Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 631 through 645 (of 1,495 total)
  • Author
    Posts
  • in reply to: Wwwcensor not working correctly #7208
    Vadim Smirnov
    Keymaster

      WWWCENSOR is just a simple sample application which demonstrates how certain connections can be selected and blocked. It’s primary audience are developers, not end users. If you think to use WWWCENSOR as a base for your content filtering application then you can trace its code with the sites where it does not work and check why these sites are passed.

      Anyway, I have an idea why it may not work in some cases you noticed. WWWCENSOR uses single byte ASCII encoding when searching for the pattern to block. If the web-page content is UNICODE encoded, an example, then it won’t be able to find it. As I have mentioned above this is just a simple sample.

      in reply to: Reading/Writing in Batches #7205
      Vadim Smirnov
      Keymaster

        Hi Matt,

        I ndisapi.cs ETH_M_REQUEST is defined with constant array size 256, but this is only to avoid writing complex marshaling code for the variable array size. You can change this constant to any of your choice.

        -Vadim

        in reply to: Windows 10 and Raspberry Pi 2 #7203
        Vadim Smirnov
        Keymaster

          Hi Matt,

          I did not have much to continue testing with Windows 10 yet. The second reason is that Windows 10 IoT does not yet support all the features it is supposed to, so it may be time wasting to test before release. However, I do plan to continue the research.

          -Vadim

          in reply to: Windows 10 and Raspberry Pi 2 #7201
          Vadim Smirnov
          Keymaster

            I have played a little with Windows 10 on Raspberry Pi 2 over the weekend. The good news is that yes, it allows device drivers installations and etc…

            Regretfully devcon is not suitable for installing network filter drivers and since there is no GUI control panel applet then a port of snetcfg is also needed to install NDIS Lightweight Filter Driver. It was not a big deal to compile WinpkFilter for ARM, but simple compilation of snetcfg for ARM did not work and it needs more time to resolve.

            in reply to: Windows 10 and Raspberry Pi 2 #7198
            Vadim Smirnov
            Keymaster

              Matt,

              That depends on how Microsoft is going to release it. If Windows 10 supposed to work on Raspberry Pi 2 is going to be similar to Windows RT (where you can’t install anything besides Windows Update or applications from Windows Store) then the answer is probably no.

              However, I don’t see much sense in releasing restricted OS for such device like Raspberry Pi 2 because you just won’t have any chance to extend it with custom hardware by installing appropriate drivers. So there is a little hope that platform will be at least as opened as x86 Windows 10 and we will be able to run custom drivers on it. If it happens then yes, just need to build WinpkFilter for ARM.

              in reply to: Is silent install of Windows Packet Filter Kit possible? #7197
              Vadim Smirnov
              Keymaster

                WinpkFilter Runtime & Tools 3.2.3.1.exe is not supposed to be redistributed, so it does not support silent install. However, it is not a big deal to build an installer which installs WinpkFilter drivers only and our customers have all necessary components to build such an installer.

                in reply to: Filter setup to redirect everything except one ip/port #7195
                Vadim Smirnov
                Keymaster

                  Packet is matched against the filters list and first matching filter action is applied. So there is probably something wrong with your first filter.

                  in reply to: Getting Process ID of process that sent packet #7194
                  Vadim Smirnov
                  Keymaster

                    You can use IP Helper API to retrieve current connections table and starting Windows XP this table also contains process ID. You can use IP/Port information from the packet to find the corresponding connection in that table and thus identify the process.

                    in reply to: Filter Table will not load #7189
                    Vadim Smirnov
                    Keymaster

                      Do you use VB.NET for your project? I think I could create a CLS-compliant assembly wrapper for ndisapi.dll to resolve difficulties of this kind…

                      in reply to: Filter Table will not load #7187
                      Vadim Smirnov
                      Keymaster

                        sizeof(STATIC_FILTER) = 181 bytes

                        in reply to: Filter Table will not load #7185
                        Vadim Smirnov
                        Keymaster

                          Filter related structures were updated, but it should be enough to recompile your code with latest header files to fix any possible incompatibilities.

                          in reply to: WinpkFilter news/updates. #5518
                          Vadim Smirnov
                          Keymaster

                            Windows Packet Filter Kit 3.2.3 released:

                            – Fixed compatibility issue with WinGate
                            – Added C# Filter sample

                            If you are eligible for a free update, please send the following details to support@ntkernel.com tо receive an update instruction:

                            1) Your order ID.
                            2) An approximate date of purchasing.

