• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Fwd: Socket Filtering NKE
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Socket Filtering NKE

  • Subject: Fwd: Socket Filtering NKE
  • From: Matt Slot <email@hidden>
  • Date: Wed, 03 Dec 2014 12:47:18 -0500
On Dec 3, 2014, at 1:10 AM, Madhavi Gundeti <email@hidden> wrote:
I have looked into the tcplognke sample code, In this sample the same IP address is re injected at later time.

Is it possible to re inject IP address with some strings appending to it ?

For example:
i/p : 74.125.236.161(swallow this)
re injected packet should be: 74.125.236.161/#q=madhavi

Is above scenario is possible? Can we re inject the entire string "74.125.236.161/#q=madhavi" ??

You need to be careful how you describe this. You aren’t editing the IP address of the connected socket, but the contents of the TCP stream.

To answer your question: yes, a socket filter can read the TCP data and re-inject different data to the network stack. However, you have to be careful here. A TCP stream isn’t always grouped nicely into a single mbuf for parsing, but can be broken up in ways that make pulling out a single string harder.  “74.125.236.161” could be passed up with “74.125.2” and “36.16” in separate buffers/callbacks.

More importantly, content filtering from an NKE is _hard_. You can perform simple transforms on the data, but if really want to filter the contents in a meaningful way, it doesn’t scale well: memory is tighter, bugs are much more serious, and debugging is much harder.

From your description, it sounds like you want to modify certain web requests -- change the outgoing URL or perhaps insert certain headers. In this case, I’d recommend proxying the data to a helper process in user land. Instead of packet injection, use the sf_connect_out_func callback to change the remote address to localhost — use sock_connect() to redirect the connection to a listen() socket within your helper process!

This helper process can then parse and manipulate the outgoing request, send it to the desired server, and then proxy the response back as normal. Besides making it easier to debug, a user land process also has access to virtual memory (for buffering), the file system (for logging and preferences), and the full suite of MacOS X APIs.

Good luck!

Matt
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Fwd: Socket Filtering NKE
      • From: Peter Lovell <email@hidden>
References: 
 >Socket Filtering NKE (From: Madhavi Gundeti <email@hidden>)

  • Prev by Date: Re: Socket Filtering NKE
  • Next by Date: Re: Fwd: Socket Filtering NKE
  • Previous by thread: Re: Socket Filtering NKE
  • Next by thread: Re: Fwd: Socket Filtering NKE
  • Index(es):
    • Date
    • Thread