For some private purposes I need to enrich HTTP header with additional information (which will be handled by app on the HTTP server side). The basic idea was to modify received packet, send it to destination and never care about answer. The very simplified scheme of traffic paths is
+---+ +------+ +---+
| +<<-----o MDFY +<<------o |
| R | +------+ | S |
| C | | N |
| V | | D |
| o--------------------->>+ |
+---+ +---+
The issue comes with TCP SEQ/ACK numbers. After TCP handshake, Sender send packet of 4 bytes length, which come to Modifier where length change to 22, then packet arrive Receiver and it sends ACK number +23, while Sender expects for +5. This blows Sender's mind and session becomes unsynced. I see this when, for example, try netcat for testing - for unmodified packets, session closes immediately after data exchange, while for modified packets session stales for a long time (actually, I stop it by pressing Ctrl-C).
I don't see an easy way to deal with this situation. Looks as once modified in-the-middle, entire session must be handled by Modifier because Sender knows nothing about Sequence number's modification and will rely on his own numbers. Doing this will significantly both impact performance and increase complexity, since I need to maintain state of every session and modify every packet coming from both sides to maintain SEQ/ACK numbers.
May be I don't see another way except writing own DPI? :-) Any knowledge, ideas and suggestions are appreciated.
Thank you.