Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 646 through 660 (of 1,490 total)
  • Author
    Posts
  • in reply to: how could i start #7171
    Vadim Smirnov
    Keymaster

      I would recommend you to take a look at Internet Gateway (implements simple NAT solution), LAN HTTP Monitor (implements HTTP redirector and HTTP proxy).

      Actually Internet Gateway implements topic number 1. It allows one system to share Internet to several other systems.

      Topic number 2 can be implemented sing techniques demonstrated by LAN HTTP Monitor. Instead of redirecting to proxy you can redirect to your own HTTP authentication page.

      Topic 3 is an easy addition to previous ones.

      in reply to: Start a captive portal #7170
      Vadim Smirnov
      Keymaster

        Antamedia solution is based on WinpkFilter driver. In order to start you may want to look at Internet Gateway and LAN HTTP Monitor samples code.

        in reply to: Problem with Winpkfilter #7168
        Vadim Smirnov
        Keymaster

          If your application is slow in reading and processing packets and driver queue grows fast enough then this is possible to start loosing packets for other network interfaces.

          in reply to: Regarding Static Filter Table #7166
          Vadim Smirnov
          Keymaster

            If you had not set tunnel mode for the 3rd adapter then it will send/receive packets as before and ignore filters set.

            in reply to: NAT server based on Internet Gateway Sample #7164
            Vadim Smirnov
            Keymaster

              Internet Gateway is a sample application and does not pretend to be a full featured and performance optimized solution. Although there are ways to improve it.

              in reply to: Filter.cpp questions #7159
              Vadim Smirnov
              Keymaster

                1) This is so called default filter which defines the action for the packets which were not selected by other filters.
                2) The default action in this case is FILTER_PACKET_REDIRECT
                3) All zeroes entry will be skipped.

                in reply to: Installing your Driver #7158
                Vadim Smirnov
                Keymaster

                  For this request please contact support(at)ntkernel.com with other details.

                  in reply to: Installing your Driver #7156
                  Vadim Smirnov
                  Keymaster

                    That depends from the OS you installing on. The functions for NSIS installer are below:

                    ######################################
                    Function InstallNDISHookDriverNT2000XP
                    ######################################
                    SetOutPath $SYSDIRdrivers
                    File ......Kernelbinhookdrvi386ndisrd.sys
                    !insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesndisrd
                    WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Start 1
                    WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Type 1
                    WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd ErrorControl 1
                    ${If} ${IsWinNT4}
                    WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Network"
                    ${Else}
                    WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Streams Drivers"
                    ${EndIf}
                    SetRebootFlag true
                    FunctionEnd
                    ######################################

                    ################################
                    Function InstallNDISHookDriver9x
                    ################################
                    SetOutPath $WINDIRsystem
                    File ......Kernelbinhookdrvwin9xndisrd.vxd
                    !insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesVxDndisrd
                    WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDndisrd StaticVxD "ndisrd.vxd"
                    SetRebootFlag true
                    FunctionEnd
                    ################################

                    ############################
                    Function InstallNDISIMDriver
                    ############################
                    SetOutPath $INSTDIRinstimtmp
                    ${If} ${RunningX64}
                    File ......Setupbinamd64DriverSigning.exe
                    File ......Setupbinamd64snetcfg.exe
                    File ......KernelINFndisrd.inf
                    File ......KernelINFndisrd_m.inf
                    File ......Kernelbinimdrvamd64ndisrd.sys
                    ${Else}
                    File ......Setupbini386DriverSigning.exe
                    File ......Setupbini386snetcfg.exe
                    File ......KernelINFndisrd.inf
                    File ......KernelINFndisrd_m.inf
                    File ......Kernelbinimdrvi386ndisrd.sys
                    ${EndIf}

                    nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /off'
                    nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpsnetcfg.exe" -v -l ndisrd.inf -m ndisrd_m.inf -c s -i nt_ndisrd'
                    nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /on'

                    SetOutPath $INSTDIR
                    RMDir /r /REBOOTOK $INSTDIRinstimtmp
                    FunctionEnd
                    ############################

                    ########################
                    Function InstallLWFVista
                    ########################
                    SetOutPath $INSTDIRinstlwftmp
                    ${If} ${RunningX64}
                    File ......Setupbinamd64snetcfg.exe
                    File ......Setupbinamd64certinst.exe
                    File ......Kernelbinlwfvistaamd64packagendisrd_lwf.inf
                    File ......Kernelbinlwfvistaamd64packagendisrd.cat
                    File ......Kernelbinlwfvistaamd64packagendisrd.sys
                    ${Else}
                    File ......Setupbini386snetcfg.exe
                    File ......Setupbini386certinst.exe
                    File ......Kernelbinlwfvistai386packagendisrd_lwf.inf
                    File ......Kernelbinlwfvistai386packagendisrd.cat
                    File ......Kernelbinlwfvistai386packagendisrd.sys
                    ${EndIf}

