我的捕获HTTP协议数据流的Libnids 程序,只能捕获响应报文,而不能捕获请求包,是怎么回事/? 是不是libnids需要进行特殊设置还是什么的啊?我的程序放在别人那就能正常执行,真郁闷!!!!!!!!!!
是这样的,我用自己的电脑做客户端,然后点击新浪博客,但是只能接受到服务器发给我的信息。而我的请求信息则一个也收不到。
因为你网卡的驱动不计算校验和,而由硬件完成,当libnids发现你发送的没有计算校验和的数据包就丢弃了,只要让libnids忽略这一点就可以了。加入以下代码:
C/C++ code/* Example 2: disabling checksums of packets with src ip of any local interface */
static int get_all_ifaces(struct ifreq **, int *);
static unsigned int get_addr_from_ifreq(struct ifreq *);
int all_local_ipaddrs_chksum_disable()
{
struct ifreq *ifaces;
int ifaces_count;
int i, ind = 0;
struct nids_chksum_ctl *ctlp;
unsigned int tmp;
if (!get_all_ifaces(&ifaces, &ifaces_count))
return -1;
ctlp =
(struct nids_chksum_ctl *) malloc(ifaces_count *
sizeof(struct
nids_chksum_ctl));
if (!ctlp)
return -1;
for (i = 0; i < ifaces_count; i++) {
tmp = get_addr_from_ifreq(ifaces + i);
if (tmp) {
ctlp[ind].netaddr = tmp;
ctlp[ind].mask = inet_addr("255.255.255.255");
ctlp[ind].action = NIDS_DONT_CHKSUM;
ind++;
}
}
free(ifaces);
nids_register_chksum_ctl(ctlp, ind);
}
/* helper functions for Example 2 */
unsigned int get_addr_from_ifreq(struct ifreq *iface)
{
if (iface->ifr_addr.sa_family == AF_INET)
return ((struct sockaddr_in *) &(iface->ifr_addr))->
sin_addr.s_addr;
return 0;
}
static int get_all_ifaces(struct ifreq **ifaces, int *count)
{
int ifaces_size = 8 * sizeof(struct ifreq);
struct ifconf param;
int sock;
unsigned int i;
*ifaces = malloc(ifaces_size);
sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sock <= 0)
return 0;
for (;;) {
param.ifc_len = ifaces_size;
param.ifc_req = *ifaces;
if (ioctl(sock, SIOCGIFCONF, ¶m))
goto err;
if (param.ifc_len < ifaces_size)
break;
free(*ifaces);
ifaces_size *= 2;
ifaces = malloc(ifaces_size);
}
*count = param.ifc_len / sizeof(struct ifreq);
close(sock);
return 1;
err:
close(sock);
return 0;
}
在主程序开始调用函数all_local_ipaddrs_chksum_disable();配置libnids。这样应该就可以了。