Forum Replies Created
-
Posts
-
SetHwPacketFilter выставляет аппаратный фильтр на сетевой карте, наиболее часто встречающийся пример это перевод сетевого интерфейса в promiscuous mode. То есть прямого отношения к фрагментированным пакетам эта ф-ция не имеет.
Что значит “имеющимся функциями фильтрации, работать с фрагментированными пакетами” мне непонятно. С фрагментированными IP пакетами можно работать точно так же как и с любыми другими.
WinpkFilter получает ethernet фреймы до TCP/IP стека (который осуществляет сборку фрагментов), поэтому если из сети приходят фрагментированные пакеты, то и winpkfilter покажет именно их, а не собранный IP пакет.
What Visual Basic do you actually use? The samples were created for Visual Basic 6, so if you are using them under Visual Basic .NET then then the behavior can be different. An example managed memory can’t be directly passed to driver.
For the legacy NT driver you could use HAL routines to reconfigure your device, for PnP driver you better stick with PnP manager. This paper should be of some help to understand the difference: http://www.hollistech.com/Resources/Misc%20art … usdata.doc
What do excatly mean under “order”? I would not recommend to edit network configuration through the registry, however VirtNet can be found in the registry like any other network interface.
how works the winpkfilter, for setting up the SEND / Received message?
If packet comes from the network it is marked as ON_RECEIVE and ON_SEND otherwise.
and what do you think, how many packets are an overflow from the local mac if i capture theses by it
Sorry, I don’t understand the question, could you clarify?
2.x firewall service loaded only filters and adapter modes, new features like port mappings were not supported. It was fixed in 3.x
Loading the following filter will force all UDP packets to pass without processing in user mode, all other packets will be redirected for processing to user mode.
// Common values
pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID;
pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_PASS;
pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND | PACKET_FLAG_ON_RECEIVE;
// Network layer filter
pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;Refer “filter” sample for the general filters usage.
Can UDP packets pass without entering winpk filter?
No, unless you have loaded a filter to pass UDP packets without user-mode processing.
Can I do it using winpkfilter ? If yes how can I do that ?
You can. Just set IP/TCP headers as I have set Ethernet header in the sample above. The actual values of IP/TCP headers depend from the packet you intend to form.
pavankvnaidu posted a sample where he tries to initialize IP and UDP headers, you have to do the similar job.
Actually that depends on how you do copy data. If, an example, you have VirtNet NIC with IP address 192.168.1.101 and send ping packets on it:
ping 192.168.1.101 -t
Then actually non of the ping echo packet ever really reach the NIC, all data sent/received to/from local interfaces are processed inside TCP/IP. So no real network usage….
может ли происходить такое из-за того, что реальный отправляемый пакет отличается по длине от исходного?
Нет, скорее уж потому что ты каким-то образом поломал оригинальный пакет… Падает то система на освобождении оригинального пакета…
Где-то что-то сделано неверно, но вот что и где…
please do not say me though the winpkfilter data. How can i handle that though the gernal ip-header or tcp-header?
You can try to match Ethernet/IP address information (an example, source MAC == local NIC MAC ==> outgoing), but this does not give any guarantee because it is possible to send an arbitrary packet on the network.
pIpHeader->ip_len is in network byte order, so it should be:
DWORD dwDataLength = ntohs(pIpHeader->ip_len) - ( pIpHeader->ip_hl*4 + pTcpHeader->th_off*4);Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? )
Sure. The easiest way for you to start is take and parse the normally received packet (intercepted from the network). You can do it with one of the network sniffers (like Network Monitor or Ethereal). Then just build your own packet with WinpkFilter on the same way. Of course it requires some understanding of how TCP/IP works..