                            in reply to: Implementing filter functionality in C# #7184
                            Vadim Smirnov
                            Keymaster

                              I have ported filter sample to C#. Please refer the code below:

                              using System;
                              using System.Runtime.InteropServices;
                              using System.Threading;
                              using System.Net;
                              using NdisApiWrapper;

                              namespace Filter
                              {
                              class Program
                              {
                              static void Main(string[] args)
                              {
                              try
                              {
                              if (args.Length < 2)
                              {
                              Console.WriteLine(
                              "Command line syntax:ntfilter.exe index scenario ntindex - network interface index.ntscenario - sample set of filters to load.ntYou can use ListAdapters to determine correct index.");
                              Console.WriteLine("Available Scenarios:");
                              Console.WriteLine("1 - Redirect only IPv4 DNS packets for processing in user mode.");
                              Console.WriteLine("2 - Redirect only HTTP(TCP port 80) packets for processing in user mode. Both IPv4 and IPv6 protocols.");
                              Console.WriteLine("3 - Drop all IPv4 ICMP packets. Redirect all other packets to user mode (default behaviour).");
                              Console.WriteLine("4 - Block IPv4 access to http://www.ntkernel.com. Pass all other packets without processing in user mode.");
                              Console.WriteLine("5 - Redirect only ARP/RARP packets to user mode. Pass all others.");
                              return;
                              }

                              var adapterIndex = uint.Parse(args[0]);
                              var scena = uint.Parse(args[1]);

                              var driverPtr = Ndisapi.OpenFilterDriver();
                              if (!Ndisapi.IsDriverLoaded(driverPtr))
                              {
                              Console.WriteLine("Driver not installed on this system of failed to load.");
                              return;
                              }

                              // Retrieve adapter list
                              var adapters = new TCP_AdapterList();
                              Ndisapi.GetTcpipBoundAdaptersInfo(driverPtr, ref adapters);

                              // Set tunnel mode for the selected network interface
                              var mode = new ADAPTER_MODE
                              {
                              dwFlags = Ndisapi.MSTCP_FLAG_SENT_TUNNEL | Ndisapi.MSTCP_FLAG_RECV_TUNNEL,
                              hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex]
                              };

                              Ndisapi.SetAdapterMode(driverPtr, ref mode);

                              // Create and set event for the adapter
                              var manualResetEvent = new ManualResetEvent(false);
                              Ndisapi.SetPacketEvent(driverPtr, adapters.m_nAdapterHandle[adapterIndex], manualResetEvent.SafeWaitHandle);

                              var filtersTable = new STATIC_FILTER_TABLE();
                              filtersTable.m_StaticFilters = new STATIC_FILTER[256];

                              switch(scena)
                              {
                              case 1:
                              filtersTable.m_TableSize = 3;

                              //**************************************************************************************
                              // 1. Outgoing DNS requests filter: REDIRECT OUT UDP packets with destination PORT 53
                              // Common values
                              filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
                              filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;

                              // Network layer filter
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 17; //IPPROTO_UDP

                              // Transport layer filter
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;

                              //****************************************************************************************
                              // 2. Incoming DNS responses filter: REDIRECT IN UDP packets with source PORT 53
                              // Common values
                              filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
                              filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;

                              // Network layer filter
                              filtersTable.m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
                              filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
                              filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = 17;//IPPROTO_UDP

                              // Transport layer filter
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53; // DNS
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53;

                              //***************************************************************************************
                              // 3. Pass all packets (skipped by previous filters) without processing in user mode
                              // Common values
                              filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[2].m_ValidFields = 0;
                              filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;
                              filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;

                              break;

                              case 2:
                              filtersTable.m_TableSize = 5;

                              //**************************************************************************************
                              // 1. Outgoing HTTP requests filter: REDIRECT OUT TCP packets with destination PORT 80 IPv4
                              // Common values
                              filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
                              filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;

                              // Network layer filter
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 6;//IPPROTO_TCP

                              // Transport layer filter
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;

