[Vadim Smirnov]

Matt,

That depends on how Microsoft is going to release it. If Windows 10 supposed to work on Raspberry Pi 2 is going to be similar to Windows RT (where you can’t install anything besides Windows Update or applications from Windows Store) then the answer is probably no.

However, I don’t see much sense in releasing restricted OS for such device like Raspberry Pi 2 because you just won’t have any chance to extend it with custom hardware by installing appropriate drivers. So there is a little hope that platform will be at least as opened as x86 Windows 10 and we will be able to run custom drivers on it. If it happens then yes, just need to build WinpkFilter for ARM.

[Vadim Smirnov]

WinpkFilter Runtime & Tools 3.2.3.1.exe is not supposed to be redistributed, so it does not support silent install. However, it is not a big deal to build an installer which installs WinpkFilter drivers only and our customers have all necessary components to build such an installer.

[Vadim Smirnov]

Packet is matched against the filters list and first matching filter action is applied. So there is probably something wrong with your first filter.

[Vadim Smirnov]

You can use IP Helper API to retrieve current connections table and starting Windows XP this table also contains process ID. You can use IP/Port information from the packet to find the corresponding connection in that table and thus identify the process.

[Vadim Smirnov]

Do you use VB.NET for your project? I think I could create a CLS-compliant assembly wrapper for ndisapi.dll to resolve difficulties of this kind…

[Vadim Smirnov]

sizeof(STATIC_FILTER) = 181 bytes

[Vadim Smirnov]

Filter related structures were updated, but it should be enough to recompile your code with latest header files to fix any possible incompatibilities.

[Vadim Smirnov]

Windows Packet Filter Kit 3.2.3 released:

– Fixed compatibility issue with WinGate
– Added C# Filter sample

If you are eligible for a free update, please send the following details to support@ntkernel.com tо receive an update instruction:

1) Your order ID.
2) An approximate date of purchasing.

[Vadim Smirnov]

I have ported filter sample to C#. Please refer the code below:

using System;

using System.Runtime.InteropServices;

using System.Threading;

using System.Net;

using NdisApiWrapper;



namespace Filter

{

class Program

{

static void Main(string[] args)

{

try

{

if (args.Length < 2)

{

Console.WriteLine(

"Command line syntax:ntfilter.exe index scenario ntindex - network interface index.ntscenario - sample set of filters to load.ntYou can use ListAdapters to determine correct index.");

Console.WriteLine("Available Scenarios:");

Console.WriteLine("1 - Redirect only IPv4 DNS packets for processing in user mode.");

Console.WriteLine("2 - Redirect only HTTP(TCP port 80) packets for processing in user mode. Both IPv4 and IPv6 protocols.");

Console.WriteLine("3 - Drop all IPv4 ICMP packets. Redirect all other packets to user mode (default behaviour).");

Console.WriteLine("4 - Block IPv4 access to http://www.ntkernel.com. Pass all other packets without processing in user mode.");

Console.WriteLine("5 - Redirect only ARP/RARP packets to user mode. Pass all others.");

return;

}



var adapterIndex = uint.Parse(args[0]);

var scena = uint.Parse(args[1]);



var driverPtr = Ndisapi.OpenFilterDriver();

if (!Ndisapi.IsDriverLoaded(driverPtr))

{

Console.WriteLine("Driver not installed on this system of failed to load.");

return;

}



// Retrieve adapter list

var adapters = new TCP_AdapterList();

Ndisapi.GetTcpipBoundAdaptersInfo(driverPtr, ref adapters);



// Set tunnel mode for the selected network interface

var mode = new ADAPTER_MODE

{

dwFlags = Ndisapi.MSTCP_FLAG_SENT_TUNNEL | Ndisapi.MSTCP_FLAG_RECV_TUNNEL,

hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex]

};



Ndisapi.SetAdapterMode(driverPtr, ref mode);



// Create and set event for the adapter

var manualResetEvent = new ManualResetEvent(false);

Ndisapi.SetPacketEvent(driverPtr, adapters.m_nAdapterHandle[adapterIndex], manualResetEvent.SafeWaitHandle);



var filtersTable = new STATIC_FILTER_TABLE();

filtersTable.m_StaticFilters = new STATIC_FILTER[256];



switch(scena)

{

case 1:

filtersTable.m_TableSize = 3;



//**************************************************************************************

// 1. Outgoing DNS requests filter: REDIRECT OUT UDP packets with destination PORT 53

