3

I have an embedded system that can be treated as an Access Point. There's a program that runs in that system and performs some network communication with devices connected to that Access Point. It is sending UDP packets containing some diagnostic information (a data structure) and receiving commands. The problem is that sometimes some fields of that outgoing data structure are not filled with data (eg. there are zeroes or some garbage). I need those fields to be correctly filled every time and I know what values should be put there.

Another task that I need to accomplish is to filter incoming packets that come to this program (I know what ports it listens on) - usually I need to simply pass them, but occassionaly (eg. when I get some information from sensors) it is necessary to completely replace them with new packets that I would generate.

I have several ideas varying from some smart usage of iptables and pcap to writing my own kernel module. I do not own sources of that embedded application so I cannot embed this functionality in its code. Performance is a crucial thing here, and I'd like to hear your suggestions: what should I go for? Writing my own kernel modules seems to be the best solution to me, but I have no experience in network hacking so maybe there are some other ways that are better suited for this problem. Any opinion will be highly appreciated!

k_wisniewski
  • 2,439
  • 3
  • 24
  • 31
  • 1
    Use paragraphs please; that block of text is really hard to read. – Mat May 16 '12 at 08:27
  • Do you find it better now? :) – k_wisniewski May 16 '12 at 08:32
  • 1
    Is the application dynamically or staticly linked? You could probably mangle its socket access with an `LD_PRELOAD` library – Hasturkun May 16 '12 at 08:50
  • Hmm seems to be an interesting solution - could you write something more on this topic? – k_wisniewski May 16 '12 at 09:14
  • 1
    Old answer of mine, http://stackoverflow.com/a/7094336/ also, http://stackoverflow.com/q/426230/ Generally, you create a shared library implementing eg. `read()`, `write()` etc. that handles these or passes them on to the default implementation. You might find it easier to socksify your application this way, do the handling on a proxy – Hasturkun May 16 '12 at 10:12

2 Answers2

2

One standard approach is to use libnetfilter_queue to intercept and modify packets directly. You should at least try this before attempting to write your own kernel modules.

Basil
  • 1,001
  • 7
  • 9
  • ok I've chosen to implement it with libnetfilter - seems to be a good balance between hardcore kernel hacking and straightforward use of proxy. I accept this solution, though the problem was a kind of brain storm, so I thank everyone who had a suggestion – k_wisniewski May 21 '12 at 17:04
1

You could do it in userspace. Just write a server that receives the packets changes them and send them again out. You have to configure the application just to use your localhost as destination ip (or configure your system that it has the target address). Its a typical "man-in-the-middle" setup.

flolo
  • 15,148
  • 4
  • 32
  • 57
  • OK, but I need to know the IP address of the outgoing packets. And I cannot make any changes (including configuration) to the application running on that Access Point, so it is not possible to just change destination ip. I would need to use iptables anyway to redirect packets back to localhost but than AFAIK I would lose destination IP so that I wouldn't know where should I send it out again. Correct me if I'm wrong. Another issue is performance - I'm not sure whether using iptables and that proxy server would be faster than some smart kernel module that would modify packets on a fly. – k_wisniewski May 16 '12 at 08:51