My application has to do probably something more that reroute packets. I try to explain better what I have to do and how I want to solve the problem.
intercept data that an application sends and redirect the payload to a localhost server. Read also destination address and port. A user could enable/disable add/remove a device closing in this way the application socket
The following is what I would like to do.
1 – intercept when an application A1 wants to open a socket to an address IP_X:Port_X
2 – open a socket S1 with my localhost server LHS on port PS
3 – read socket informations (address IP_X:Port_X) and send the payload to LHS port PS
5 – LHS responds to the application and the comunication continues. I’ll start with a single application.
A) I think my application needs to intercept the flow at a high level because a user could enable/disable add/remove a device closing in this way the socket. Operating system should see always the same device connected or no device at all(I prefer).
B) I’ve not to implement something like NAT, because no tcp packet is formed and data flows inside the socket I’ve redirected.
Please, tell me if you agree with my steps or you see a simplier way/errors.
About the implementation, I’ve no experience on windows networking programming. Referring to image in
I ‘ve seen that two solutions could be Transport Data Interface Filter Driver (TDI Filter) or Layered Service Provider (LSP)
I’ve read that LSP is simplier so I’ve found in windows sdk an example (winsock/lsp). The readme.txt file reports that
This code sample illustrates a Winsock 2 layered service provider (LSP).
An LSP is a method of inserting a layer between the Winsock 2 API and
applications. This is achieved by creating a DLL which implements the
entire set of Winsock provider functions.
There are two types of LSPs.
1- The first type is known as a base provider.
A base provider exposes access to a protocol (such as TCP/IP). Not only
does it require a user mode DLL which implements the WSP functions but
it also requires a kernel mode component which communicates with the
underlying protocol driver (usually via the TDI interface – consult
the DDK for TDI information).
2-The other type of LSP is the type we mentioned in the first paragraph.
It is a layer that lies above a base provider which is what this sample
is. You can install this LSP above any installed base provider. Microsoft
operating systems ship with a variety of base providers such as
‘MSAFD Tcpip [TCP/IP]’ (the TCP/IP provider). You can even install this
LSP over other installed LSPs.”
– I think that referring to ndis.com, sdk’s LSP1 is winsock replacement method and LSP2 is as in ndsi.com
– As reported in ndis.com, with winsock replacement I could have some trouble for future installations, but this is not a problem for me.
Have you any suggestion to me?
If I am not wrong, SerpentFly suggests me to use a TDI Filter, while Taras a LSP2 as reported above. What do you think about winsock replacement(LSP1)?
Thank you in advance.