[Vadim Smirnov]

I would recommend you to take a look at Internet Gateway (implements simple NAT solution), LAN HTTP Monitor (implements HTTP redirector and HTTP proxy).

Actually Internet Gateway implements topic number 1. It allows one system to share Internet to several other systems.

Topic number 2 can be implemented sing techniques demonstrated by LAN HTTP Monitor. Instead of redirecting to proxy you can redirect to your own HTTP authentication page.

Topic 3 is an easy addition to previous ones.

[Vadim Smirnov]

Antamedia solution is based on WinpkFilter driver. In order to start you may want to look at Internet Gateway and LAN HTTP Monitor samples code.

[Vadim Smirnov]

If your application is slow in reading and processing packets and driver queue grows fast enough then this is possible to start loosing packets for other network interfaces.

[Vadim Smirnov]

If you had not set tunnel mode for the 3rd adapter then it will send/receive packets as before and ignore filters set.

[Vadim Smirnov]

Internet Gateway is a sample application and does not pretend to be a full featured and performance optimized solution. Although there are ways to improve it.

[Vadim Smirnov]

1) This is so called default filter which defines the action for the packets which were not selected by other filters.
2) The default action in this case is FILTER_PACKET_REDIRECT
3) All zeroes entry will be skipped.

[Vadim Smirnov]

For this request please contact support(at)ntkernel.com with other details.

[Vadim Smirnov]

That depends from the OS you installing on. The functions for NSIS installer are below:

######################################

Function InstallNDISHookDriverNT2000XP

######################################

SetOutPath $SYSDIRdrivers

File ......Kernelbinhookdrvi386ndisrd.sys

!insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesndisrd

WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Start 1

WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Type 1

WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd ErrorControl 1

${If} ${IsWinNT4}

WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Network"

${Else}

WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Streams Drivers"

${EndIf}

SetRebootFlag true

FunctionEnd

######################################



################################

Function InstallNDISHookDriver9x

################################

SetOutPath $WINDIRsystem

File ......Kernelbinhookdrvwin9xndisrd.vxd

!insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesVxDndisrd

WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDndisrd StaticVxD "ndisrd.vxd"

SetRebootFlag true

FunctionEnd

################################



############################

Function InstallNDISIMDriver

############################

SetOutPath $INSTDIRinstimtmp

${If} ${RunningX64}

File ......Setupbinamd64DriverSigning.exe

File ......Setupbinamd64snetcfg.exe

File ......KernelINFndisrd.inf

File ......KernelINFndisrd_m.inf

File ......Kernelbinimdrvamd64ndisrd.sys

${Else}

File ......Setupbini386DriverSigning.exe

File ......Setupbini386snetcfg.exe

File ......KernelINFndisrd.inf

File ......KernelINFndisrd_m.inf

File ......Kernelbinimdrvi386ndisrd.sys

${EndIf}



nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /off'

nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpsnetcfg.exe" -v -l ndisrd.inf -m ndisrd_m.inf -c s -i nt_ndisrd'

nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /on'



SetOutPath $INSTDIR

RMDir /r /REBOOTOK $INSTDIRinstimtmp

FunctionEnd

############################



########################

Function InstallLWFVista

########################

SetOutPath $INSTDIRinstlwftmp

${If} ${RunningX64}

File ......Setupbinamd64snetcfg.exe

File ......Setupbinamd64certinst.exe

File ......Kernelbinlwfvistaamd64packagendisrd_lwf.inf

File ......Kernelbinlwfvistaamd64packagendisrd.cat

File ......Kernelbinlwfvistaamd64packagendisrd.sys

${Else}

File ......Setupbini386snetcfg.exe

File ......Setupbini386certinst.exe

File ......Kernelbinlwfvistai386packagendisrd_lwf.inf

File ......Kernelbinlwfvistai386packagendisrd.cat

File ......Kernelbinlwfvistai386packagendisrd.sys

${EndIf}



File ......Setupcertroot.cer

nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe"  "$INSTDIRinstlwftmproot.cer"'

nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'



