I have a Linux application that talks about TCP, and to help with analysis and statistics, I would like to modify the data in some of the TCP packets that it sends. I would prefer to do this without hacking the Linux TCP stack.
The idea I have so far is to create a bridge that acts as a "TCP packet modifier." My idea is to connect to the application using the tun / tap device on one side of the bridge and to the network card through raw sockets on the other side of the bridge.
My concern is that when you open a raw socket, it still sends packets to the Linux TCP stack, and therefore I could not modify and send them even if I wanted to. Is it correct?
A sketch of the pseudo-C code of the bridge is as follows:
tap_fd = open_tap_device("/dev/net/tun");
raw_fd = open_raw_socket();
for (;;) {
select(fds = [tap_fd, raw_fd]);
if (FD_ISSET(tap_fd, &fds)) {
read_packet(tap_fd);
modify_packet_if_needed();
write_packet(raw_fd);
}
if (FD_ISSET(raw_fd, &fds)) {
read_packet(raw_fd);
modify_packet_if_needed();
write_packet(tap_fd);
}
}
Is this possible, or are there other better ways to achieve the same thing? (TCP bridges and modification).
source
share