Modifying data before sending them

Posted on 2006-11-22
Last Modified: 2010-03-18

I'm currently working on a project which requires me to modify data an application wants to send over the network. My goal is to do this in a transparent way, therefore no modification whatsoever should take place in the application. My solution would normally be in the form of a module for the kernel (2.6.x series). My project is actually an extension of someone else's work which apparently uses the Linux Security Modules, the network hooks. From what I read, these modules are only used for access control policies enforcement, so the only control I have over the sockets is allowing or refusing different actions, such as creation, connection, transmission, etc. Therefore, it doesn't seem possible to alter the data that the application wants to send.

For the moment, I only see one alternative, modifying the sockets themselves. Although my implementation has only a "show it's feasible" purpose, I would prefer a "cleaner" way to deal with this. Moreover, it would be much better if I could actually extend the previous work that has been undertaken by another person, instead of just starting from scratch.

As I said before, my goal is to make this completely transparent for the applications.

Do you have any suggestion on that matter ? Any good reference (book, article, website) would be greatly appreciated too. Don't hesitate to ask for further information if you find it necessary.

Thanks in advance for your time.

Question by:aCp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Expert Comment

ID: 17995458
i would suggest you could do a library, so you can rewrite socket, and send_data. you could also see how ethereal reads the data send, maybe
you can change this way the data, making a module is maybe not possible, since you must put the module between others modules, abnd maybe some modules can not make modules (they must be in the kernel). Making a library for sending and receiving would bethe cleanest way.

Author Comment

ID: 17995522
Hi there,

by developing a library I fail to complete one of my goals, which is to avoid modification of all applications. A module is indeed not possible for the moment, at least I think it is, except if the security hooks of LSM allow such a task.

Therefore it seems more suitable to modify the socket code directly in the kernel.

Accepted Solution

_iskywalker_ earned 125 total points
ID: 17995567
you dont need to modify all applications, you need only to change the send command on the libraries (all applications use libraries, so modiufying libraries you wont modify the application, e.g.  normally (if your arent in assembler) the applications use so modifiing will make your job (ldd program name tells you which libraries are used for the program).
Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.


Author Comment

ID: 17995568
By the way, I forgot something. You talked about ethereal (called wireshark now btw :), but the problem is that (as iptables actually), it intervenes only before actual emission of the data, so between data and physical layers if I'm not mistaken. Since I want to alter data (let's say I want to add something to the sent data), doing that after the transport or network layer would considerably make my life harder (just consider fragmentation for instance)...

This is why I strongly believe that the whole thing should be between application and transport layer.

Author Comment

ID: 17995665
Oh ok, now I see what you mean. My knowledge is somewhat restricted in that area, so I have two questions regarding this approach :

1) Do all applications that are susceptible to send data over a network rely on libc for doing so ? From what I know so far, they might rely on some other library, but the latter can be finally using libc. Am I right in this last assumption ?

2) Libraries are not my forte, but for having played a bit with some a couple of years ago, I recall that a modification in the core of a function (let's take send as an example) could lead to a change in the ABI. Therefore, recompilation of programs linked to this library is needed. Would this be the case here ? I mean, how much "freedom" do I have in modifying the send function without needing to recompile application using it ?

Last but not least, although I'm interested in taking this alternative further, I forgot to mention that there is a external constraint that will most probably push me to work in the kernel. However, the feasability of such a solution is very interesting. Who knows, maybe it might be even better than dealing with the kernel...

Thanks for baring with me on this one...


Author Comment

ID: 18014574
No other opinions/advices ?

What about sources of information on that field ?


Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question