SetOutPath $INSTDIR

RMDir /r /REBOOTOK $INSTDIRinstlwftmp

FunctionEnd

########################



####################

Function InstallLWF7

####################

SetOutPath $INSTDIRinstlwftmp

${If} ${RunningX64}

File ......Setupbinamd64snetcfg.exe

File ......Setupbinamd64certinst.exe

File ......Kernelbinlwfwin7amd64packagendisrd_lwf.inf

File ......Kernelbinlwfwin7amd64packagendisrd.cat

File ......Kernelbinlwfwin7amd64packagendisrd.sys

${Else}

File ......Setupbini386snetcfg.exe

File ......Setupbini386certinst.exe

File ......Kernelbinlwfwin7i386packagendisrd_lwf.inf

File ......Kernelbinlwfwin7i386packagendisrd.cat

File ......Kernelbinlwfwin7i386packagendisrd.sys

${EndIf}



File ......Setupcertroot.cer

nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe"  "$INSTDIRinstlwftmproot.cer"'

nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'



SetOutPath $INSTDIR

RMDir /r /REBOOTOK $INSTDIRinstlwftmp

FunctionEnd

####################



####################

Function InstallLWF8

####################

SetOutPath $INSTDIRinstlwftmp

${If} ${RunningX64}

File ......Setupbinamd64snetcfg.exe

File ......Setupbinamd64certinst.exe

File ......Kernelbinlwfwin8amd64packagendisrd_lwf.inf

File ......Kernelbinlwfwin8amd64packagendisrd.cat

File ......Kernelbinlwfwin8amd64packagendisrd.sys

${Else}

File ......Setupbini386snetcfg.exe

File ......Setupbini386certinst.exe

File ......Kernelbinlwfwin8i386packagendisrd_lwf.inf

File ......Kernelbinlwfwin8i386packagendisrd.cat

File ......Kernelbinlwfwin8i386packagendisrd.sys

${EndIf}



File ......Setupcertroot.cer

nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe"  "$INSTDIRinstlwftmproot.cer"'

nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'



SetOutPath $INSTDIR

RMDir /r /REBOOTOK $INSTDIRinstlwftmp

FunctionEnd

####################



#############################

Function InstallNDISLWFDriver

#############################

SetOutPath $INSTDIRinstlwftmp



${If} ${IsWinVista}

${OrIf} ${IsWin2008}

call InstallLWFVista

Return

${EndIf}



${If} ${IsWin7}

${OrIf} ${IsWin2008R2}

call InstallLWF7

Return

${EndIf}



call InstallLWF8

FunctionEnd

#############################



#################################

Function InstallWinpkFilterDriver

#################################

${If} ${AtLeastWinVista}

call InstallNDISLWFDriver

GoTo post

${EndIf}



StrCmp $bIMUsed "1" 0 +3

call InstallNDISIMDriver

GoTo post

${If} ${RunningX64}

${OrIf} ${AtLeastWinXP}

call InstallNDISIMDriver

${ElseIf} ${IsNT}

call InstallNDISHookDriverNT2000XP

${Else}

call InstallNDISHookDriver9x

${EndIf}



post:



#Kernel components

SetOutPath $INSTDIRKernelbindlli386

File ......Kernelbindlli386ndisapi.dll

File ......Kernelbindlli386ndisapi.lib



SetOutPath $INSTDIRKernelbindllamd64

File ......Kernelbindllamd64ndisapi.dll

File ......Kernelbindllamd64ndisapi.lib



WriteRegStr HKLM "${REGKEY}" NDISIMUsed $bIMUsed

WriteRegStr HKLM "${REGKEY}Components" Main $availDrv



Call EnableRouter



FunctionEnd

#################################

[Vadim Smirnov]

You can query all IP addresses corresponding google.com:

Addresses: 2a00:1450:4002:800::1003
188.43.67.102
188.43.67.106
188.43.67.108
188.43.67.109
188.43.67.113
188.43.67.117
188.43.67.121
188.43.67.123
188.43.67.79
188.43.67.83
188.43.67.87
188.43.67.91
188.43.67.93
188.43.67.94
188.43.67.98
and monitor packets to/from these IP’s. If you suspect that IP of google.com may change you can also monitor DNS queries and update the domain IP list accordingly.

