Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 646 through 660 (of 1,488 total)
  • Author
    Posts
  • in reply to: Problem with Winpkfilter #7168
    Vadim Smirnov
    Keymaster

      If your application is slow in reading and processing packets and driver queue grows fast enough then this is possible to start loosing packets for other network interfaces.

      in reply to: Regarding Static Filter Table #7166
      Vadim Smirnov
      Keymaster

        If you had not set tunnel mode for the 3rd adapter then it will send/receive packets as before and ignore filters set.

        in reply to: NAT server based on Internet Gateway Sample #7164
        Vadim Smirnov
        Keymaster

          Internet Gateway is a sample application and does not pretend to be a full featured and performance optimized solution. Although there are ways to improve it.

          in reply to: Filter.cpp questions #7159
          Vadim Smirnov
          Keymaster

            1) This is so called default filter which defines the action for the packets which were not selected by other filters.
            2) The default action in this case is FILTER_PACKET_REDIRECT
            3) All zeroes entry will be skipped.

            in reply to: Installing your Driver #7158
            Vadim Smirnov
            Keymaster

              For this request please contact support(at)ntkernel.com with other details.

              in reply to: Installing your Driver #7156
              Vadim Smirnov
              Keymaster

                That depends from the OS you installing on. The functions for NSIS installer are below:

                ######################################
                Function InstallNDISHookDriverNT2000XP
                ######################################
                SetOutPath $SYSDIRdrivers
                File ......Kernelbinhookdrvi386ndisrd.sys
                !insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesndisrd
                WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Start 1
                WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Type 1
                WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd ErrorControl 1
                ${If} ${IsWinNT4}
                WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Network"
                ${Else}
                WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Streams Drivers"
                ${EndIf}
                SetRebootFlag true
                FunctionEnd
                ######################################

                ################################
                Function InstallNDISHookDriver9x
                ################################
                SetOutPath $WINDIRsystem
                File ......Kernelbinhookdrvwin9xndisrd.vxd
                !insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesVxDndisrd
                WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDndisrd StaticVxD "ndisrd.vxd"
                SetRebootFlag true
                FunctionEnd
                ################################

                ############################
                Function InstallNDISIMDriver
                ############################
                SetOutPath $INSTDIRinstimtmp
                ${If} ${RunningX64}
                File ......Setupbinamd64DriverSigning.exe
                File ......Setupbinamd64snetcfg.exe
                File ......KernelINFndisrd.inf
                File ......KernelINFndisrd_m.inf
                File ......Kernelbinimdrvamd64ndisrd.sys
                ${Else}
                File ......Setupbini386DriverSigning.exe
                File ......Setupbini386snetcfg.exe
                File ......KernelINFndisrd.inf
                File ......KernelINFndisrd_m.inf
                File ......Kernelbinimdrvi386ndisrd.sys
                ${EndIf}

                nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /off'
                nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpsnetcfg.exe" -v -l ndisrd.inf -m ndisrd_m.inf -c s -i nt_ndisrd'
                nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /on'

                SetOutPath $INSTDIR
                RMDir /r /REBOOTOK $INSTDIRinstimtmp
                FunctionEnd
                ############################

                ########################
                Function InstallLWFVista
                ########################
                SetOutPath $INSTDIRinstlwftmp
                ${If} ${RunningX64}
                File ......Setupbinamd64snetcfg.exe
                File ......Setupbinamd64certinst.exe
                File ......Kernelbinlwfvistaamd64packagendisrd_lwf.inf
                File ......Kernelbinlwfvistaamd64packagendisrd.cat
                File ......Kernelbinlwfvistaamd64packagendisrd.sys
                ${Else}
                File ......Setupbini386snetcfg.exe
                File ......Setupbini386certinst.exe
                File ......Kernelbinlwfvistai386packagendisrd_lwf.inf
                File ......Kernelbinlwfvistai386packagendisrd.cat
                File ......Kernelbinlwfvistai386packagendisrd.sys
                ${EndIf}

                File ......Setupcertroot.cer
                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                SetOutPath $INSTDIR
                RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                FunctionEnd
                ########################

                ####################
                Function InstallLWF7
                ####################
                SetOutPath $INSTDIRinstlwftmp
                ${If} ${RunningX64}
                File ......Setupbinamd64snetcfg.exe
                File ......Setupbinamd64certinst.exe
                File ......Kernelbinlwfwin7amd64packagendisrd_lwf.inf
                File ......Kernelbinlwfwin7amd64packagendisrd.cat
                File ......Kernelbinlwfwin7amd64packagendisrd.sys
                ${Else}
                File ......Setupbini386snetcfg.exe
                File ......Setupbini386certinst.exe
                File ......Kernelbinlwfwin7i386packagendisrd_lwf.inf
                File ......Kernelbinlwfwin7i386packagendisrd.cat
                File ......Kernelbinlwfwin7i386packagendisrd.sys
                ${EndIf}