                    File ......Setupcertroot.cer
                    nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                    nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                    SetOutPath $INSTDIR
                    RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                    FunctionEnd
                    ########################

                    ####################
                    Function InstallLWF7
                    ####################
                    SetOutPath $INSTDIRinstlwftmp
                    ${If} ${RunningX64}
                    File ......Setupbinamd64snetcfg.exe
                    File ......Setupbinamd64certinst.exe
                    File ......Kernelbinlwfwin7amd64packagendisrd_lwf.inf
                    File ......Kernelbinlwfwin7amd64packagendisrd.cat
                    File ......Kernelbinlwfwin7amd64packagendisrd.sys
                    ${Else}
                    File ......Setupbini386snetcfg.exe
                    File ......Setupbini386certinst.exe
                    File ......Kernelbinlwfwin7i386packagendisrd_lwf.inf
                    File ......Kernelbinlwfwin7i386packagendisrd.cat
                    File ......Kernelbinlwfwin7i386packagendisrd.sys
                    ${EndIf}

                    File ......Setupcertroot.cer
                    nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                    nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                    SetOutPath $INSTDIR
                    RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                    FunctionEnd
                    ####################

                    ####################
                    Function InstallLWF8
                    ####################
                    SetOutPath $INSTDIRinstlwftmp
                    ${If} ${RunningX64}
                    File ......Setupbinamd64snetcfg.exe
                    File ......Setupbinamd64certinst.exe
                    File ......Kernelbinlwfwin8amd64packagendisrd_lwf.inf
                    File ......Kernelbinlwfwin8amd64packagendisrd.cat
                    File ......Kernelbinlwfwin8amd64packagendisrd.sys
                    ${Else}
                    File ......Setupbini386snetcfg.exe
                    File ......Setupbini386certinst.exe
                    File ......Kernelbinlwfwin8i386packagendisrd_lwf.inf
                    File ......Kernelbinlwfwin8i386packagendisrd.cat
                    File ......Kernelbinlwfwin8i386packagendisrd.sys
                    ${EndIf}

                    File ......Setupcertroot.cer
                    nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                    nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                    SetOutPath $INSTDIR
                    RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                    FunctionEnd
                    ####################

                    #############################
                    Function InstallNDISLWFDriver
                    #############################
                    SetOutPath $INSTDIRinstlwftmp

                    ${If} ${IsWinVista}
                    ${OrIf} ${IsWin2008}
                    call InstallLWFVista
                    Return
                    ${EndIf}

                    ${If} ${IsWin7}
                    ${OrIf} ${IsWin2008R2}
                    call InstallLWF7
                    Return
                    ${EndIf}

                    call InstallLWF8
                    FunctionEnd
                    #############################

                    #################################
                    Function InstallWinpkFilterDriver
                    #################################
                    ${If} ${AtLeastWinVista}
                    call InstallNDISLWFDriver
                    GoTo post
                    ${EndIf}

                    StrCmp $bIMUsed "1" 0 +3
                    call InstallNDISIMDriver
                    GoTo post
                    ${If} ${RunningX64}
                    ${OrIf} ${AtLeastWinXP}
                    call InstallNDISIMDriver
                    ${ElseIf} ${IsNT}
                    call InstallNDISHookDriverNT2000XP
                    ${Else}
                    call InstallNDISHookDriver9x
                    ${EndIf}

                    post:

                    #Kernel components
                    SetOutPath $INSTDIRKernelbindlli386
                    File ......Kernelbindlli386ndisapi.dll
                    File ......Kernelbindlli386ndisapi.lib

                    SetOutPath $INSTDIRKernelbindllamd64
                    File ......Kernelbindllamd64ndisapi.dll
                    File ......Kernelbindllamd64ndisapi.lib

                    WriteRegStr HKLM "${REGKEY}" NDISIMUsed $bIMUsed
                    WriteRegStr HKLM "${REGKEY}Components" Main $availDrv

                    Call EnableRouter

                    FunctionEnd
                    #################################
                    in reply to: Ip Blocking from domain #7155
                    Vadim Smirnov
                    Keymaster

                      You can query all IP addresses corresponding google.com:

                      Addresses: 2a00:1450:4002:800::1003
                      188.43.67.102
                      188.43.67.106
                      188.43.67.108
                      188.43.67.109
                      188.43.67.113
                      188.43.67.117
                      188.43.67.121
                      188.43.67.123
                      188.43.67.79
                      188.43.67.83
                      188.43.67.87
                      188.43.67.91
                      188.43.67.93
                      188.43.67.94
                      188.43.67.98
                      and monitor packets to/from these IP’s. If you suspect that IP of google.com may change you can also monitor DNS queries and update the domain IP list accordingly.

                      in reply to: MSVC 2012/ 2010 #7152
                      Vadim Smirnov
                      Keymaster

                        The problem caused by -DUNICODE compiler switch. If you want your project to use UNICODE then you have to recompile ndisapi.dll as UNICODE either. For backward compatibility with earlier versions of Windows ndisapi.dll distributed within WinpkFilter package is built as multibyte.

