I write a Linux kernel module to redirect an http network request from port 80 to port 8000 if the requested server name is some specific string. Although this would just need to read the request, filter the requested server name and compare it to some string literal this task turned out to be much more difficult that expected, especially because the kernel headers are so poorly documented.
I'm registering a net hook like this:
static int __init my_hook_init(void) {
pr_info("lavawall: loaded\n");
return nf_register_net_hook(&init_net, &my_nfho);
}
and after some null checks and getting the ip address I store the port and print where the packet is heading to.
static unsigned int lavawall(__attribute__((unused)) void* _,
struct sk_buff* skb,
const struct nf_hook_state* state) {
//...
port = ntohs(tcp->dest);
printk(KERN_INFO "lavawall: %s:%d\n", request_ip_string, port);
// ...
return NF_ACCEPT;
}
I tried to get the data as a string from the skb struct, but it either was null or complete garbage.
The questions I have are really simple:
How can I get the http request data?
Where can I get the hostname (like my.site.com) the request was heading to?