[asmercer2004]

OK here is the code I came up with for setting up the filters.

void SetUpFilters()
{
pFilters.m_TableSize = 7;

pFilters.m_StaticFilters = new STATIC_FILTER[7];

//****************************************************************************************
// 1. REDIRECT OUT UDP packets with source PORT 34401
// Common values
pFilters.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters
pFilters.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
pFilters.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
pFilters.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;

// Network layer filter
pFilters.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
pFilters.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
pFilters.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPHeader.IPPROTO_UDP;

// Transport layer filter
pFilters.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
pFilters.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;
pFilters.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 34401;
pFilters.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 34401;

//****************************************************************************************
// 2. REDIRECT IN UDP packets with source PORT 34401
// Common values
pFilters.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters
pFilters.m_StaticFilters[1].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
pFilters.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
pFilters.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;

// Network layer filter
pFilters.m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
pFilters.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
pFilters.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = IPHeader.IPPROTO_UDP;

// Transport layer filter
pFilters.m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
pFilters.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;
pFilters.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 34401;
pFilters.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 34401;

//****************************************************************************************
// 3. REDIRECT OUT UDP packets with source PORT 34402
// Common values
pFilters.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters
pFilters.m_StaticFilters[2].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
pFilters.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
pFilters.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;

// Network layer filter
pFilters.m_StaticFilters[2].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
pFilters.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
pFilters.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_Protocol = IPHeader.IPPROTO_UDP;

// Transport layer filter
pFilters.m_StaticFilters[2].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
pFilters.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;
pFilters.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 34402;
pFilters.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 34402;

//****************************************************************************************
// 4. REDIRECT IN UDP packets with source PORT 34402
// Common values
pFilters.m_StaticFilters[3].m_Adapter = 0; // applied to all adapters
pFilters.m_StaticFilters[3].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
pFilters.m_StaticFilters[3].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
pFilters.m_StaticFilters[3].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;

// Network layer filter
pFilters.m_StaticFilters[3].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
pFilters.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
pFilters.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_Protocol = IPHeader.IPPROTO_UDP;

// Transport layer filter
pFilters.m_StaticFilters[3].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
pFilters.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;
pFilters.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 34402;
pFilters.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 34402;

//****************************************************************************************
// 5. REDIRECT OUT UDP packets with source PORT 34403
// Common values
pFilters.m_StaticFilters[4].m_Adapter = 0; // applied to all adapters
pFilters.m_StaticFilters[4].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
pFilters.m_StaticFilters[4].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
pFilters.m_StaticFilters[4].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;

// Network layer filter
pFilters.m_StaticFilters[4].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
pFilters.m_StaticFilters[4].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
pFilters.m_StaticFilters[4].m_NetworkFilter.m_IPv4.m_Protocol = IPHeader.IPPROTO_UDP;

// Transport layer filter
pFilters.m_StaticFilters[4].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
pFilters.m_StaticFilters[4].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;
pFilters.m_StaticFilters[4].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 34403;
pFilters.m_StaticFilters[4].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 34403;

//****************************************************************************************
// 6. REDIRECT IN UDP packets with source PORT 34403
// Common values
pFilters.m_StaticFilters[5].m_Adapter = 0; // applied to all adapters
pFilters.m_StaticFilters[5].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
pFilters.m_StaticFilters[5].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
pFilters.m_StaticFilters[5].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;

// Network layer filter
pFilters.m_StaticFilters[5].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
pFilters.m_StaticFilters[5].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
pFilters.m_StaticFilters[5].m_NetworkFilter.m_IPv4.m_Protocol = IPHeader.IPPROTO_UDP;

// Transport layer filter
pFilters.m_StaticFilters[5].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
pFilters.m_StaticFilters[5].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;
pFilters.m_StaticFilters[5].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 34403;
pFilters.m_StaticFilters[5].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 34403;

//***************************************************************************************
// 7. Pass all packets (skipped by previous filters) without processing in user mode
// Common values
pFilters.m_StaticFilters[6].m_Adapter = 0; // applied to all adapters
pFilters.m_StaticFilters[6].m_ValidFields = 0;
pFilters.m_StaticFilters[6].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;
pFilters.m_StaticFilters[6].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;
}

and then in my Run function I call the following:

// set up packet filters
SetUpFilters();
Ndisapi.SetPacketFilterTable(hNdisapi, ref pFilters);

When i do this i get the following error:
Type could not be marshaled because the length of an embedded array instance does not match the declared length in the layout. Any idea what could be causing this?

