Forum Replies Created
-
Posts
-
There is no ready-to-use function for redirecting in NDISAPI. NDISAPI only provides you raw interface to manipulate packets. You have to implement redirecting (packet header changes, checksums recalculations) by yourself.
You can refer Internet Gateway sample which implements NAT for the details. This sample is in C++ but not that complex to catch the basics.
Problem is this redirecting.
How can ı redirect my client to other network car.Client-to-Server: Save the connection information, change the destination IP (and port if necessary), recalculate the checksums and forward the packet.
Server-to-Client: Find the saved connection. Change the source IP (and port if necessary) to the original ones, recalculate the checksums and forward the packet.if want return one block page to user how can i do? certain,i have read the topics beforetimes on the board. u had suggest us to modify the current packet. well, but if the current packet is not enought long,what can we do? i think u must be asked for many times,u can consider to release out a modify pakcet sdk!
This is a very general question. If there is not enough space in the original packet you can extend it to the maximum possible size or inject extra packets into the TCP stream. In both cases you have to care of about controlling the TCP connection state and modify SEQ/ACK fields of the follow up packets. I would advise to inject a simple and short HTTP redirect code instead of injecting extra packets, this would save you lots of time.
once,i buy it,how to distribute it? ( ask user to install the winpkflt_rtl.exe first of all?)
WinpkFilter Developer Edition includes all necessary modules/scripts required for WinpkFilter drivers redistribution.
and then,we known the winpkfilter is a public sales software product,so,many people known how to use it throught the sdk.
that’s to say, i once used it on a computer,another people can also use it.To avoid possible conflicts we provide custom build of WinpkFilter driver to Developer Edition licensees.
please and please,can u do me a distribute package with the installer(inno or nsis)?
For non-commercial software you can ask users to download and install WinpkFilter run-time before installing your software.
and,can two application(two thread) can both to open the driver?(SetAdapterMode,SetPacketEven)!
Only one of these applications/threads (the second one) will be actually getting packets.
is there a circus buffer in ndisrd.sys??? MSTCP_FLAG_FILTER_DIRECT by default it is setting on or off?
Probably you have run into confusion with loopback packets. MSTCP_FLAG_FILTER_DIRECT is needed when promiscuous mode is set on the adapter to avoid loopback indications.
My client connect to Access point and ethernet hub via first network card. I will manage this client and redirect to second network card (internet connection). İf username and password is correct.
There are several WiFi hotspot solutions based on WinpkFilter are available on the market (TrueCafe, Antamedia and etc…). In general you have to redirect user to authentication page on his first attempt to use Internet browser, then if user is allowed to use Internet you have to save user credentials (MAC, IP addresses) and route user packets to external network. The detailed description of this would take a large amount of time, but if you have some more exact questions I will try to help.
and,at the first,the filter buffers had fixed the total size. when reached the end of the size(the last filter buffer),how could be add more filter rules? to “new” a new buffer and join with the old buffer?
If you look at the definition below _STATIC_FILTER_TABLE can contain any number of filters (ANY_SIZE is defined as 1) specified in the m_TableSize. Of course you got to have enough free kernel memory to keep large table.
typedef
struct _STATIC_FILTER_TABLE
{
unsigned long m_TableSize; // number of STATIC_FILTER entries
STATIC_FILTER m_StaticFilters[ANY_SIZE];
}STATIC_FILTER_TABLE, *PSTATIC_FILTER_TABLE;
The best available code signing walkthrough from Microsoft:
http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx
SSL encryption is implemented in user mode above winsock layer, so there is no way for the driver to intercept unencrypted data.
Interception of unencrypted data is still possible, but very specific for the particular application. Some of the application use Microsoft SSL crypto provider implemented in secur32.dll and in order to intercept unencrypted data you have to inject your own DLL into the target process and hook SPI functions between application and secur32.dll:
InitializeSecurityContext
AcceptSecurityContext
DecryptMessage
EncryptMessage
DeleteSecurityContextAnother possibility commonly used in Windows is OpenSSL library, the solution is similar but another set of functions has to be hooked. Custom SSL libraries or another methods of traffic encryption may require different methods.
Create blockpage packet with all current headers, add unicode string of html, change IP length, change seq and ack, recalculate checksums and send packet to adapter.
Instead I would do the following:
1) Wait for a response packet from WWW-server
2) If HTTP response packet contains a censored word then modify HTTP packet to contain a redirect packet like:<html> <head> <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.censored.com/"> </head> <body> </body> </html>This simple redirect packet in most cases will be smaller in size than HTTP server response and you can add padding string between to exactly match the size of the original packet. This way you won’t need to affect SEQ/ACK fields, just recalculate TCP checksum.
LSP sample is available in WIndows SDK. Personally I don’t like LSP, its implementation in Windows wishes better.
Transparent local proxy? If you can’t intercept application network activity on the TDI level then probably mentioned antiviruses use Layered Service Provider (LSP) to redirect the connection to the local proxy and thus it does reach TDI only from the name of local proxy, not in the context of the calling application. If this is really so you have to create your own LSP and layer it just above AV LSP to get connection first.
The problem is some routers have been configure to block most protocols except TCP taffic.
In this case you may want to tunnel packets inside the SSL stream over TCP. An example, this method is used in http://www.projectloki.com VPN solution.
I do realize that using a common protocol like IPSEC may get me through the router, but it may confuse traffic as well. My encryption solution is disruptive and does not fall into the normal encryption schema.
Why not to use GRE tunneling then? Routers usually pass GRE and even may NAT if you use extended GRE header.
Why do you want to add/change IP options? If you want to add extra encryption related information to the packet there are other possibilities.
First of all I would recommend to use one of the known protocols to tunnel encrypted packets. There are several options and all of them will be successfully processed by routers:
1) IPSEC ESP protocol
2) GRE
3) IP-in-IP
4) IP-in-UDPAs an example you can look at the GRETunnel sample from WinpkFilter samples set. It does not actually encrypt the tunneled packet but it is fairly simple to add encryption. If you need to have an extra information attached to the packet you can also use extended GRE.