// Common values

filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;

filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;



// Network layer filter

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 17; //IPPROTO_UDP



// Transport layer filter

filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;



//****************************************************************************************

// 2. Incoming DNS responses filter: REDIRECT IN UDP packets with source PORT 53

// Common values

filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;

filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;



// Network layer filter

filtersTable.m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;

filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;

filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = 17;//IPPROTO_UDP



// Transport layer filter

filtersTable.m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;

filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;

filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53; // DNS

filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53;



//***************************************************************************************

// 3. Pass all packets (skipped by previous filters) without processing in user mode

// Common values

filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[2].m_ValidFields = 0;

filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;

filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;



break;



case 2:

filtersTable.m_TableSize = 5;



//**************************************************************************************

// 1. Outgoing HTTP requests filter: REDIRECT OUT TCP packets with destination PORT 80 IPv4

// Common values

filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;

filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;



// Network layer filter

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 6;//IPPROTO_TCP



// Transport layer filter

filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;



//****************************************************************************************

// 2. Incoming HTTP responses filter: REDIRECT IN TCP packets with source PORT 80 IPv4

// Common values

filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;

filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;



// Network layer filter

filtersTable.m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;

filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;

filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP



// Transport layer filter

filtersTable.m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;

filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;

filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP

filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80;



//****************************************************************************************

// 3. Outgoing HTTP requests filter: REDIRECT OUT TCP packets with destination PORT 80 IPv6

// Common values

filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[2].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;

filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;



// Network layer filter

filtersTable.m_StaticFilters[2].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV6;

filtersTable.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V6_FILTER_PROTOCOL;

filtersTable.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP



// Transport layer filter

filtersTable.m_StaticFilters[2].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;

filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;

filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP

filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;



//****************************************************************************************

// 4. Incoming HTTP responses filter: REDIRECT IN TCP packets with source PORT 80 IPv6

// Common values

filtersTable.m_StaticFilters[3].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[3].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;

filtersTable.m_StaticFilters[3].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[3].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;



// Network layer filter

filtersTable.m_StaticFilters[3].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV6;

filtersTable.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V6_FILTER_PROTOCOL;

filtersTable.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_Protocol = 6;// IPPROTO_TCP



// Transport layer filter

filtersTable.m_StaticFilters[3].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;

filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;

filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP

filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80;



//***************************************************************************************

// 5. Pass all packets (skipped by previous filters) without processing in user mode

// Common values

filtersTable.m_StaticFilters[4].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[4].m_ValidFields = 0;

filtersTable.m_StaticFilters[4].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;

filtersTable.m_StaticFilters[4].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;



break;



case 3:

filtersTable.m_TableSize = 5;



//**************************************************************************************

// 1. Block all ICMP packets

// Common values

filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID;

filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_DROP;

filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE;



// Network layer filter

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 1;//IPPROTO_ICMP



break;



case 4:



filtersTable.m_TableSize = 2;



//**************************************************************************************

// 1. Outgoing HTTP requests filter: DROP OUT TCP packets with destination IP 190.120.229.77 PORT 80 (http://www.ntkernel.com)

// Common values

filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;

filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_DROP;

filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;



// Network layer filter

var address = new in_addr();

var mask = new in_addr();



// IP address 190.120.229.77

address.s_b1 = 23;

address.s_b2 = 97;

address.s_b3 = 138;

address.s_b4 = 240;



// Network mask 255.255.255.255

mask.s_b1 = 255;

mask.s_b2 = 255;

mask.s_b3 = 255;

mask.s_b4 = 255;



filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL | Ndisapi.IP_V4_FILTER_DEST_ADDRESS;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_AddressType = Ndisapi.IP_SUBNET_V4_TYPE;

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_Ip = address.s_addr; // IP address

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_IpMask = mask.s_addr; // network mask

filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP



// Transport layer filter

filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP

filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;



//***************************************************************************************

// 2. Pass all packets (skipped by previous filters) without processing in user mode

// Common values

filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[1].m_ValidFields = 0;

filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;

filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;



break;



case 5:



filtersTable.m_TableSize = 3;



//**************************************************************************************

// 1. Redirects all ARP packets to be processes by user mode application

// Common values

filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.DATA_LINK_LAYER_VALID;

filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE;

filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_dwUnionSelector = Ndisapi.ETH_802_3;

filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_Eth8023Filter.m_ValidFields = Ndisapi.ETH_802_3_PROTOCOL;

filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_Eth8023Filter.m_Protocol = 0x0806; // ETH_P_ARP;





