Reply To: How to get source IP address in TDI filter driver?

Home Forums Discussions General How to get source IP address in TDI filter driver? Reply To: How to get source IP address in TDI filter driver?

November 22, 2007 at 8:34 am #6492
kokos
Participant

    Hello, thank you for reply.

    Unfortunatly, TDI_QUERY_INFORMATION does not obtain the actual source IP address in 100 % of cases. I tried to obtain it using TDI_QUERY_INFORMATION and TDI_QUERY_ADDRESS_INFO but in 99 % of cases I get zero for source IP (you can take a look at the code I am using at the end of this message).

    I also tried get the adapter info (TDI_QUERY_ADAPTER_STATUS) when I handle TDI_CONNECT and once I succeed I will be able to get the adapter address, but the TDI_QUERY_ADAPTER_STATUS is not implemented – IoCallDriver returns me STATUS_NOT_IMPLEMENTED.

    When all my attempts failed, I downloaded the open source TDI firewall – tdi_fw to check how it detects the local IP address, and I noticed, that in major cases it detects the source IP as 0 (this can easially be seen in the logs).

    OK then, I did again some googling, and found an interesting reply of DDK MVP: http://tech.groups.yahoo.com/group/discussion-pcausa/message/1516
    Maybe, his reply explains why I always get the 0.0.0.0 – because the application specifies INADDR_ANY as a source address and TDI subsystem just gives me a hint that I can treat the source address, as any address of the currently running adapters. But I need to obtain the real source IP address

    The code I am using to obtain the source IP (source port is correctly obtained):


    

    
USHORT GetPortFromAddressInfo(PDEVICE_OBJECT pDeviceObject, PFILE_OBJECT
    
pAddressObject)
    
{
    
NTSTATUS status ;
    
PIRP pIrp = NULL ;
    
PMDL pMDL = NULL ;
    
TDI_ADDRESS_INFO *pAddrInfo = NULL ;
    
TDI_ADDRESS_IP  TDI_IP ;
    
USHORT usPort ;
    
IO_STATUS_BLOCK IoStatusBlock ;
    

    
pIrp  =  TdiBuildInternalDeviceControlIrp (TDI_QUERY_INFORMATION,
    
pDeviceObject,
    
pAddressObject,
    
NULL,
    
&IoStatusBlock
    
);
    
if(!pIrp)
    
{
    
DebugPrint("pIrp not allocated") ;
    
return 0 ;
    
}
    

    
if(!pAddrInfo)  //not yet allocated
    
pAddrInfo = (TDI_ADDRESS_INFO*)ExAllocatePool(NonPagedPool , 2048) ;
    

    
if(!pAddrInfo) //not allocated
    
{
    
return 0 ;
    
}
    

    
{
    
pMDL = IoAllocateMdl(
    
pAddrInfo,
    
2048,
    
FALSE,
    
TRUE,
    
pIrp
    
);
    
}
    
if(!pMDL)
    
{
    
DebugPrint("MDL not allocated") ;
    
goto CLEANUP ;
    
}
    

    
//__try
    
{
    
MmProbeAndLockPages(pMDL, KernelMode, IoWriteAccess) ;
    

    
}
    
//__except(EXCEPTION_EXECUTE_HANDLER){
    
//DebugPrint("MDL not locked") ;
    
//bSuccess = 0 ;
    
//}
    

    
TdiBuildQueryInformation (
    
pIrp,
    
pDeviceObject,
    
pAddressObject,
    
NULL, //QUERY_COMPLETION_ROUTINE,
    
NULL,
    
TDI_QUERY_ADDRESS_INFO,
    
pMDL );
    

    
status = IoCallDriver(pDeviceObject, pIrp);
    

    
if( status == STATUS_SUCCESS )
    
{   in_addr *p_inetAddr ;
    
//DebugPrint("Connection State [%u]", pAddrInfo->ActivityCount) ;
    
TRANSPORT_ADDRESS  *pTAddress = &pAddrInfo->Address ;
    
TA_ADDRESS  *pTA = &pTAddress->Address[0] ;
    
RtlCopyMemory(&TDI_IP, (TDI_ADDRESS_IP*)pTA->Address,
    
TDI_ADDRESS_LENGTH_IP) ;
    
p_inetAddr = (in_addr*)&TDI_IP.in_addr ;
    
}
    
else
    
{
    
DebugPrint("Connection State - CallDriver failed") ;
    
}
    
usPort = TDI_IP.sin_port ;
    
CLEANUP:
    
if(pAddrInfo)
    
ExFreePool(pAddrInfo) ;
    
return usPort ;
    

    
}