- iph->protocol = protocol;
- iph->check = 0;
- iph->saddr = saddr;
- iph->daddr = daddr;
- iph->check = ip_fast_csum( ( unsigned char * )iph, iph->ihl );
- #endif
- return 0;
- }
这个是wrieshark pcap的抓包
http redirect 3.rar
(861 Bytes, 下载次数: 62)
|
|
免费注册
发表于 2010-04-23 23:26
发表于 2010-04-24 10:20
