NFTables extension querying HTTP response data after TCPHDR(SKB) unexpected
I'm running Debian 5.10.1 with a NFTables extension module. There are two functions in the module. 1) Extract the IP address from a DNS response packet. 2) Look for a valid HTTP response served by my Web server. Both functions are called from a NFTables output rule.
The first function works find but the second is having unexpected results. I get the iphdr from using ip_hdr(skb*) and the data in the iphdr looks good. The data after the iphdr looks good for a tcphdr. However the HTTP data which should be after the tcphdr is not correct. Dumping skb->data I get this :- 4500047B529A40004006AB930A0B122A 0A0B12100050D98D241EF15862B67970 501801F53CBD00000000010000000100 00000000000000000000000000000000 01000000000000000200010000000000 000000000000000000E250C069BBFFFF 5304000000000000035D864C5BE58F5C 00000000000000000000000000000000 00000000000000000000000000000000 00000000000000000000000000000000 The first 0x14 bytes are the iphdr and the next 0x14 bytes the tcphdr and validated in the tcpdump of the packet. However at 0x28 I would expect to see "HTTP/1.1 200 OK....." and I don't. Any suggestions? |
Quote:
If what you mean is the kernel version, buster has 4.19, while buster-backports, bullseye and sid are currently in sync, all of them having 5.10.13. Have you compiled your kernel yourself? |
shruggy,
I'm running a kernel I compiled myself, the source was downloaded from www.kernel.org and at the time 5.10.1 was the latest stable version. Bob |
All times are GMT -5. The time now is 09:53 PM. |