Go Back   MacRumors Forums > Apple Systems and Services > Programming > Mac Programming

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 15, 2013, 08:54 PM   #1
blazerguns
macrumors newbie
 
Join Date: Feb 2013
Divert sockets

Hi all,

I went through some of the early discussions on the topic of divert sockets. I also saw few sample code such as http://www.loudhush.ro/files/divert.m

My intention is to do something similar to what is described above, set a rule such that I get only TCP packets, that too only HTTP. Is it possible? The rule suggested is

00001 divert 8999 tcp from any 80 to any out

I assume the rule says divert any packet coming from my system to any website to be diverted to port number 8999 where my application will be listening

This rule should ensure that I receive only TCP packets. My main interest is HTTP payload. I want to log all the HTTP headers going out from my browser to internet, modify it if needed and reinject it back. Since I am dealing with only outbound traffic from my laptop to the internet, using "out" in the rule is appropriate. Please correct me if there is some misunderstanding here.

The question I have is what is the best way to handle the traffic going out? I mean, assume I restart a browser with multiple tabs. Once the browser comes up, at least 20 to 30 odd connections (HTTP) to the internet are going to take place. Obviously each of these sessions will have a unique source port number, so in my code, the recvfrom() will get all these 20 to 30 connections while running in a loop.

Is it smart to spawn off a thread for each individual connection to check for a HTTP header and modify and reinject to the same port and exit? Or a better design will be to maintain some hash table for all the connections and use the same thread to process the modify and write? I don't see how select() can help here.

Another aspect of this design is if I am not filtering on port 80, I will get all TCP packets (including SYN, SYN-ACK etc) for which I need to quickly reinject back without modification. I am only interested in TCP with HTTP payload. Can you suggest me the best approach?

Regards,
Varun
blazerguns is offline   0 Reply With Quote
Old Feb 16, 2013, 12:42 PM   #2
ElectricSheep
macrumors 6502
 
Join Date: Feb 2004
Location: Wilmington, DE
Send a message via AIM to ElectricSheep
Since all you care about is logging, you may be more interested in using a tee rule instead of a divert. The tee will send a copy to a specified divert(4) socket, and you can perform whatever logic you wish without having to re-inject the packet back into the networking stack.

Note that this will only work if you have a fairly simple ruleset, because once a packet matches the tee rule, it is accepted and any further rules are not applied.
__________________
15'' MBP (early 2011) | i7 3770k Hackintosh | i7 Mac Mini (late 2012) | iPhone 5 | iPad 3 (2012) | iPad mini | MacOS X 10.9.2
ElectricSheep is offline   0 Reply With Quote
Old Feb 16, 2013, 02:31 PM   #3
blazerguns
Thread Starter
macrumors newbie
 
Join Date: Feb 2013
Quote:
Originally Posted by ElectricSheep View Post
Since all you care about is logging, you may be more interested in using a tee rule instead of a divert. The tee will send a copy to a specified divert(4) socket, and you can perform whatever logic you wish without having to re-inject the packet back into the networking stack.

This is for a test run, In future I plan to modify it a bit more and be able to change the HTTP payload before re-injecting it back. I need divert socket for that.

Note that this will only work if you have a fairly simple ruleset, because once a packet matches the tee rule, it is accepted and any further rules are not applied.
My concern is as follows:
- Is it guaranteed that HTTP's GET/POST/HEAD methods will always be one single packet so I don't have to bother about fragment handling when I'am modifying HTTP payload?

- Is it a scalable solution to have one thread reading these HTTP packets from the socket and storing them in a hash table, where the hash key is based in src port, destination address? Another thread would just read from hash table modify the HTTP header and reinject it back. What do you think?

Regards,
Varun
blazerguns is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > Programming > Mac Programming

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
nMP - question about TB2 sockets reliability 2128506 Mac Pro 49 Jan 19, 2014 10:53 PM
mbpro charger plug for alternate sockets zoran Mac Peripherals 3 Sep 1, 2013 12:31 PM
Bark - Seemlessly divert all your Growl notifications to NC danb77 OS X 10.8 Mountain Lion 21 Aug 28, 2012 12:22 PM

Forum Jump

All times are GMT -5. The time now is 12:53 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC