使用网络Kernal扩展监控网络数据包
我正在构建NKE(网络核心扩展),用于过滤和修改数据包。 myipfilter_output_redirect回调给出了mbuf_t指针,并根据研究的知识,它具有与网络调用相关的所有信息。 我想从这个mbuf_t中读取html并将一个css / html注入其中。 我怎么能实现它?
static errno_t myipfilter_output(void* cookie, mbuf_t* data, ipf_pktopts_t options) { if (data) log_ip_packet(data, kMyFiltDirOut); return 0; } static errno_t myipfilter_input(void* cookie, mbuf_t* data, int offset, u_int8_t protocol) { if (data) log_ip_packet(data, kMyFiltDirIn); return 0; } static void myipfilter_detach(void* cookie) { /* cookie isn't dynamically allocated, no need to free in this case */ struct myfilter_stats* stats = (struct myfilter_stats*)cookie; printf("UDP_IN %lu UDP OUT: %lu TCP_IN: %lu TCP_OUT: %lu ICMP_IN: %lu ICMP OUT: %lu OTHER_IN: %lu OTHER_OUT: %lu\n", stats->udp_packets[kMyFiltDirIn], stats->udp_packets[kMyFiltDirOut], stats->tcp_packets[kMyFiltDirIn], stats->tcp_packets[kMyFiltDirOut], stats->icmp_packets[kMyFiltDirIn], stats->icmp_packets[kMyFiltDirOut], stats->other_packets[kMyFiltDirIn], stats->other_packets[kMyFiltDirOut]); g_filter_detached = TRUE; } static struct ipf_filter g_my_ip_filter = { &g_filter_stats, "com.xxx.NetworKext", myipfilter_input, myipfilter_output_redirect, // myipfilter_output, myipfilter_detach }; kern_return_t MyIPFilter_start () { printf("MyIPFilter_start called"); int result; result = ipf_addv4(&g_my_ip_filter, &g_filter_ref); return result; } kern_return_t MyIPFilter_stop () { printf("MyIPFilter_stop called"); ipf_remove(g_filter_ref); return KERN_SUCCESS; } static errno_t myipfilter_output_redirect(void* cookie, mbuf_t* data, ipf_pktopts_t options) { // not printing all html and css tags printf("myipfilter_output_redirect called"); unsigned char* dataString = NULL; for (mbuf_t mb = *data; mb; mb = mbuf_next(mb)) { dataString = mbuf_data(mb); size_t len = mbuf_len(mb); for (size_t i = 0; i < len; i++) { printf("%c", dataString[i]); } } printf("dataString: %s", dataString); } 如果你能帮到这里,我已经制作了一个样品回购。
您应该选择套接字filter,并且为了检索HTML有效负载,您应该使用mbuf_t数据读取mbuf_t。 下面的方法打印开始的每个字节,所以把它放在你的sf_data_in_func回调中。
print_mbuf_data(*数据);
这对你有用。
static void print_mbuf_data(mbuf_t mb){ // unsigned char *tmp_buffer = (unsigned char *) mbuf_datastart(mb); unsigned char *tmp_buffer = (unsigned char *) mbuf_data(mb); unsigned long line = 0, index = 0, character = 0, hex_length = 0x80; // hex_length has limit of 64 decimal unsigned long length = mbuf_len(mb); unsigned char hex_temp [0x80]; // buffer has limit of 64 decimal for (index = 0; index < length; index += 0x80) { memset(hex_temp, 0, hex_length); line = length - index > 0x80 ? 0x80 : length - index; for (character = 0; character < line; character++) { snprintf(((char *) hex_temp + strlen((char *) hex_temp)), hex_length - strlen((char *) hex_temp), "%c", tmp_buffer[index + character]); } printf("%s", hex_temp); } }