I am developing a system, which can detect the request in local network. If customers request a certain site, System will send a http redirect packet. I build http redirect packet via libnet, new uri is set in Location, like:
HTTP/1.1 302 Moved Temporarily Location: http://www.example.com
But it doesn't work, the browser doesn't go to the new site. The customer doesn't send a new GET request to redirect url.
Thanks for all answers.
What you really want to do is to implement an in-line deep packet inspection device that inspects the TCP stream, the HTTP headers and performs its own response if it detects access to a certain site.
In general, it is not possible to perform complicated application-level responses by using a passive device that simply monitors the traffic but the traffic won't go through the passive device.
You most likely need to do some Linux kernel-level development by using netfilter hooks. It's possible to pass the packets to userspace and back to kernelspace again, if you prefer to do userspace coding. My opinion is that it is better to perform complex deep-packet inspection in userspace.
For parsing the HTTP headers, you most likely need to create your own parser generator as none of the existing parser generators fulfill all the needs for deep packet inspection. In particular, you want to PUSH data into the parser, not for the parser to PULL data by calling a function that returns a piece of data. And the parser must work incrementally. So, yacc or bison doesn't work. Furthermore, practically none of the network protocols have been designed with two-stage (lexer, parser) parsing in mind, so you'll most likely need a solution that integrates lexer and parser into one and turns lexemes on and off based on the parser context. This is not an easy task. However, not having a parser generator to generate the HTTP header parsing code will be a total maintenance hell. It has been tried before, and the short summary is: don't do it.
Do consider that deep packet inspection devices have things called evasions. For example, what do you do if instead of "GET / HTTP/1.1\nHost: badsite.com\n\n" you see "G", "E", "T", " ", "/", " ", "H", "T", "T", "P", "/", "1", ".", "1", "\n", "H", "o", "s", "t", ":", " ", "b", "a", "d", "s", "i", "t", "e", ".", "c", "o", "m", "\n", "\n" in different TCP segments? You are going to have a lot of work ahead of you if you want to handle deep packet inspection evasions in your system.
Disclaimer: I have worked for a major network security device vendor, so I know how these things are implemented.