                File ......Setupcertroot.cer
                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                SetOutPath $INSTDIR
                RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                FunctionEnd
                ####################

                ####################
                Function InstallLWF8
                ####################
                SetOutPath $INSTDIRinstlwftmp
                ${If} ${RunningX64}
                File ......Setupbinamd64snetcfg.exe
                File ......Setupbinamd64certinst.exe
                File ......Kernelbinlwfwin8amd64packagendisrd_lwf.inf
                File ......Kernelbinlwfwin8amd64packagendisrd.cat
                File ......Kernelbinlwfwin8amd64packagendisrd.sys
                ${Else}
                File ......Setupbini386snetcfg.exe
                File ......Setupbini386certinst.exe
                File ......Kernelbinlwfwin8i386packagendisrd_lwf.inf
                File ......Kernelbinlwfwin8i386packagendisrd.cat
                File ......Kernelbinlwfwin8i386packagendisrd.sys
                ${EndIf}

                File ......Setupcertroot.cer
                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                SetOutPath $INSTDIR
                RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                FunctionEnd
                ####################

                #############################
                Function InstallNDISLWFDriver
                #############################
                SetOutPath $INSTDIRinstlwftmp

                ${If} ${IsWinVista}
                ${OrIf} ${IsWin2008}
                call InstallLWFVista
                Return
                ${EndIf}

                ${If} ${IsWin7}
                ${OrIf} ${IsWin2008R2}
                call InstallLWF7
                Return
                ${EndIf}

                call InstallLWF8
                FunctionEnd
                #############################

                #################################
                Function InstallWinpkFilterDriver
                #################################
                ${If} ${AtLeastWinVista}
                call InstallNDISLWFDriver
                GoTo post
                ${EndIf}

                StrCmp $bIMUsed "1" 0 +3
                call InstallNDISIMDriver
                GoTo post
                ${If} ${RunningX64}
                ${OrIf} ${AtLeastWinXP}
                call InstallNDISIMDriver
                ${ElseIf} ${IsNT}
                call InstallNDISHookDriverNT2000XP
                ${Else}
                call InstallNDISHookDriver9x
                ${EndIf}

                post:

                #Kernel components
                SetOutPath $INSTDIRKernelbindlli386
                File ......Kernelbindlli386ndisapi.dll
                File ......Kernelbindlli386ndisapi.lib

                SetOutPath $INSTDIRKernelbindllamd64
                File ......Kernelbindllamd64ndisapi.dll
                File ......Kernelbindllamd64ndisapi.lib

                WriteRegStr HKLM "${REGKEY}" NDISIMUsed $bIMUsed
                WriteRegStr HKLM "${REGKEY}Components" Main $availDrv

                Call EnableRouter

                FunctionEnd
                #################################
                in reply to: Ip Blocking from domain #7155
                Vadim Smirnov
                Keymaster

                  You can query all IP addresses corresponding google.com:

                  Addresses: 2a00:1450:4002:800::1003
                  188.43.67.102
                  188.43.67.106
                  188.43.67.108
                  188.43.67.109
                  188.43.67.113
                  188.43.67.117
                  188.43.67.121
                  188.43.67.123
                  188.43.67.79
                  188.43.67.83
                  188.43.67.87
                  188.43.67.91
                  188.43.67.93
                  188.43.67.94
                  188.43.67.98
                  and monitor packets to/from these IP’s. If you suspect that IP of google.com may change you can also monitor DNS queries and update the domain IP list accordingly.

                  in reply to: MSVC 2012/ 2010 #7152
                  Vadim Smirnov
                  Keymaster

                    The problem caused by -DUNICODE compiler switch. If you want your project to use UNICODE then you have to recompile ndisapi.dll as UNICODE either. For backward compatibility with earlier versions of Windows ndisapi.dll distributed within WinpkFilter package is built as multibyte.

                    in reply to: NtKernel filter best performance for reinjecting traffic #7153
                    Vadim Smirnov
                    Keymaster

                      ReadPackets/SendPacketsToXXX were added to reduce number of user/kernel context switches and thus increase the performance.