//**************************************************************************************

// 1. Redirects all RARP packets to be processes by user mode application

// Common values

filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.DATA_LINK_LAYER_VALID;

filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;

filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE;

filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_dwUnionSelector = Ndisapi.ETH_802_3;

filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_Eth8023Filter.m_ValidFields = Ndisapi.ETH_802_3_PROTOCOL;

filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_Eth8023Filter.m_Protocol = 0x0806; // ETH_P_ARP;





//***************************************************************************************

// 2. Pass all packets (skipped by previous filters) without processing in user mode

// Common values

filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters

filtersTable.m_StaticFilters[2].m_ValidFields = 0;

filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;

filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;



break;

default:

Console.WriteLine ("Unknown test scenario specified. Exiting.");

return;

}



// Load filters into driver

Ndisapi.SetPacketFilterTable(driverPtr, ref filtersTable);



// Allocate and initialize packet structures

var request = new ETH_REQUEST();

var buffer = new INTERMEDIATE_BUFFER();

var bufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buffer));



Win32Api.ZeroMemory(bufferPtr, Marshal.SizeOf(buffer));



request.hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex];

request.EthPacket.Buffer = bufferPtr;



while(true)

{

manualResetEvent.WaitOne();



while (Ndisapi.ReadPacket(driverPtr, ref request))

{

buffer = (INTERMEDIATE_BUFFER)Marshal.PtrToStructure(bufferPtr, typeof(INTERMEDIATE_BUFFER));



WriteToConsole(buffer, bufferPtr);



if (buffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND)

Ndisapi.SendPacketToAdapter(driverPtr, ref request);

else

Ndisapi.SendPacketToMstcp(driverPtr, ref request);

}



manualResetEvent.Reset();

}

}

catch (Exception ex)

{

Console.WriteLine(ex);

}

}



private unsafe static void WriteToConsole(INTERMEDIATE_BUFFER packetBuffer, IntPtr packetBufferPtr)

{

Console.WriteLine(packetBuffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND ? "nMSTCP --> Interface" : "nInterface --> MSTCP");

Console.WriteLine("Packet size = {0}", packetBuffer.m_Length);



var ethernetHeader = (ETHER_HEADER*)((byte*)packetBufferPtr + (Marshal.OffsetOf(typeof(INTERMEDIATE_BUFFER), "m_IBuffer")).ToInt32());

Console.WriteLine(

"tETHERNET {0:X2}{1:X2}{2:X2}{3:X2}{4:X2}{5:X2} --> {6:X2}{7:X2}{8:X2}{9:X2}{10:X2}{11:X2}",

ethernetHeader->source.b1,

ethernetHeader->source.b2,

ethernetHeader->source.b3,

ethernetHeader->source.b4,

ethernetHeader->source.b5,

ethernetHeader->source.b6,

ethernetHeader->dest.b1,

ethernetHeader->dest.b2,

ethernetHeader->dest.b3,

ethernetHeader->dest.b4,

ethernetHeader->dest.b5,

ethernetHeader->dest.b6

);



switch (ntohs(ethernetHeader->proto))

{

case ETHER_HEADER.ETH_P_IP:

{

var ipHeader = (IPHeader*)((byte*)ethernetHeader + Marshal.SizeOf(typeof(ETHER_HEADER)));



var sourceAddress = new IPAddress(ipHeader->Src);

var destinationAddress = new IPAddress(ipHeader->Dest);



Console.WriteLine("tIP {0} --> {1} PROTOCOL: {2}", sourceAddress, destinationAddress, ipHeader->P);



var tcpHeader = ipHeader->P == IPHeader.IPPROTO_TCP ? (TcpHeader*)((byte*)ipHeader + ((ipHeader->IPLenVer) & 0xF) * 4) : null;

var udpHeader = ipHeader->P == IPHeader.IPPROTO_UDP ? (UdpHeader*)((byte*)ipHeader + ((ipHeader->IPLenVer) & 0xF) * 4) : null;



if (udpHeader != null)

Console.WriteLine("tUDP SRC PORT: {0} DST PORT: {1}", ntohs(udpHeader->th_sport), ntohs(udpHeader->th_dport));



if (tcpHeader != null)