                        in reply to: NtKernel filter best performance for reinjecting traffic #7153
                        Vadim Smirnov
                        Keymaster

                          ReadPackets/SendPacketsToXXX were added to reduce number of user/kernel context switches and thus increase the performance.

                          The easiest approach would be processing packets one by one in one thread, however, if you use multiply threads for and still want to take an advantage of SendPacketsToXXX API calls I would keep an internal queue of packets for each network interface which are ready to send to driver (actually two queues, one for outgoing and one for incoming packets). Queue should be sent to driver on one of two events:
                          1) Queue size reached its “immediate sent” size
                          2) Timeout occurs

                          Size and timeout should be dynamic parameters adjusted depending on the amount of packets you get from the driver. E.g. the faster you read packets from the driver the less the timeout.

                          in reply to: STATIC FILTER using VB #7148
                          Vadim Smirnov
                          Keymaster

                            Yes, Windows 2000 is supported, although the driver installed for that OS is different from the one used for XP or Vista and later.

                            If you can collect the crash dump (kernel or full) we could check what has happened. I suspect this could we a sort of software conflict if you have firewalling/AV software installed.

                            in reply to: STATIC FILTER using VB #7146
                            Vadim Smirnov
                            Keymaster

                              Hi,

                              I nearly have no experience in VB, but there is a C sample filter.cpp which has a scenario to redirect only DNS packets for processing by WinpkFilter application.

                              This sample scenario can be easily modified to intercept only DNS queries destined to local DNS server this way:


                              pFilters->m_TableSize = 2;


                              // 1. Incoming DNS requests filter: REDIRECT IN UDP packets with destination PORT 53
                              // Common values
                              pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
                              pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
                              pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;
                              pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;

                              // Network layer filter
                              pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
                              pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
                              pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

                              // Transport layer filter
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;

                              //***************************************************************************************
                              // 2. Pass all packets (skipped by previous filters) without processing in user mode
                              // Common values
                              pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
                              pFilters->m_StaticFilters[1].m_ValidFields = 0;
                              pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_PASS;
                              pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

                              break;

                              The filter you showed in your initial post should select only outgoing DNS queries, not incoming ones.

                              in reply to: Winpk filter on Windows 7 #7138
                              Vadim Smirnov
                              Keymaster

                                From what I can see WinpkFilter is installed and works. An example these are definitely your ICMP PING packets:

                                9 – MSTCP –> Interface
                                Packet size = 74
                                Source MAC: C0A8010CC0A8
                                Destination MAC: 000080016CC3

                                8 – Interface –> MSTCP
                                Packet size = 74
                                Source MAC: C0A80102C0A8
                                Destination MAC: 0000800164E8

                                But for some reason packet is not correctly parsed by passthru sample. This may be caused by version mismatch between driver and passthru application (INTERMEDIATE_BUFFER structure was changed several times in last versions and it is important to use driver and application built on the same common.h).

                                in reply to: Static filter table – netbios traffic is redirected always #7143
                                Vadim Smirnov
                                Keymaster

                                  If you look at the filter.cpp sample you can find the scenario which redirects only DNS packets to user mode and passes any other packets. Filters are defined as the following:

                                  //**************************************************************************************
                                  // 1. Outgoing DNS requests filter: REDIRECT OUT UDP packets with destination PORT 53
                                  // Common values
                                  pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
                                  pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
                                  pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;
                                  pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND;

                                  // Network layer filter
                                  pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
                                  pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
                                  pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

                                  // Transport layer filter
                                  pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
                                  pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_DEST_PORT;
                                  pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS
                                  pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;

                                  //****************************************************************************************
                                  // 2. Incoming DNS responses filter: REDIRECT IN UDP packets with source PORT 53
                                  // Common values
                                  pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
                                  pFilters->m_StaticFilters[1].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
                                  pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_REDIRECT;
                                  pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;

                                  // Network layer filter
                                  pFilters->m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = IPV4;
                                  pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
                                  pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

                                  // Transport layer filter
                                  pFilters->m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = TCPUDP;
                                  pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
                                  pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53; // DNS
                                  pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53;

                                  //***************************************************************************************
                                  // 3. Pass all packets (skipped by previous filters) without processing in user mode
                                  // Common values
                                  pFilters->m_StaticFilters[2].m_Adapter.QuadPart = 0; // applied to all adapters
                                  pFilters->m_StaticFilters[2].m_ValidFields = 0;
                                  pFilters->m_StaticFilters[2].m_FilterAction = FILTER_PACKET_PASS;
                                  pFilters->m_StaticFilters[2].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

                                  break;

                                  Does this sample work for you?

                                Viewing 15 posts - 646 through 660 (of 1,490 total)