I have a problem, maybe you have some information about this. I want to hook socket receive function (recv) in running process and modify incoming data. How i know, i can do this using kernel module, but i cant find information about how to do such hook.
I tried to go another ways like Netfilter, iptables, but these ways to slow.
Be aware that there are several different syscalls which could be used - not just recv().
Assuming the application in question does its kernel interaction via the C library (instead of crafting syscalls by hand), and that you can restart it to set up the test, a fairly straightforward idea could be to use the LD_PRELOAD environment variable to first load a custom library which replaces the syscall wrappers of interest with intercepting ones.
Or you could set up syscall interception the way strace does, and monkey with the ones of interest.
Another option is to not let the application connect directly to the remote system, but instead create a proxy, have it connect to the proxy, and have the proxy connect to the remote system. A major advantage of this is that it's quite portable, requiring little in the way of platform specific details.
来源:https://stackoverflow.com/questions/10373447/linux-module-to-hook-process-functions