Console.WriteLine("tTCP SRC PORT: {0} DST PORT: {1}", ntohs(tcpHeader->th_sport), ntohs(tcpHeader->th_dport));

}

break;

case ETHER_HEADER.ETH_P_RARP:

Console.WriteLine("tReverse Addr Res packet");

break;

case ETHER_HEADER.ETH_P_ARP:

Console.WriteLine("tAddress Resolution packet");

break;

}

}



static ushort ntohs(ushort netshort)

{

var hostshort = (ushort)(((netshort >> 8) & 0x00FF) | ((netshort << 8) & 0xFF00));

return hostshort;

}



[StructLayout(LayoutKind.Explicit, Size = 4)]

internal struct in_addr

{

[FieldOffset(0)]

internal byte s_b1;

[FieldOffset(1)]

internal byte s_b2;

[FieldOffset(2)]

internal byte s_b3;

[FieldOffset(3)]

internal byte s_b4;



[FieldOffset(0)]

internal ushort s_w1;

[FieldOffset(2)]

internal ushort s_w2;



[FieldOffset(0)]

internal uint S_addr;



/// 


/// can be used for most tcp & ip code

/// 


internal uint s_addr

{

get { return S_addr; }

}



/// 


/// host on imp

/// 


internal byte s_host

{

get { return s_b2; }

}



/// 


/// network

/// 


internal byte s_net

{

get { return s_b1; }

}



/// 


/// imp

/// 


internal ushort s_imp

{

get { return s_w2; }

}



/// 


/// imp #

/// 


internal byte s_impno

{

get { return s_b4; }

}



/// 


/// logical host

/// 


internal byte s_lh

{

get { return s_b3; }

}

}

}

}

[Vadim Smirnov]

Does a .NET wrapper exist for WinpkFilter?

Yes, WinpkFilter package has an interface for C# as well as C# basic samples.

Does a .NET version of the Internet Gateway sample application exist?

Regretfully only C++ version of Internet Gateway is available.

We need the functionality of the PassThru & Gateway samples but we also need to understand what we are doing a bit more. The goal is to add additional filtering rules in the future.

There is a C# PassThru sample in the package and it may the a good start point to grasp the basics of WinpkFilter. Internet Gateway only adds GUI interface and basic NAT functionality. Also, I can add that WinpkFilter has built-in filters, the sample code is available in filters.cpp, C++ version only but it is very simple and easy to understand.

[Vadim Smirnov]

For example, the PassThru example shows a SetPacketEvent call but no way to understand how to use this event… or the various modes, or the “SendPacket” operations.

SetPacketEvent registers an event object within the driver. This event is signaled by driver when packet queue is non empty, by other words you have packets to read from the driver.

For your project you can be only interested in tunnel modes, because listen mode does not allow to drop or modify packets.

SendPacketXXX/SendPacketsXXX re-inject packets back into the network stack.

My goal is to create a Gateway service to examine combinations of several variables (all read from a file):

– Client IP Address (static or wildcard)
– Client MAC Address (static or wildcard)
– Destination IP Address (static or wildcard)
– Destination Port (static or wildcard)

The service must either drop the packet(s) or pass them along to the external interface.

Such simple functionality can be implemented on top of built-in WinpkFilter static filters. For the sample usage of these filters please refer FILTER.CPP (C++ Filter sample).

If you prefer to filter packets on your own then the basic start point for your application is PassThru sample. When you want to to drop the packet after examination just don’t call SendPacketXXX for this packet and continue the loop.

[Vadim Smirnov]

Please refer wwwcensor sample. This sample generates an HTTP response when specific web page should be blocked. Instead blocking you can generate HTTP redirect page.

[Vadim Smirnov]

To block IP addresses you should take PassThru sample as a base. MSVC sample of this utility demonstrates parsing packet for IP address.

[Vadim Smirnov]

Windows Packet Filter Kit 3.2.0 released:

– Fixed compatibility issues (covers but not limited to) with Cisco AnyConnect VPN, Yes Go 4G USB modem, Vodafone/HUAWEI USB modems

– Extended built-in filters compatibility:
– Added counters for incoming/outgoing packets/bytes
– Added TCP flags

If you are eligible for a free update, please send the following details to support@ntkernel.com tо receive an update instruction:

1) Your order ID.
2) An approximate date of purchasing.

[Vadim Smirnov]

Yes of course, this is possible. And we have customers who built their solutions using C#. Personally because of strong type control in C# I find it not that convenient when parsing packet protocol headers.

[Author]

Posts