                              //****************************************************************************************
                              // 2. Incoming HTTP responses filter: REDIRECT IN TCP packets with source PORT 80 IPv4
                              // Common values
                              filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
                              filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;

                              // Network layer filter
                              filtersTable.m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
                              filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
                              filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP

                              // Transport layer filter
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP
                              filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80;

                              //****************************************************************************************
                              // 3. Outgoing HTTP requests filter: REDIRECT OUT TCP packets with destination PORT 80 IPv6
                              // Common values
                              filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[2].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
                              filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;

                              // Network layer filter
                              filtersTable.m_StaticFilters[2].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV6;
                              filtersTable.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V6_FILTER_PROTOCOL;
                              filtersTable.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP

                              // Transport layer filter
                              filtersTable.m_StaticFilters[2].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
                              filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;
                              filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP
                              filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;

                              //****************************************************************************************
                              // 4. Incoming HTTP responses filter: REDIRECT IN TCP packets with source PORT 80 IPv6
                              // Common values
                              filtersTable.m_StaticFilters[3].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[3].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
                              filtersTable.m_StaticFilters[3].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[3].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE;

                              // Network layer filter
                              filtersTable.m_StaticFilters[3].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV6;
                              filtersTable.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V6_FILTER_PROTOCOL;
                              filtersTable.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_Protocol = 6;// IPPROTO_TCP

                              // Transport layer filter
                              filtersTable.m_StaticFilters[3].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
                              filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT;
                              filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP
                              filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80;

                              //***************************************************************************************
                              // 5. Pass all packets (skipped by previous filters) without processing in user mode
                              // Common values
                              filtersTable.m_StaticFilters[4].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[4].m_ValidFields = 0;
                              filtersTable.m_StaticFilters[4].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;
                              filtersTable.m_StaticFilters[4].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;

                              break;

                              case 3:
                              filtersTable.m_TableSize = 5;

                              //**************************************************************************************
                              // 1. Block all ICMP packets
                              // Common values
                              filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID;
                              filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_DROP;
                              filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE;

                              // Network layer filter
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 1;//IPPROTO_ICMP

                              break;

                              case 4:

                              filtersTable.m_TableSize = 2;

                              //**************************************************************************************
                              // 1. Outgoing HTTP requests filter: DROP OUT TCP packets with destination IP 190.120.229.77 PORT 80 (http://www.ntkernel.com)
                              // Common values
                              filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID;
                              filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_DROP;
                              filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND;

                              // Network layer filter
                              var address = new in_addr();
                              var mask = new in_addr();

                              // IP address 190.120.229.77
                              address.s_b1 = 23;
                              address.s_b2 = 97;
                              address.s_b3 = 138;
                              address.s_b4 = 240;

                              // Network mask 255.255.255.255
                              mask.s_b1 = 255;
                              mask.s_b2 = 255;
                              mask.s_b3 = 255;
                              mask.s_b4 = 255;

                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL | Ndisapi.IP_V4_FILTER_DEST_ADDRESS;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_AddressType = Ndisapi.IP_SUBNET_V4_TYPE;
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_Ip = address.s_addr; // IP address
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_IpMask = mask.s_addr; // network mask
                              filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP

                              // Transport layer filter
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP;
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT;
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP
                              filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;

                              //***************************************************************************************
                              // 2. Pass all packets (skipped by previous filters) without processing in user mode
                              // Common values
                              filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[1].m_ValidFields = 0;
                              filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;
                              filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;

                              break;

                              case 5:

                              filtersTable.m_TableSize = 3;

                              //**************************************************************************************
                              // 1. Redirects all ARP packets to be processes by user mode application
                              // Common values
                              filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.DATA_LINK_LAYER_VALID;
                              filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE;
                              filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_dwUnionSelector = Ndisapi.ETH_802_3;
                              filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_Eth8023Filter.m_ValidFields = Ndisapi.ETH_802_3_PROTOCOL;
                              filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_Eth8023Filter.m_Protocol = 0x0806; // ETH_P_ARP;


                              //**************************************************************************************
                              // 1. Redirects all RARP packets to be processes by user mode application
                              // Common values
                              filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.DATA_LINK_LAYER_VALID;
                              filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT;
                              filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE;
                              filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_dwUnionSelector = Ndisapi.ETH_802_3;
                              filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_Eth8023Filter.m_ValidFields = Ndisapi.ETH_802_3_PROTOCOL;
                              filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_Eth8023Filter.m_Protocol = 0x0806; // ETH_P_ARP;


