bk

Forum Replies Created

Viewing 5 posts - 16 through 20 (of 20 total)
  • Author
    Posts
  • in reply to: Re-routing TCP packets #5525
    bk
    Participant

      @Voxen wrote:

      Do I need to modify the destination MAC address as well (copy source MAC address to destination)?

      Yes, if the destination host is not the same machine as the original destination you need to change the mac address, unless you are using a gateway and the destination is not the gateway itself.

      If you are sending packets through a gateway, the destination MAC address should be the MAC of the gateway. If both the (original and changed) destination IP are reachable through the GW, then you should not need to change the dest MAC since the destination MAC is the same.

      But since the original IP seems to be on the internet while the new destination seems to be on the local net, you must change the MAC to the one of the new host.

      Let me explain: the MAC address is the low level address of a host on a local net. The IP address is a higher level address, and may be outside the local net.

      If you send a packet through different nets, the IP address can be the true destination across networks, while the MAC address must be the destination of the next step on the local net. As an example, suppose you have a local host with IP 192.168.0.2 and MAC address “MACa”, a local gateway with IP 192.168.0.1 and “MACb”. Your destination is an external host with IP 212.144.155.166. Since the destination is not on the local net, the packets must be routed through the local gateway. You don’t need and don’t know the real destination MAC address. You packet should then have IP destination 212.144.155.166 BUT MAC address MACb. If you change the destination IP BUT the next step along the path is still the gateway, then the MAC address is still MACb since the next step is still the GW on the local net.
      Let’s suppose that you change the destination to a local IP address, then if you don’t change the MAC address to the MAC of the new local destination the packets will still be sent to the GW, which can route the packets or throw them away, depending on how it’s configured.
      The best bet is to send the packets to the real destination host, and since it’s on the local net, you can set the correct MAC address to reach it.
      Btw, the CORRECT thing to do is to set the MAC address to the MAC of the next host along the router. Also notice that if the destination is on a different network interface, you must send the packet to the correct one.

      Suppose you have this config:

      A is connected to the internet through a local net, with gateway B
      A il also conneted to another local net, using another ethernet card, with the host C.

      If you send a packet to the internet, then your OS will use the first interface, set the IP destination to the destination host on the internet and MAC address of B, since B is the next step on the path.
      When you catch the outgoing packets with winpkfilter, then routing has already been done: the OS has already chosen the first interface, MAC of B.
      If you want to route the packet to C, then you must change the IP to the IP address of B, the MAC to the MAC address of B, AND QUEUE THE PACKET on the SECOND interface.

      in reply to: Re-routing TCP packets #5521
      bk
      Participant

        Why don’t you install ethereal and check if the checksums are really correct (perhaps thew work correctly if you don’t change the data)?

        in reply to: WinPKFilter, performance and user/kernel mode #5500
        bk
        Participant

          Thank you very much!

          in reply to: WinPKFilter, performance and user/kernel mode #5498
          bk
          Participant

            Thank you for your support. I think I’ll try the driver way. I’ve downloaded the DDK and I’m studying the examples. I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?

            in reply to: WinPKFilter, performance and user/kernel mode #5496
            bk
            Participant

              @SerpentFly wrote:

              Using IOCTL interface from kernel is very similar to doing it from user-mode.

              That’s good, in fact this is not my worst pœoblem. 🙂

              @SerpentFly wrote:

              However, if you really need kernel mode solution, the easiest way would be licensing source code and modifying original driver’s code

              Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.
              Perhaps you can help me.

            Viewing 5 posts - 16 through 20 (of 20 total)