Forum Replies Created
-
Posts
-
After outgoing packet modification I would indicate it to MSTCP instead sending it over the network.
Hope it helps…
Yes, sure. the only thing you should do is creating some registry entries (please find the details in the WinlkFilter docs).
I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?
This is not hardware driver, so for Windows NT/2000/XP/2003 you should use NT legacy driver, which sceleton can be generated using something like QuickSYS (http://www.ntkernel.com/resources.shtml). For Windows 98/ME you can use VToolsD framework to generate the driver sceleton.
I think you can create the dedicated working thread and perform packet processing in this thread. In this case you won’t block your main thread.
Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.
If you have kernel mode expirience then using IOCTL interface from the kernel mode should not be a problem for you. Otherwise, it may appear even more then difficult. You will have to create two drivers (SYS for NT/2000/XP/2003 and VxD for Windows 9x/ME, please refer relative DDKs for the details).
If it looks too difficult then you should try to optimize user-mode packet processing or upgrade (upgrade fee is 2000USD) to Source Code license(in this case you also won’t avoid kernel mode development, but you will be able to create cross-platform packet processing code using ready WinpkFilter interfaces).
Using IOCTL interface from kernel is very similar to doing it from user-mode. However, if you really need kernel mode solution, the easiest way would be licensing source code and modifying original driver’s code.
There should be no problem with using WinpkFilter from GUI application. As for you problem, then it is probably somethere in your packet filtering code. Hope it helps…
Please could somebody confirm that I can achieve the following:
Parse IP packets on Ethernet and Dial-up adaptors.
Alter TCP/UDP data (with checksum adjustment).
Block TCP/UDP packets
Use MS Visual C++ for developmentYes, that’s right.
Will I need different versions of WinPkFilter for different Windows releases (2000, Xp Home, Xp Pro) ?.
No, there are two helper drivers, one supports Windows 9x/ME, another Windows NT/2000/XP/2003.
Ethernet Bridge is free and unsupported tool. There is no warranty that it will work any OS/hardware configuration.
When implementing IPSec you need to insert additional headers (AH, ESP) or even incapsulate packets, thats why you need to decrement MTU used by system.
May it makes sense for you to read IPSec documents regarding this subject? WinpkFilter gives you raw access to packet data, so you can do anything described in IPSec specs.
I need this solution for 98 as well. But Localhost Minitor API is for NT platform. Can you please sugesst a solution for all windows platform.
You can also create TDI filter driver for Windows 9x/ME. An example sample code for Windows 9x/ME TDI filter driver can be found in the VToolsD (part of SoftIce Driver Suite and Driver Studio products from http://www.compuware.com) samples.
Another solution is LSP, it’s a user mode DLL which installed as proxy between Winsock interface and Winsock Service Provider. Please, read MSDN for the details.
I know the DNS requests. But I dont know how to redirect any request to some other domain/IP. Can you please be more specific about this. This redirection has to be done on between MSTCP table and application or in between Network Adeptor and MSTCP? I can drop the connection while reading the MSTCP based on IP or other filter but dont know how to redirect this.
Here are two ways:
1) Intercept DNS request packet, parse the content and check if it queries information for the domain you would like to forbid access. If it is then just drop this packet, system will fail to resolve IP for the domain and it will be unable to connect that host. Blocking can be also done for DNS response packet.
2) Intercept DNS response, check if it is for the domain you would like to forbid access. If it is then modify IP address information (to the host you would like to redirect to) and pass packet to the stack. On this way you cheat system with your redirect IP address and it will try to connect specified IP (you can place a web-page there like “Access to this site is restricted” or something).does windpkfilter provides TDI filtering or LSP? I have bought windpkfilter licence for individual. Before buying the source code I want to know is it possible to make such kind of firewall using the same. If no then do you have any other development SDKs or if yes can you please provide me a sample.
Please find Localhost Minitor API on this site, which is based on the TDI filter driver for Windows NT/2000/XP/Server2003. There is a sample LSP code avalable in the MSDN (search for SPI.CPP).
Usually firewalls combine TDI (or LSP) and NDIS level filter in order to provide complete functionality.
As for the DNS request modification then I can’t provide you the sample code. However, there is no great problem to do this, you should intercept DNS requests/replies and modify the replied IP for the URL you would like to redirect or just block the request (in this case browser will fail to detrmine site IP). I think it makes sense for you to read DNS specs.