                              //***************************************************************************************
                              // 2. Pass all packets (skipped by previous filters) without processing in user mode
                              // Common values
                              filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters
                              filtersTable.m_StaticFilters[2].m_ValidFields = 0;
                              filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_PASS;
                              filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND;

                              break;
                              default:
                              Console.WriteLine ("Unknown test scenario specified. Exiting.");
                              return;
                              }

                              // Load filters into driver
                              Ndisapi.SetPacketFilterTable(driverPtr, ref filtersTable);

                              // Allocate and initialize packet structures
                              var request = new ETH_REQUEST();
                              var buffer = new INTERMEDIATE_BUFFER();
                              var bufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buffer));

                              Win32Api.ZeroMemory(bufferPtr, Marshal.SizeOf(buffer));

                              request.hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex];
                              request.EthPacket.Buffer = bufferPtr;

                              while(true)
                              {
                              manualResetEvent.WaitOne();

                              while (Ndisapi.ReadPacket(driverPtr, ref request))
                              {
                              buffer = (INTERMEDIATE_BUFFER)Marshal.PtrToStructure(bufferPtr, typeof(INTERMEDIATE_BUFFER));

                              WriteToConsole(buffer, bufferPtr);

                              if (buffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND)
                              Ndisapi.SendPacketToAdapter(driverPtr, ref request);
                              else
                              Ndisapi.SendPacketToMstcp(driverPtr, ref request);
                              }

                              manualResetEvent.Reset();
                              }
                              }
                              catch (Exception ex)
                              {
                              Console.WriteLine(ex);
                              }
                              }

                              private unsafe static void WriteToConsole(INTERMEDIATE_BUFFER packetBuffer, IntPtr packetBufferPtr)
                              {
                              Console.WriteLine(packetBuffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND ? "nMSTCP --> Interface" : "nInterface --> MSTCP");
                              Console.WriteLine("Packet size = {0}", packetBuffer.m_Length);

                              var ethernetHeader = (ETHER_HEADER*)((byte*)packetBufferPtr + (Marshal.OffsetOf(typeof(INTERMEDIATE_BUFFER), "m_IBuffer")).ToInt32());
                              Console.WriteLine(
                              "tETHERNET {0:X2}{1:X2}{2:X2}{3:X2}{4:X2}{5:X2} --> {6:X2}{7:X2}{8:X2}{9:X2}{10:X2}{11:X2}",
                              ethernetHeader->source.b1,
                              ethernetHeader->source.b2,
                              ethernetHeader->source.b3,
                              ethernetHeader->source.b4,
                              ethernetHeader->source.b5,
                              ethernetHeader->source.b6,
                              ethernetHeader->dest.b1,
                              ethernetHeader->dest.b2,
                              ethernetHeader->dest.b3,
                              ethernetHeader->dest.b4,
                              ethernetHeader->dest.b5,
                              ethernetHeader->dest.b6
                              );

                              switch (ntohs(ethernetHeader->proto))
                              {
                              case ETHER_HEADER.ETH_P_IP:
                              {
                              var ipHeader = (IPHeader*)((byte*)ethernetHeader + Marshal.SizeOf(typeof(ETHER_HEADER)));

                              var sourceAddress = new IPAddress(ipHeader->Src);
                              var destinationAddress = new IPAddress(ipHeader->Dest);

                              Console.WriteLine("tIP {0} --> {1} PROTOCOL: {2}", sourceAddress, destinationAddress, ipHeader->P);

                              var tcpHeader = ipHeader->P == IPHeader.IPPROTO_TCP ? (TcpHeader*)((byte*)ipHeader + ((ipHeader->IPLenVer) & 0xF) * 4) : null;
                              var udpHeader = ipHeader->P == IPHeader.IPPROTO_UDP ? (UdpHeader*)((byte*)ipHeader + ((ipHeader->IPLenVer) & 0xF) * 4) : null;

                              if (udpHeader != null)
                              Console.WriteLine("tUDP SRC PORT: {0} DST PORT: {1}", ntohs(udpHeader->th_sport), ntohs(udpHeader->th_dport));

