Modifying data before sending them

Hello,

I'm currently working on a project which requires me to modify data an application wants to send over the network. My goal is to do this in a transparent way, therefore no modification whatsoever should take place in the application. My solution would normally be in the form of a module for the kernel (2.6.x series). My project is actually an extension of someone else's work which apparently uses the Linux Security Modules, the network hooks. From what I read, these modules are only used for access control policies enforcement, so the only control I have over the sockets is allowing or refusing different actions, such as creation, connection, transmission, etc. Therefore, it doesn't seem possible to alter the data that the application wants to send.

For the moment, I only see one alternative, modifying the sockets themselves. Although my implementation has only a "show it's feasible" purpose, I would prefer a "cleaner" way to deal with this. Moreover, it would be much better if I could actually extend the previous work that has been undertaken by another person, instead of just starting from scratch.

As I said before, my goal is to make this completely transparent for the applications.

Do you have any suggestion on that matter ? Any good reference (book, article, website) would be greatly appreciated too. Don't hesitate to ask for further information if you find it necessary.

Thanks in advance for your time.

acp
LVL 1
aCpAsked:
Who is Participating?
 
_iskywalker_Commented:
you dont need to modify all applications, you need only to change the send command on the libraries (all applications use libraries, so modiufying libraries you wont modify the application, e.g.  normally (if your arent in assembler) the applications use  libc.so.6 so modifiing libc.so.6 will make your job (ldd program name tells you which libraries are used for the program).
0
 
_iskywalker_Commented:
i would suggest you could do a library, so you can rewrite socket, and send_data. you could also see how ethereal reads the data send, maybe
you can change this way the data, making a module is maybe not possible, since you must put the module between others modules, abnd maybe some modules can not make modules (they must be in the kernel). Making a library for sending and receiving would bethe cleanest way.
0
 
aCpAuthor Commented:
Hi there,

by developing a library I fail to complete one of my goals, which is to avoid modification of all applications. A module is indeed not possible for the moment, at least I think it is, except if the security hooks of LSM allow such a task.

Therefore it seems more suitable to modify the socket code directly in the kernel.
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
aCpAuthor Commented:
By the way, I forgot something. You talked about ethereal (called wireshark now btw :), but the problem is that (as iptables actually), it intervenes only before actual emission of the data, so between data and physical layers if I'm not mistaken. Since I want to alter data (let's say I want to add something to the sent data), doing that after the transport or network layer would considerably make my life harder (just consider fragmentation for instance)...

This is why I strongly believe that the whole thing should be between application and transport layer.
0
 
aCpAuthor Commented:
Oh ok, now I see what you mean. My knowledge is somewhat restricted in that area, so I have two questions regarding this approach :

1) Do all applications that are susceptible to send data over a network rely on libc for doing so ? From what I know so far, they might rely on some other library, but the latter can be finally using libc. Am I right in this last assumption ?

2) Libraries are not my forte, but for having played a bit with some a couple of years ago, I recall that a modification in the core of a function (let's take send as an example) could lead to a change in the ABI. Therefore, recompilation of programs linked to this library is needed. Would this be the case here ? I mean, how much "freedom" do I have in modifying the send function without needing to recompile application using it ?

Last but not least, although I'm interested in taking this alternative further, I forgot to mention that there is a external constraint that will most probably push me to work in the kernel. However, the feasability of such a solution is very interesting. Who knows, maybe it might be even better than dealing with the kernel...

Thanks for baring with me on this one...

acp
0
 
aCpAuthor Commented:
No other opinions/advices ?

What about sources of information on that field ?

Thanks,
aCp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.