                      The easiest approach would be processing packets one by one in one thread, however, if you use multiply threads for and still want to take an advantage of SendPacketsToXXX API calls I would keep an internal queue of packets for each network interface which are ready to send to driver (actually two queues, one for outgoing and one for incoming packets). Queue should be sent to driver on one of two events:
                      1) Queue size reached its “immediate sent” size
                      2) Timeout occurs

                      Size and timeout should be dynamic parameters adjusted depending on the amount of packets you get from the driver. E.g. the faster you read packets from the driver the less the timeout.

                      in reply to: STATIC FILTER using VB #7148
                      Vadim Smirnov
                      Keymaster

                        Yes, Windows 2000 is supported, although the driver installed for that OS is different from the one used for XP or Vista and later.

                        If you can collect the crash dump (kernel or full) we could check what has happened. I suspect this could we a sort of software conflict if you have firewalling/AV software installed.

                        in reply to: STATIC FILTER using VB #7146
                        Vadim Smirnov
                        Keymaster

                          Hi,

                          I nearly have no experience in VB, but there is a C sample filter.cpp which has a scenario to redirect only DNS packets for processing by WinpkFilter application.

                          This sample scenario can be easily modified to intercept only DNS queries destined to local DNS server this way:


                          pFilters->m_TableSize = 2;


                          // 1. Incoming DNS requests filter: REDIRECT IN UDP packets with destination PORT 53
                          // Common values
                          pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
                          pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
                          pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;
                          pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;

                          // Network layer filter
                          pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
                          pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
                          pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

                          // Transport layer filter
                          pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
                          pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
                          pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS
                          pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;

                          //***************************************************************************************
                          // 2. Pass all packets (skipped by previous filters) without processing in user mode
                          // Common values
                          pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
                          pFilters->m_StaticFilters[1].m_ValidFields = 0;
                          pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_PASS;
                          pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

                          break;

                          The filter you showed in your initial post should select only outgoing DNS queries, not incoming ones.

                          in reply to: Winpk filter on Windows 7 #7138
                          Vadim Smirnov
                          Keymaster

                            From what I can see WinpkFilter is installed and works. An example these are definitely your ICMP PING packets:

                            9 – MSTCP –> Interface
                            Packet size = 74
                            Source MAC: C0A8010CC0A8
                            Destination MAC: 000080016CC3

                            8 – Interface –> MSTCP
                            Packet size = 74
                            Source MAC: C0A80102C0A8
                            Destination MAC: 0000800164E8

                            But for some reason packet is not correctly parsed by passthru sample. This may be caused by version mismatch between driver and passthru application (INTERMEDIATE_BUFFER structure was changed several times in last versions and it is important to use driver and application built on the same common.h).

                            in reply to: Static filter table – netbios traffic is redirected always #7143
                            Vadim Smirnov
                            Keymaster

                              If you look at the filter.cpp sample you can find the scenario which redirects only DNS packets to user mode and passes any other packets. Filters are defined as the following:

                              //**************************************************************************************
                              // 1. Outgoing DNS requests filter: REDIRECT OUT UDP packets with destination PORT 53
                              // Common values
                              pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
                              pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
                              pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;
                              pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND;

                              // Network layer filter
                              pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
                              pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
                              pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

                              // Transport layer filter
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_DEST_PORT;
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS
                              pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;

                              //****************************************************************************************
                              // 2. Incoming DNS responses filter: REDIRECT IN UDP packets with source PORT 53
                              // Common values
                              pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
                              pFilters->m_StaticFilters[1].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
                              pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_REDIRECT;
                              pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;

                              // Network layer filter
                              pFilters->m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = IPV4;
                              pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
                              pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

                              // Transport layer filter
                              pFilters->m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = TCPUDP;
                              pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
                              pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53; // DNS
                              pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53;

                              //***************************************************************************************
                              // 3. Pass all packets (skipped by previous filters) without processing in user mode
                              // Common values
                              pFilters->m_StaticFilters[2].m_Adapter.QuadPart = 0; // applied to all adapters
                              pFilters->m_StaticFilters[2].m_ValidFields = 0;
                              pFilters->m_StaticFilters[2].m_FilterAction = FILTER_PACKET_PASS;
                              pFilters->m_StaticFilters[2].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

                              break;

                              Does this sample work for you?

                              Vadim Smirnov
                              Keymaster

                                Hi Ghita,

                                I can’t see the filters you have set, but I suspect that your filters for blocking TCP/UDP may be destination IP/MAC address specfic and therefore broadcast/multicast packets get passed (they have special broadcast/multicast MAC and IP adresses).

                                Hope it helps…

                                in reply to: PSTATIC_FILTER_TABLE blocks DNS traffic #7133
                                Vadim Smirnov
                                Keymaster

                                  Thank you for the update. I’m glad that you have resolved the issue.

                                Viewing 15 posts - 646 through 660 (of 1,488 total)