In many situations it can be useful to be able to install applications on networked remote terminals, or to modify applications being downloaded and installed from a network, even transparently to the users of such terminals. Consider, for example, the installation of control devices, capable of performing monitoring and notification of the operations performed at the terminal, in particular in the context of lawful interception activities or the insertion of customized advertising content in applications downloaded by the user.
For this purpose, devices are known which allow to modify network traffic on-the-fly: these devices are based on code injection techniques. These techniques allow to intercept and modify data packets in transit on the network during download on the part of the user who uses the terminal onto which one wishes to install the application, generally referenced as the target terminal.
In general, devices that perform code injection are probes that operate in in-line mode: in other words, the traffic passes physically within a probe, entering through a network port and exiting from another port. One side communicates with the terminal, or client, and the other side communicates with the server to which the user is connected. When the traffic passes through the probe, the probe can modify its content, adding the data required for the installation of the desired application.
However, the devices known in the art are not free from drawbacks: in particular, the need to place the equipment physically in the middle of the communication is a requirement that limits their use. In some cases it is in fact impossible to interrupt a cable to place a probe in order to make network traffic pass within it. In other cases this operation, although possible, requires designing a very complex architecture, especially if the probe has to be inserted in the network of an Internet Service Provider: in this case it is in fact necessary to ensure the reliability and redundancy of the probe in case of fault, since it is not desirable for a fault on the probe to cause interruption of network service for the target.
With reference to the Internet, another drawback arises from the fact that, in general, the point where these probes are located is the uplink of a provider, i.e., the point through which all the connections of a given DSLAM toward the Internet pass. These links group the connections of hundreds of users, and accordingly the used bandwidth is very large. Accordingly, an in-line probe positioned in this point must have such characteristics as to ensure a very high performance, in order to ensure that all traffic passes unhindered within it without degrading performance. Indeed, because of the performance that must be ensured, not so much for the modified connections as for all the other connections that are not strictly subjected to modifications, the cost of these apparatuses is very high.