- This topic has 4 replies, 2 voices, and was last updated 18 years ago by
lovepkfilter.
-
AuthorPosts
-
October 25, 2007 at 4:53 am #5141
i my sitation,i test the winpkfilter functions but some failed
look this:
[PACKET_FLAG_ON_RECEIVE]
…
…….
while ReadPacket (hFilt, @ReadRequest) <> 0 do
begin
….
if Buffer.m_dwDeviceFlags=PACKET_FLAG_ON_RECEIVE then
begin
…
if pIpheader_.Protocol=IPPROTO_TCP then
begin
//
=============================
if we want this packet go on we can call
“SendPacketToMstcp(hFilt,@ReadRequest);”
if we dont want and drop this packet,wo do nothing,go on for read next packet. all right?:)yes!i did want to drop a tcp packet,but before this the three times handshake had been connection.the socket state is:ESTABLISHED. althoght i will prevent the packet from the drop souce to connect again.but the Applicaiton still keep a ESTABLISHED state.
so,i think i should send a raw packet to my MSTCP to tell it:CLOSE the ESTABLISHED. yes ! RST packet.
what ever i modify the buffer.m_IBuffer or make up a new ETH_REQUEST,we dont get the connection to disconnected. 🙁
i am be sure the checksum is ok!
how to constructre a RST packet can u give me a delphi example?
why it is will be failed for my operation?please give me a slight.~~ 🙂
some code splice here:PMYTcpPacket= ^ TMYTcpPacket;
TMYTcpPacket = packed record
Etherheader:TEthernetHeader;
IPHeader:TIPHeader;
TCPHeader:TTCPHeader;
// Data:Array[0..32767] of byte;
end;PMyTcpPsdHeader=^TmyTcpPsdHeader;
TmyTcpPsdHeader=packed record
psdheader:TPSD_HEADER;
TcpHeader:TTCPHeader;
end;
rst_PTcpheader:TMYTcpPacket;
rst_psdTcpheader:TmyTcpPsdHeader;ZeroMemory(@rst_PTcpheader,54);
ZeroMemory(@rst_psdTcpheader,32);
CopyMemory(@rst_PTcpheader,@buffer.m_IBuffer,SizeOf(rst_PTcpheader));
rst_PTcpheader.IPHeader.CheckSum:=0;
rst_PTcpheader.TCPHeader.Checksum:=0;
rst_PTcpheader.IPHeader.TotalLen:=40;
rst_PTcpheader.IPHeader.TTL:=50;
rst_PTcpheader.TCPHeader.Offset:=50;
rst_PTcpheader.TCPHeader.Flags:=$14;
rst_psdTcpheader.TcpHeader:=rst_PTcpheader.TCPHeader;
rst_psdTcpheader.psdheader.saddr:=rst_PTcpheader.IPHeader.SourceIp;
rst_psdTcpheader.psdheader.daddr:=rst_PTcpheader.IPHeader.DestIp;
rst_psdTcpheader.psdheader.mbz:=0;
rst_psdTcpheader.psdheader.ptcl:=IPPROTO_TCP;
rst_psdTcpheader.psdheader.tcpl:=htons(20);
rst_PTcpheader.TCPHeader.Checksum:=htons(Checksum(@rst_psdTcpheader,32));
rst_PTcpheader.IPHeader.CheckSum:=htons(Checksum(@rst_PTcpheader.IPHeader,40));
CopyMemory(@buffer.m_IBuffer,@rst_PTcpheader,54);
buffer.m_Length:=54;
…
..
SendPacketToMstcp(hFilt,@ReadRequest); //ReadRequest —-buffer
….
i am wonder whether can winpkfilter send the raw packet=============================
end;end
end;
end;
3ks very much~wait for u online~~ 💡
===========================================
and some other suggestions:
1 think the most of the people which buy winpkfilter will use it to create Firewall Programer.all right? in the ring3,i want to will drop the packet,this’is to see,most of this packet from same ip will be drop by the netcard.
but in winpkfilert it is always pass the packet to ring3 done with it,use the event.
can we make up a hardware filterinfo in the ring0. to complete the drop packet by the ring0 driver not need event. i think this is a necessary for most pelple.it can be improve the performance of winpkfilter.best regards
😉 😉October 26, 2007 at 8:52 am #6466how to constructre a RST packet can u give me a delphi example?
why it is will be failed for my operation?please give me a slight.~~ SmileI’m sorry, but I’m not a Delphi expert. Though the easiest would be sending your RST packet to the network (in addition to sending to stack) and intercept it with Network Monitor or any other sniffer you prefer. This will help to discover any probelms you may have in forming the packet.
can we make up a hardware filterinfo in the ring0. to complete the drop packet by the ring0 driver not need event. i think this is a necessary for most pelple.it can be improve the performance of winpkfilter.
This is already implemented in WinpkFilter 3.0.4 and currently under testing.
October 26, 2007 at 1:24 pm #6467good!hope the next version~can u give a release time?
byt the way. i did not send out a packet by winpkfilter. 3.0.4 need more Characteristic property for firewall secion. let more things done in ring0 Automationly
October 26, 2007 at 6:18 pm #6468good!hope the next version~can u give a release time?
It is expected in next couple of weeks.
byt the way. i did not send out a packet by winpkfilter. 3.0.4 need more Characteristic property for firewall secion.
I’m not sure I understand this statement. Could you clarify?
October 27, 2007 at 2:41 am #6469i means i hope 3.0.4’s winpkfilter could add more characteristic.
eg: filterinfo or get the packet easy to deal with, after all,many time people are deal with the tcppacket. so How convenient!!!! like checksum,psdtcpheader,winpkfilter can give a temple structure. then not so much people will ask more question like “how to send a raw packet?” etc~~
best reguard~~ 😆 😆
-
AuthorPosts
- You must be logged in to reply to this topic.