[Vadim Smirnov]

The problem caused by -DUNICODE compiler switch. If you want your project to use UNICODE then you have to recompile ndisapi.dll as UNICODE either. For backward compatibility with earlier versions of Windows ndisapi.dll distributed within WinpkFilter package is built as multibyte.

[Vadim Smirnov]

ReadPackets/SendPacketsToXXX were added to reduce number of user/kernel context switches and thus increase the performance.

The easiest approach would be processing packets one by one in one thread, however, if you use multiply threads for and still want to take an advantage of SendPacketsToXXX API calls I would keep an internal queue of packets for each network interface which are ready to send to driver (actually two queues, one for outgoing and one for incoming packets). Queue should be sent to driver on one of two events:
1) Queue size reached its “immediate sent” size
2) Timeout occurs

Size and timeout should be dynamic parameters adjusted depending on the amount of packets you get from the driver. E.g. the faster you read packets from the driver the less the timeout.

[Vadim Smirnov]

Yes, Windows 2000 is supported, although the driver installed for that OS is different from the one used for XP or Vista and later.

If you can collect the crash dump (kernel or full) we could check what has happened. I suspect this could we a sort of software conflict if you have firewalling/AV software installed.

[Vadim Smirnov]

Hi,

I nearly have no experience in VB, but there is a C sample filter.cpp which has a scenario to redirect only DNS packets for processing by WinpkFilter application.

This sample scenario can be easily modified to intercept only DNS queries destined to local DNS server this way:

pFilters->m_TableSize = 2;





// 1. Incoming DNS requests filter: REDIRECT IN UDP packets with destination PORT 53

// Common values

pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters

pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;

pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;

pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;



// Network layer filter

pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;

pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;

pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;



// Transport layer filter

pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;

pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;

pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS

pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;



//***************************************************************************************

// 2. Pass all packets (skipped by previous filters) without processing in user mode

// Common values

pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters

pFilters->m_StaticFilters[1].m_ValidFields = 0;

pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_PASS;

pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;



break;

The filter you showed in your initial post should select only outgoing DNS queries, not incoming ones.

[Vadim Smirnov]

From what I can see WinpkFilter is installed and works. An example these are definitely your ICMP PING packets:

9 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC3

8 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164E8

But for some reason packet is not correctly parsed by passthru sample. This may be caused by version mismatch between driver and passthru application (INTERMEDIATE_BUFFER structure was changed several times in last versions and it is important to use driver and application built on the same common.h).

[Vadim Smirnov]

If you look at the filter.cpp sample you can find the scenario which redirects only DNS packets to user mode and passes any other packets. Filters are defined as the following:

//**************************************************************************************

// 1. Outgoing DNS requests filter: REDIRECT OUT UDP packets with destination PORT 53

// Common values

pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters

pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;

pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;

pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND;



// Network layer filter

pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;

pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;

pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;



// Transport layer filter

pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;

pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_DEST_PORT;

pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS

pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;



//****************************************************************************************

// 2. Incoming DNS responses filter: REDIRECT IN UDP packets with source PORT 53

// Common values

pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters

pFilters->m_StaticFilters[1].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;

pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_REDIRECT;

pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;



// Network layer filter

pFilters->m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = IPV4;

pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;

pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;



// Transport layer filter

pFilters->m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = TCPUDP;

pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;

pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53; // DNS

pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53;



//***************************************************************************************

// 3. Pass all packets (skipped by previous filters) without processing in user mode

// Common values

pFilters->m_StaticFilters[2].m_Adapter.QuadPart = 0; // applied to all adapters

pFilters->m_StaticFilters[2].m_ValidFields = 0;

pFilters->m_StaticFilters[2].m_FilterAction = FILTER_PACKET_PASS;

pFilters->m_StaticFilters[2].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;



break;

Does this sample work for you?

[Author]

Posts