                              if (tcpHeader != null)
                              Console.WriteLine("tTCP SRC PORT: {0} DST PORT: {1}", ntohs(tcpHeader->th_sport), ntohs(tcpHeader->th_dport));
                              }
                              break;
                              case ETHER_HEADER.ETH_P_RARP:
                              Console.WriteLine("tReverse Addr Res packet");
                              break;
                              case ETHER_HEADER.ETH_P_ARP:
                              Console.WriteLine("tAddress Resolution packet");
                              break;
                              }
                              }

                              static ushort ntohs(ushort netshort)
                              {
                              var hostshort = (ushort)(((netshort >> 8) & 0x00FF) | ((netshort << 8) & 0xFF00));
                              return hostshort;
                              }

                              [StructLayout(LayoutKind.Explicit, Size = 4)]
                              internal struct in_addr
                              {
                              [FieldOffset(0)]
                              internal byte s_b1;
                              [FieldOffset(1)]
                              internal byte s_b2;
                              [FieldOffset(2)]
                              internal byte s_b3;
                              [FieldOffset(3)]
                              internal byte s_b4;

                              [FieldOffset(0)]
                              internal ushort s_w1;
                              [FieldOffset(2)]
                              internal ushort s_w2;

                              [FieldOffset(0)]
                              internal uint S_addr;

                              ///
                              /// can be used for most tcp & ip code
                              ///

                              internal uint s_addr
                              {
                              get { return S_addr; }
                              }

                              ///
                              /// host on imp
                              ///

                              internal byte s_host
                              {
                              get { return s_b2; }
                              }

                              ///
                              /// network
                              ///

                              internal byte s_net
                              {
                              get { return s_b1; }
                              }

                              ///
                              /// imp
                              ///

                              internal ushort s_imp
                              {
                              get { return s_w2; }
                              }

                              ///
                              /// imp #
                              ///

                              internal byte s_impno
                              {
                              get { return s_b4; }
                              }

                              ///
                              /// logical host
                              ///

                              internal byte s_lh
                              {
                              get { return s_b3; }
                              }
                              }
                              }
                              }
                              in reply to: C# / .NET (Port & Wrapper) #7182
                              Vadim Smirnov
                              Keymaster

                                Does a .NET wrapper exist for WinpkFilter?

                                Yes, WinpkFilter package has an interface for C# as well as C# basic samples.

                                Does a .NET version of the Internet Gateway sample application exist?

                                Regretfully only C++ version of Internet Gateway is available.

                                We need the functionality of the PassThru & Gateway samples but we also need to understand what we are doing a bit more. The goal is to add additional filtering rules in the future.

                                There is a C# PassThru sample in the package and it may the a good start point to grasp the basics of WinpkFilter. Internet Gateway only adds GUI interface and basic NAT functionality. Also, I can add that WinpkFilter has built-in filters, the sample code is available in filters.cpp, C++ version only but it is very simple and easy to understand.

                                in reply to: Need Gateway Sample with Drop #7181
                                Vadim Smirnov
                                Keymaster

                                  For example, the PassThru example shows a SetPacketEvent call but no way to understand how to use this event… or the various modes, or the “SendPacket” operations.

                                  SetPacketEvent registers an event object within the driver. This event is signaled by driver when packet queue is non empty, by other words you have packets to read from the driver.

                                  For your project you can be only interested in tunnel modes, because listen mode does not allow to drop or modify packets.

                                  SendPacketXXX/SendPacketsXXX re-inject packets back into the network stack.

                                  My goal is to create a Gateway service to examine combinations of several variables (all read from a file):

                                  – Client IP Address (static or wildcard)
                                  – Client MAC Address (static or wildcard)
                                  – Destination IP Address (static or wildcard)
                                  – Destination Port (static or wildcard)

                                  The service must either drop the packet(s) or pass them along to the external interface.

                                  Such simple functionality can be implemented on top of built-in WinpkFilter static filters. For the sample usage of these filters please refer FILTER.CPP (C++ Filter sample).

                                  If you prefer to filter packets on your own then the basic start point for your application is PassThru sample. When you want to to drop the packet after examination just don’t call SendPacketXXX for this packet and continue the loop.

                                Viewing 15 posts - 631 through 645 (of 1,495 total)