[Vadim Smirnov]

А зачем все это? Структура INTERMEDIATE_BUFFER_WOW64 определена для внутреннего пользования (конверсии в случае 32 битного приложения и 64 битного драйвера). Приложение-клиент должно работать с INTERMEDIATE_BUFFER, все необходимые конверсии сделает NDISAPI если они будут нужны.

[Vadim Smirnov]

Нет там никакой структурки, это случайное дополнение – мусорные байты. В сеть можно закинуть пакет любого размера не превышающего допустимый сетевым адаптером, в случае ethernet общий размер пакета не может превышать 1514 байт. Если Iris видит пакет значит в сеть он ушел, можно его перехватить в точке назначения для верности. Другое дело что стек принимающей системы мог забраковать пакет, увеличение размера TCP данных не совсем тривиальная задача, нужно учитывать меняющиеся SEQ/ACK поля.

[Vadim Smirnov]

В любой сборке WInpkFilter кроме WinpkFilter run-time libraries.

[Vadim Smirnov]

I would recommend to drop the original request and form a new response packet with redirect.

[Vadim Smirnov]

Сделать можно, но готового функционала для шейпинга в драйвере нет. Нужно все сделать руками на уровне пакетов. Впрочем все это достаточно несложно, если есть понимание как должны работать правила.

[Vadim Smirnov]

1- In m_ValidFields in static filters, there are only 3 predescribed values Data_Link_Layer_Valid, Networ_Link_Layer_Valid and Transport_Link_Layer_Valid which they are 1, 2 and 4 respectively.
But sometimes it is set to 0, especially to pass all packets. What does 0 means?

It means that none of the validity fields is defined.

2- Why the network mask is 255.255.255.255? It was used when access to http://www.ntkernel.com website was blocked.

To block the particular IP address. If you use another mask you may block more than single IP.

3- How can I know how many packets been dropped?

All filters gather statistics of the packets for which filter did the action. You can query this statistics using API.

[Vadim Smirnov]

snetcfg is shipped in source code to all WinpkFilter licensees.

[Vadim Smirnov]

Looks like ndisapi.lib still does not link into your application for some reason…

[Vadim Smirnov]

You have to start from PassThur sample.

For the authorized users you just pass packet through. When you detect HTTP GET request from unauthorized user you should generate HTTP redirect response packet. Since you pass all network packets through your application you can easily inspect/modify the traffic flow.

[Vadim Smirnov]

Current version f WInpkFilter installer does not recognize Windows 7, but you can install WinpkFilter drivers manually. It works just fine.

[Vadim Smirnov]

WinpkFilter 3.0.4 does not support this feature. Although it was added in the development version and available to WinpkFilter customers. The new added API allows to retrieve the information about currently active WAN connections. Structures for getting this information are defined as the following:

typedef

struct _RAS_LINK_INFO

{

#define RAS_LINK_BUFFER_LENGTH 1024

ULONG  LinkSpeed;			// Specifies the speed of the link, in units of 100 bps.

// Zero indicates no change from the speed returned when the protocol called NdisRequest with OID_GEN_LINK_SPEED.

ULONG  MaximumTotalSize;	// Specifies the maximum number of bytes per packet that the protocol can send over the network.

// Zero indicates no change from the value returned when the protocol called NdisRequest with OID_GEN_MAXIMUM_TOTAL_SIZE.

UCHAR  RemoteAddress [ETHER_ADDR_LENGTH];	// Represents the address of the remote node on the link in Ethernet-style format. NDISWAN supplies this value.

UCHAR  LocalAddress [ETHER_ADDR_LENGTH];	// Represents the protocol-determined context for indications on this link in Ethernet-style format.

ULONG  ProtocolBufferLength;// Specifies the number of bytes in the buffer at ProtocolBuffer

UCHAR  ProtocolBuffer [RAS_LINK_BUFFER_LENGTH]; // Containing protocol-specific information supplied by a higher-level component that makes connections through NDISWAN

// to the appropriate protocol(s). Maximum size is 600 bytes (on Windows Vista)

} RAS_LINK_INFO, *PRAS_LINK_INFO;



typedef

struct _RAS_LINKS

{

#define RAS_LINKS_MAX	256

ULONG nNumberOfLinks;

RAS_LINK_INFO RasLinks[RAS_LINKS_MAX];



} RAS_LINKS, *PRAS_LINKS;

[Vadim Smirnov]

Thanks. Happy New Year to you too!

I’ve been a bit overloaded last time. Need to find some free time to complete the new release. Hopefully in March.

[Vadim Smirnov]

You can use IP helper API to query current active connections table and match your packet against this table using IP address and port information you have. Since Windows XP connections table contains process ID. Another way is using LSP or TDI filter driver.

[Vadim Smirnov]

Most probably there is something wrong with structures definitions. Or you may be trying to process non TCP packet.

[Vadim Smirnov]

How do you expect to use VirtNet?

[Author]

Posts