I don’t know if this makes any sense, this is the code we have added to Internet Gateway,so that we can allow users based on their MAC address.
if(::SendARP(pIpHeader->ip_src.S_un.S_addr, INADDR_ANY, MACSource, &dwMacSize) != NO_ERROR)
continue;
pNatClient = pDlg->GetClientByMAC(MACSource);
if(pNatClient == NULL)
if(!hAdapters[dwIndex]->IsLocalAddress(&pIpHeader->ip_dst))
{
if(pIpHeader->ip_p == IPPROTO_TCP)
{
pTcpHeader = (tcphdr*)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
if(ntohs(pTcpHeader->th_dport) != 80)
{
if(ntohs(pTcpHeader->th_dport) != 443)
{
continue;
}
}
if(pTcpHeader->th_flags == TH_SYN)
bTrack = TRUE;
}
}
}
if((bForceRouting) &&(hAdapters[dwIndex]->m_NATState == CLIENT) && (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_RECEIVE))
{
bNeedToBeRouted = pDlg->IsNeedToForceRouting(pEthHeader->h_dest, pIpHeader->ip_dst.S_un.S_addr, pProviderCard->m_Index);
}
// TCP packet processing
if (pIpHeader->ip_p == IPPROTO_TCP)
{
// This is TCP packet, get TCP header pointer
pTcpHeader = (tcphdr*)(((PUCHAR)pIpHeader) + sizeof(DWORD)*pIpHeader->ip_hl);
// Outgoing TCP packets processing
if(((bForceRouting) && (bNeedToBeRouted) &&(hAdapters[dwIndex]->m_NATState == CLIENT)&&(PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_RECEIVE))
||
((!bForceRouting) &&(hAdapters[dwIndex]->m_NATState == PROVIDER)&&(PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND)))
{
CPortNATEntry* pTcpNE = NULL;
if (pTcpHeader->th_flags == TH_SYN)
{
// New TCP connnection established, allocate dynamic NAT entry
if((!bForceRouting) && bTrack)
pTcpNE = pDlg->m_TcpNatTable.Allocate(pIpHeader->ip_src, pTcpHeader->th_sport, pIpHeader->ip_dst, pTcpHeader->th_dport, bTrack, MACSource);
else if(bForceRouting && bTrack)
pTcpNE = pDlg->m_TcpNatTable.Allocate(pIpHeader->ip_src, pTcpHeader->th_sport, pIpHeader->ip_dst, pTcpHeader->th_dport, bTrack, pEthHeader->h_source);
else
pTcpNE = pDlg->m_TcpNatTable.Allocate(pIpHeader->ip_src, pTcpHeader->th_sport, pIpHeader->ip_dst, pTcpHeader->th_dport, bTrack);
if(pTcpNE)
{
pTcpNE->m_IpNAT = bForceRouting?pProviderCard->m_NATIp:hAdapters[dwIndex]->m_NATIp;
}
pDlg->CheckMTUCorrelation(&PacketBuffer, pIpHeader, pTcpHeader);
}
else
{
// Try to locate existing NAT entry
pTcpNE = pDlg->m_TcpNatTable.Find(pIpHeader->ip_src, pTcpHeader->th_sport, pIpHeader->ip_dst, pTcpHeader->th_dport);
if(pTcpNE && pTcpNE->m_bTracked && pTcpHeader->th_flags == (TH_ACK | TH_PSH))
{
// Add filtering URL here
CHAR * pHttpMsg = (CHAR*)(((PUCHAR)pTcpHeader) + sizeof(DWORD)*pTcpHeader->th_off);
INT maxLength = PacketBuffer.m_Length – ::abs((LONG)((DWORD)pHttpMsg – (DWORD)pEthHeader));
CHAR* szHost = NULL;
CHAR *pHttpHeaderLine = new char[1024];
int i = 0, j;
::ZeroMemory(pHttpHeaderLine, 1024);
do{
j = 0;
while( i < maxLength && pHttpMsg != ‘n’ && j < 1022)
{
pHttpHeaderLine[j] = pHttpMsg;
i++;
j++;
}
pHttpHeaderLine[j++] = ‘n’;
pHttpHeaderLine[j] = ‘�’;
i++;
if(::_strnicmp(pHttpHeaderLine, “Host: “, 6) == 0)
{
pHttpHeaderLine[j-2] = ‘�’;
szHost = new CHAR[8 + strlen((char*)&pHttpHeaderLine[6])];
::sprintf(szHost, “http://%s”, (char*)&pHttpHeaderLine[6]);
}
}while( i < maxLength && !( pHttpHeaderLine[0] == 'r' && pHttpHeaderLine[1] == 'n'));
delete pHttpHeaderLine;
if(szHost != NULL && pDlg->GetAllowedURL(szHost, strlen(szHost)) == -1)
pTcpNE->m_ack = pTcpHeader->th_ack;
if(szHost != NULL)
delete szHost;
}
}