[asmercer2004]

Another update;

I got it working. It turns out the problem I was having was due to how I was allocating the newPacket array. I changed to allocate a byte array of MAX_ETHER_FRAME size and it works fine now. Thanks for your help. I must say that it is refreshing to be able to post a question and get a reasonable answer instead of the usual “reading off the cue card” response that people seem to put on other forums.

[asmercer2004]

A quick update:

I modified my code based on your last comments (thanks for the response by the way), and ended up with this:

byte[] newPacket = new byte[sizeof(ETHER_HEADER) + sizeof(IPHeader) + sizeof(UdpHeader) + sizeof(PlatformHeader) + dataLength + sizeof(GPSHeader)];

…

INTERMEDIATE_BUFFER outgoingBuffer = new INTERMEDIATE_BUFFER();
outgoingBuffer = PacketBuffer;
outgoingBuffer.m_Length = PacketBuffer.m_Length + (uint)sizeof(GPSHeader);
outgoingBuffer.m_IBuffer = newPacket;

IntPtr outgoingPacket = Marshal.AllocHGlobal(Marshal.SizeOf(outgoingBuffer));
Marshal.StructureToPtr(outgoingBuffer, outgoingPacket, false);

ETH_REQUEST outgoingRequest = new ETH_REQUEST();
outgoingRequest.hAdapterHandle = Request.hAdapterHandle;
outgoingRequest.EthPacket.Buffer = outgoingPacket;

// put the modified packet on the network card for sending
Ndisapi.SendPacketToAdapter(hNdisapi, ref outgoingRequest);

When it gets to the line Marshal.StructureToPtr(…) I get the following error:
Type could not be marshaled because the length of an embedded array instance does not match the declared
length in the layout.

I assume that this is a problem with the data length or something but I can’t figure it out. Any idea as to why I would be getting this error?

[asmercer2004]

That actually makes sense. I actually wasn’t using the INTERMEDIATE_BUFFER structure at all. I was just builing and IntPtr to a packet that I built. I will correct that to look something like:

INTERMEDIATE_BUFFER outgoingBuffer = new INTERMEDIATE_BUFFER();
outgoingBuffer.m_dwDeviceFlags = PacketBuffer.m_dwDeviceFlags; outgoingBuffer.m_Flags = PacketBuffer.m_Flags;
outgoingBuffer.m_Length = PacketBuffer.m_Length + sizeof(GPSHeader);
outgoingBuffer.m_qLink = PacketBuffer.m_qLink;
outgoingBuffer.m_IBuffer = ???

should the m_IBuffer field contain just the udp packet data or the entire packet (ether_header, ipheader, etc.)

[asmercer2004]

i have wireshark installed and just can’t see the packets at all. When i modified the receiving section of the passthru code i could see bad ip checksum, but got that part fixed (which makes me think it isn’t a checksum problem). To test all this i have an application in the background that generates an outgoing packet every 5 seconds. When the modified passthru program is run there is NOTHING put on the network (not just a bad packet or header or something, but absolutely nothing). If I shut it down the packets are sent as normal.

In answer to your other question, I am looking exclusively for packets that are udp and on ports 34401-34403. That part of the code wasn’t in what i posted, but I am checking these header fields in the loop before comparing the device flags for a send/receive flag. I am not at my desk right now or i’d post that code if you think it would help.

[Author]

Posts