[Voxen]

2 questions following your post:

a) what about the destination MAC address?
If I’ve understood what you said, I guess it is:
ORIGINAL:
source: 192.168.0.10
destination: POP3 IP
MAC source: MACA
MAC destination: MACB

CHANGED:
source: a fake IP on the same net, i.e. 192.168.0.100
destination: must be your IP on that adapter / network, in our example 192.168.0.10
MAC source: MACB
MAC destination: MACA

b) do I send the modified packets to Adapter or MSTCP?

[Voxen]

I’m running to try that. It makes sense, hope it gonna work 🙂

Thanks again for your great advices!

[Voxen]

Hi bk, yes I see what you mean.

Okay I’ll try to explain what I try to achieve.
I’m writing an antispam application that runs as a local POP3 proxy server, standing between the mail client and the remote server. I want to avoid the user all the complexity of modifying his mail client’s account settings to point to the POP3 proxy, so I want to transparently reroute outgoing packets to remote server to the local POP3 proxy. Then the POP3 proxy establishs the real connection to the remote server, grab new mails, filter them and reply to the mail client through the rerouted connection. The mail client needs to believe he’s connected to remote server while he’s actually connected to the local POP3 proxy.

So we have:

User PC @ 127.0.0.1
– mail client (Outlook, etc)
– POP3 proxy (server listening on port 110)
– winpkfilter packet router

POP3 host @ http://www.xxx.yyy.zzz

When the winpkfilter packet router detects a connection 127.0.0.1 <-> http://www.xxx.yyy.zzz / 110, he’ll change the destination IP and port to local POP3 proxy.

BTW, about my prior message :

PCA -> SYN -> PCB
PCA <- SYN/ACK <- PCB
PCA <- SYN/ACK <- PCB
PCA -> RST -> PCB (ZeroWindow)

I ran this between 2 PCs in my local network. I’ve never been to make it work on the same machine as I’d like to according to this message.

[Voxen]

SerpentFly, could you tell me if WinpkFilter is able to process internal packets as bk said it probably doesn’t? I need to reroute packets sent from local machine to local machine instead of Internet.

[Voxen]

Well I’ve not been able to make it work within the same machine 😥

I’ve been able to reroute to another PC in the local area network but it doesn’t totally work either. This is roughly what Ethereal reports:
PCA -> SYN -> PCB
PCA <- SYN/ACK <- PCB
PCA <- SYN/ACK <- PCB
PCA -> RST -> PCB (ZeroWindow)

[Voxen]

I’ll try that! Thanks again bk.

[Voxen]

Thank you bk for this very clear explanation.

As I’m running both the mail client, the POP3 server and the packet filter on the same PC, I guess that what I must do is:
– capture the outgoing packet
– change its IP and port to localhost/110
– change its MAC address to PC’s MAC address
– recalculate checksums
– send the packet to MSTCP (as stated by SerpentFly above) and not Adapter

So, since the packet originator is the mail client running on the same PC, the source MAC address it the one I should set as MAC destination, right?

[Voxen]

You mean calling NdisApi.SendPacketToMstcp(&Request) instead of NdisApi.SendPacketToAdapter(&Request) in my example above?

I’ve just tried this and it doesn’t work any better.
Should I modify something else in the packet?
Or should I switch this “sent” packet into a “receive” one?

Sorry but I’m a bit lost…

[Voxen]

I captured the packets with Ethereal, the checksum are both correct.
The mail client loops sending SYN but gets no reply.

Do I need to modify the destination MAC address as well (copy source MAC address to destination)?

[Author]

Posts