Home › Forums › Discussions › Support › Modify TTL of the packets
- This topic has 13 replies, 5 voices, and was last updated 16 years ago by wise_guybg.
-
AuthorPosts
-
March 5, 2006 at 8:06 am #5003
Hi,
I’am tring to modify ttl of the packets that have flag receive. I used the next code for this. The problem is that After I launch the app the net will be down.
Could you please tell me where I am wrong?
if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND) {
api.SendPacketToAdapter(&Request);
}
else {
ip_hdr1->ip_ttl=255;
RecalculateIPChecksum(ip_hdr1);
api.SendPacketToMstcp(&Request);
}
Aureliu Han[/code]
March 5, 2006 at 9:19 am #5993Hmm, I don’t see the problem but what is the sense to modify TTL in the incoming packet?
You can download some code playing with TTL (and some other fields of the packet) from here http://www.xakep.ru/post/29448/safenat.zip I think it should be a good reference.
March 5, 2006 at 9:47 am #5994My problem is that the incoming packets have TTL=1 and beacause of this I can not get the packets behind a router.
The only solution is to modify the packet’s ttl=5 so I can get the packets over the routerMay 1, 2006 at 3:29 pm #5995Same here, at Sofia… I can’t use inet on my laptop brought from work. Simple Windows ICS from my desktop PC doesn’t work so I had to play with the NTKernel goodies. Really nice libs. Thanks guys.
Let’s go to implementation:
1. Start with the PassThru example
2. Add some checks on the received packet
3. ttl=5
4. checksum=0
5. checksum=RecalcChecksum(ipheader, ipheaderlen)I had the most problems on the checksum as different functions found on the net work with different params and it was hard to set it correctly. Now it works ๐
some delphi code:
while not Terminated and (ReadPacket(hFilt, @ReadRequest) <> 0) do
begin
try
pEtherHeader := TEtherHeaderPtr(@Buffer.m_IBuffer);
// Check for IP protocol and OnReceive flag
if ntohs(pEtherHeader.h_proto) = ETH_P_IP then
begin
pIPHeader := TIPHeaderPtr(Integer(pEtherHeader) +
SizeOf(TEtherHeader));
// Check if TTL causes problems
if pIPHeader.TTL <= ERR_TTL then
begin
pIPHeader.TTL := NEW_TTL;
pIPHeader.Checksum := 0;
pIPHeader.Checksum := htons(
Checksum(PWord(pIPHeader),
(SizeOf(TIPHeader) - SizeOf(DWORD)) div 2));
end;
end;
finally
// Send the request down the line
if Buffer.m_dwDeviceFlags = PACKET_FLAG_ON_SEND then
// Place packet on the network interface
SendPacketToAdapter(hFilt, @ReadRequest)
else
// Indicate packet to MSTCP
SendPacketToMstcp(hFilt, @ReadRequest);
end;
end;
end;
May 1, 2006 at 3:43 pm #5996The real reason to come here is that now that I have finished my app, I want to write an Article on how to use it, how it was created.
I was thinking of the distribution cases. The most simple for me is to link to the WinpkFilter Framework download page and instruct users to install it and then put my exe in the bin folder.
That will work but I was wondering if I can make a more integrated install process. My application is written in Delphi (source code will be open). It needs the ndisapi.dll It in his turn needs the driver installed. Is there a setup script to install only the driver, the ndisapi.dll and a executable of your choice. Sorry if I’m being impudent. These days I have spend some time on the problem and realize that it’s not a small thing to create a Framework like this. I appreciate that you allow distributing the Framework package and use it freely… but can someone again for non-commercial, educational use… have a simple redistributable with the dll, the driver, and an application?
๐
I have posted the important part of the application… the other stuff is simply GUI that will also be available as source
May 1, 2006 at 5:02 pm #5997I’m confused. I just return from the Price/Licensing page. From what I saw there, my last post is meaningless. I thought I can create my application and help others in the same position. As I can see it now, I can really only advise people to install the WinpkFilter Framework and then use my application. If I want something more, I should look for a license.
For the WinpkFilter Helper Drivers Redistribution there is a price tag of 1495.00$ Guess this is the real price to pay since Microsoft didn’t do their part of the job ๐
Anyway, is it ok to have an Article on the subject we treat here with my Application as a solution and a link to the WinpkFilter run-time libraries that are presented on
http://www.ntkernel.com/w&p.php?id=7
or it is in violation of the license agreement?
Hmm, I don’t see the case of and open source developer in your licensing plan ๐ The 1495.00$ are too much since I only provide let’s say a sample application of the library for which I don’t want any money. ๐ bizarre
May 1, 2006 at 5:45 pm #5998Hello,
this is probably too simple and i did not have a chance ti test it but since starting with windows2k, we can use windows to act as a router and since we can force windows to set the ttl to outgoing packets, would this be a solution?registry keys are
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersdefaulttl
and
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersipenablerouter.Regards,
Erwanedit:
i confirm that the defaultTTL will force the TTL on outgoing packet on a computer on a lan.
dont know yet what the ttl will be once it has gone thru an ICS computer or windows router…May 1, 2006 at 9:15 pm #5999Why change TTL:
You want to use ICS and your ISP is sending you packets with TTL=1
What can you do:
Clients can output packets with TTL= 129, this way your ISP want notice that packets hop through a desktop PC with enabled ICS. So on the client machines set:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters
DefaulTTL = 129I don’t see any point in enabling IPEnableRouter. I don’t fully understand what it does but if it will do routing we don’t need it. ICS takes care of everything.
Next thing we need is a way to change the incoming packets of the Desktop PC that shares connection. This is needed as when “routing” the packet to a client, it’ll decrease TTL and drop the packet if the “bad” ISP has sent a value of 1.
This can be made with a little changes to the PassThru example of the Framework. I think the link that SerpentFly provided is also a good example of packet modification in the tunnel.
May 2, 2006 at 9:33 am #6000Anyway, is it ok to have an Article on the subject we treat here with my Application as a solution and a link to the WinpkFilter run-time libraries that are presented on
http://www.ntkernel.com/w&p.php?id=7
or it is in violation of the license agreement?
It is OK to do so. Good luck with your article and hope you will post a link to it here. If you are interested we can also publish it on this web-site.
May 2, 2006 at 11:26 am #6001It was difficult searching the inet to find information on the topic.
But it was really easy creating a solution with your framework.
I’ll make sure to drop a link here when I’ve compiled my article.
Thanks again ๐
May 2, 2006 at 8:15 pm #6002Voila ๐
I have made a draft of the article. It’s available at :
http://kamburov.net/index.php?/content/view/17/26/
Any comments are greatly appreciated…
September 22, 2006 at 9:40 pm #6003Hi,
I downloaded ndisapi for trial, along with http://www.xakep.ru/post/29448/safenat.zip. I am getting a linking error
“fatal error LNK1104: cannot open file D:Program.obj”
in Visual Studio 2005.
anyone know what this means and how to fix it?
September 22, 2006 at 11:24 pm #6004“fatal error LNK1104: cannot open file D:Program.obj”
Try to move project to the path without complex names (with spaces inside) like “D:Program Files…”.
November 30, 2008 at 9:38 am #6005My article has been moved to the following url:
http://www.kamburov.net/aleksandar/articles/attlfilter.html -
AuthorPosts
- You must be logged in to reply to this topic.