On Dec 3, 2014, at 1:10 AM, Madhavi Gundeti <madhavi.gundet...@gmail.com> wrote:
I have looked into the tcplognke sample code, In this sample the same IP address is re injected at later time. Is it possible to re inject IP address with some strings appending to it ? For example: i/p : 74.125.236.161(swallow this) re injected packet should be: 74.125.236.161/#q=madhavi Is above scenario is possible? Can we re inject the entire string " 74.125.236.161/#q=madhavi" ?? You need to be careful how you describe this. You aren’t editing the IP address of the connected socket, but the contents of the TCP stream. To answer your question: yes, a socket filter can read the TCP data and re-inject different data to the network stack. However, you have to be careful here. A TCP stream isn’t always grouped nicely into a single mbuf for parsing, but can be broken up in ways that make pulling out a single string harder. “74.125.236.161” could be passed up with “74.125.2” and “36.16” in separate buffers/callbacks. More importantly, content filtering from an NKE is _hard_. You can perform simple transforms on the data, but if really want to filter the contents in a meaningful way, it doesn’t scale well: memory is tighter, bugs are much more serious, and debugging is much harder. >From your description, it sounds like you want to modify certain web requests -- change the outgoing URL or perhaps insert certain headers. In this case, I’d recommend proxying the data to a helper process in user land. Instead of packet injection, use the sf_connect_out_func callback to change the remote address to localhost — use sock_connect() to redirect the connection to a listen() socket within your helper process! This helper process can then parse and manipulate the outgoing request, send it to the desired server, and then proxy the response back as normal. Besides making it easier to debug, a user land process also has access to virtual memory (for buffering), the file system (for logging and preferences), and the full suite of MacOS X APIs. Good luck! Matt
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
