Go Premium for a chance to win a PS4. Enter to Win


Modifying data before sending them

Posted on 2006-11-22
Medium Priority
Last Modified: 2010-03-18

I'm currently working on a project which requires me to modify data an application wants to send over the network. My goal is to do this in a transparent way, therefore no modification whatsoever should take place in the application. My solution would normally be in the form of a module for the kernel (2.6.x series). My project is actually an extension of someone else's work which apparently uses the Linux Security Modules, the network hooks. From what I read, these modules are only used for access control policies enforcement, so the only control I have over the sockets is allowing or refusing different actions, such as creation, connection, transmission, etc. Therefore, it doesn't seem possible to alter the data that the application wants to send.

For the moment, I only see one alternative, modifying the sockets themselves. Although my implementation has only a "show it's feasible" purpose, I would prefer a "cleaner" way to deal with this. Moreover, it would be much better if I could actually extend the previous work that has been undertaken by another person, instead of just starting from scratch.

As I said before, my goal is to make this completely transparent for the applications.

Do you have any suggestion on that matter ? Any good reference (book, article, website) would be greatly appreciated too. Don't hesitate to ask for further information if you find it necessary.

Thanks in advance for your time.

Question by:aCp
  • 4
  • 2

Expert Comment

ID: 17995458
i would suggest you could do a library, so you can rewrite socket, and send_data. you could also see how ethereal reads the data send, maybe
you can change this way the data, making a module is maybe not possible, since you must put the module between others modules, abnd maybe some modules can not make modules (they must be in the kernel). Making a library for sending and receiving would bethe cleanest way.

Author Comment

ID: 17995522
Hi there,

by developing a library I fail to complete one of my goals, which is to avoid modification of all applications. A module is indeed not possible for the moment, at least I think it is, except if the security hooks of LSM allow such a task.

Therefore it seems more suitable to modify the socket code directly in the kernel.

Accepted Solution

_iskywalker_ earned 500 total points
ID: 17995567
you dont need to modify all applications, you need only to change the send command on the libraries (all applications use libraries, so modiufying libraries you wont modify the application, e.g.  normally (if your arent in assembler) the applications use  libc.so.6 so modifiing libc.so.6 will make your job (ldd program name tells you which libraries are used for the program).
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 17995568
By the way, I forgot something. You talked about ethereal (called wireshark now btw :), but the problem is that (as iptables actually), it intervenes only before actual emission of the data, so between data and physical layers if I'm not mistaken. Since I want to alter data (let's say I want to add something to the sent data), doing that after the transport or network layer would considerably make my life harder (just consider fragmentation for instance)...

This is why I strongly believe that the whole thing should be between application and transport layer.

Author Comment

ID: 17995665
Oh ok, now I see what you mean. My knowledge is somewhat restricted in that area, so I have two questions regarding this approach :

1) Do all applications that are susceptible to send data over a network rely on libc for doing so ? From what I know so far, they might rely on some other library, but the latter can be finally using libc. Am I right in this last assumption ?

2) Libraries are not my forte, but for having played a bit with some a couple of years ago, I recall that a modification in the core of a function (let's take send as an example) could lead to a change in the ABI. Therefore, recompilation of programs linked to this library is needed. Would this be the case here ? I mean, how much "freedom" do I have in modifying the send function without needing to recompile application using it ?

Last but not least, although I'm interested in taking this alternative further, I forgot to mention that there is a external constraint that will most probably push me to work in the kernel. However, the feasability of such a solution is very interesting. Who knows, maybe it might be even better than dealing with the kernel...

Thanks for baring with me on this one...


Author Comment

ID: 18014574
No other opinions/advices ?

What about sources of information on that field ?


Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question