I am trying to implement a pfil so which taps into any outgoing http packet . I have registered the outgoing hook to IP
layer . In the out hook I am able to extract data (source & destination ip addr & port nos. using mtod from IP & TCP
headers present in mbuf . I am able to intercept all the phrelay/qconn packets being exchanged . But I am not able to
intercept any http packet when I invoke the browser and open any webpage . I dont get any trace in sloginfo with
destination port as 80 which http uses .
Please provide any pointers as to whats required to intercept a http request packet in pfil .
Below is a code snippet for reference :
struct pfil_head *pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
pfil_add_hook(output_hook, NULL, PFIL_OUT | PFIL_WAITOK,pfh_inet);
static int output_hook(void *arg, struct mbuf **m,
struct ifnet *ifp, int dir)
{
out_bytes += (*m)->m_len;
struct mbuf* trav = (*m);
do{
short mbuf_type = trav->m_type;
int mbuf_length = 0;
mbuf_length = trav->m_len;
int mbuf_flags = trav->m_flags;
slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),
_SLOG_ERROR,
"in our output_hook() mbuf len:%d type:%d flags:%d",
mbuf_length,mbuf_type,mbuf_flags);
// found a packet header mbuf
if(M_PKTHDR == mbuf_flags && MT_HEADER == mbuf_type )
{
struct pkthdr pkthdr_data = trav->m_pkthdr;
slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),
_SLOG_ERROR,
"in our output_hook() packet hdr len:%d csumflags:%d csumdata:%u segsize:%u", pkthdr_data.len,
pkthdr_data.csum_flags,pkthdr_data.csum_data,pkthdr_data.segsz);
}
// found a data packet mbuf but where is it ???
if(mbuf_length > 0 )
{
struct ip *ipheader = NULL;
ipheader = mtod(trav,struct ip *);
// lookout for TCP packets
if(ipheader && (IPPROTO_TCP == ipheader->ip_p))
{
slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
"in our output_hook() source ip : %d:%d:%d:%d",
(int)(ipheader->ip_src.s_addr&0xFF),
(int)((ipheader->ip_src.s_addr&0xFF00)>>8),
(int)((ipheader->ip_src.s_addr&0xFF0000)>>16),
(int)((ipheader->ip_src.s_addr&0xFF000000)>>24));
slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
"in our output_hook() dest ip : %d:%d:%d:%d",
(int)(ipheader->ip_dst.s_addr&0xFF),
(int)((ipheader->ip_dst.s_addr&0xFF00)>>8),
(int)((ipheader->ip_dst.s_addr&0xFF0000)>>16),
(int)((ipheader->ip_dst.s_addr&0xFF000000)>>24));
slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
"in our output_hook() version : %d hdrl : %d length : %d",
ipheader->ip_v,ipheader->ip_hl,ipheader->ip_len);
// offset to the tcp header which follows the ip header
struct tcphdr *tcpheader = NULL;
int iphdrsize = sizeof(struct ip);
tcpheader= (struct tcphdr *)((void *)ipheader + iphdrsize);
if(tcpheader)
{
slogf( _SLOG_SETCODE(_SLOGC_TEST, 2),_SLOG_ERROR,
"in our output_hook() source port : %d dest port : %d",
ntohs(tcpheader->th_sport),ntohs(tcpheader->th_dport));
}
}
}
// go to next buf in chain
trav=trav->m_next;
}while(NULL != trav);
TIA
Atish