Modifying data before sending them

Posted on 2006-11-22
Last Modified: 2010-03-18

I'm currently working on a project which requires me to modify data an application wants to send over the network. My goal is to do this in a transparent way, therefore no modification whatsoever should take place in the application. My solution would normally be in the form of a module for the kernel (2.6.x series). My project is actually an extension of someone else's work which apparently uses the Linux Security Modules, the network hooks. From what I read, these modules are only used for access control policies enforcement, so the only control I have over the sockets is allowing or refusing different actions, such as creation, connection, transmission, etc. Therefore, it doesn't seem possible to alter the data that the application wants to send.

For the moment, I only see one alternative, modifying the sockets themselves. Although my implementation has only a "show it's feasible" purpose, I would prefer a "cleaner" way to deal with this. Moreover, it would be much better if I could actually extend the previous work that has been undertaken by another person, instead of just starting from scratch.

As I said before, my goal is to make this completely transparent for the applications.

Do you have any suggestion on that matter ? Any good reference (book, article, website) would be greatly appreciated too. Don't hesitate to ask for further information if you find it necessary.

Thanks in advance for your time.

Question by:aCp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Expert Comment

ID: 17995458
i would suggest you could do a library, so you can rewrite socket, and send_data. you could also see how ethereal reads the data send, maybe
you can change this way the data, making a module is maybe not possible, since you must put the module between others modules, abnd maybe some modules can not make modules (they must be in the kernel). Making a library for sending and receiving would bethe cleanest way.

Author Comment

ID: 17995522
Hi there,

by developing a library I fail to complete one of my goals, which is to avoid modification of all applications. A module is indeed not possible for the moment, at least I think it is, except if the security hooks of LSM allow such a task.

Therefore it seems more suitable to modify the socket code directly in the kernel.

Accepted Solution

_iskywalker_ earned 125 total points
ID: 17995567
you dont need to modify all applications, you need only to change the send command on the libraries (all applications use libraries, so modiufying libraries you wont modify the application, e.g.  normally (if your arent in assembler) the applications use so modifiing will make your job (ldd program name tells you which libraries are used for the program).
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!


Author Comment

ID: 17995568
By the way, I forgot something. You talked about ethereal (called wireshark now btw :), but the problem is that (as iptables actually), it intervenes only before actual emission of the data, so between data and physical layers if I'm not mistaken. Since I want to alter data (let's say I want to add something to the sent data), doing that after the transport or network layer would considerably make my life harder (just consider fragmentation for instance)...

This is why I strongly believe that the whole thing should be between application and transport layer.

Author Comment

ID: 17995665
Oh ok, now I see what you mean. My knowledge is somewhat restricted in that area, so I have two questions regarding this approach :

1) Do all applications that are susceptible to send data over a network rely on libc for doing so ? From what I know so far, they might rely on some other library, but the latter can be finally using libc. Am I right in this last assumption ?

2) Libraries are not my forte, but for having played a bit with some a couple of years ago, I recall that a modification in the core of a function (let's take send as an example) could lead to a change in the ABI. Therefore, recompilation of programs linked to this library is needed. Would this be the case here ? I mean, how much "freedom" do I have in modifying the send function without needing to recompile application using it ?

Last but not least, although I'm interested in taking this alternative further, I forgot to mention that there is a external constraint that will most probably push me to work in the kernel. However, the feasability of such a solution is very interesting. Who knows, maybe it might be even better than dealing with the kernel...

Thanks for baring with me on this one...


Author Comment

ID: 18014574
No other opinions/advices ?

What about sources of information on that field ?


Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question