为什么libnids只能捕获单向数据流,而不是双向的
各位大侠:
我的捕获HTTP协议数据流的Libnids 程序,只能捕获响应报文,而不能捕获请求包,是怎么回事/? 是不是libnids需要进行特殊设置还是什么的啊?我的程序放在别人那就能正常执行,真郁闷!!!!!!!!!!
是这样的,我用自己的电脑做客户端,然后点击新浪博客,但是只能接受到服务器发给我的信息。而我的请求信息则一个也收不到。
急急。
[解决办法]
因为你网卡的驱动不计算校验和,而由硬件完成,当libnids发现你发送的没有计算校验和的数据包就丢弃了,只要让libnids忽略这一点就可以了。加入以下代码:
/* Example 2: disabling checksums of packets with src ip of any local interface */static int get_all_ifaces(struct ifreq **, int *);static unsigned int get_addr_from_ifreq(struct ifreq *);int all_local_ipaddrs_chksum_disable(){ struct ifreq *ifaces; int ifaces_count; int i, ind = 0; struct nids_chksum_ctl *ctlp; unsigned int tmp; if (!get_all_ifaces(&ifaces, &ifaces_count)) return -1; ctlp = (struct nids_chksum_ctl *) malloc(ifaces_count * sizeof(struct nids_chksum_ctl)); if (!ctlp) return -1; for (i = 0; i < ifaces_count; i++) { tmp = get_addr_from_ifreq(ifaces + i); if (tmp) { ctlp[ind].netaddr = tmp; ctlp[ind].mask = inet_addr("255.255.255.255"); ctlp[ind].action = NIDS_DONT_CHKSUM; ind++; } } free(ifaces); nids_register_chksum_ctl(ctlp, ind);}/* helper functions for Example 2 */unsigned int get_addr_from_ifreq(struct ifreq *iface){ if (iface->ifr_addr.sa_family == AF_INET) return ((struct sockaddr_in *) &(iface->ifr_addr))-> sin_addr.s_addr; return 0;}static int get_all_ifaces(struct ifreq **ifaces, int *count){ int ifaces_size = 8 * sizeof(struct ifreq); struct ifconf param; int sock; unsigned int i; *ifaces = malloc(ifaces_size); sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); if (sock <= 0) return 0; for (;;) { param.ifc_len = ifaces_size; param.ifc_req = *ifaces; if (ioctl(sock, SIOCGIFCONF, ¶m)) goto err; if (param.ifc_len < ifaces_size) break; free(*ifaces); ifaces_size *= 2; ifaces = malloc(ifaces_size); } *count = param.ifc_len / sizeof(struct ifreq); close(sock); return 1; err: close(sock); return 0;}