Re: Re: Static filter table – netbios traffic is redirected alwa

Home Forums Discussions Support Static filter table – netbios traffic is redirected always Re: Re: Static filter table – netbios traffic is redirected alwa

#7143
Vadim Smirnov
Keymaster

    If you look at the filter.cpp sample you can find the scenario which redirects only DNS packets to user mode and passes any other packets. Filters are defined as the following:

    //**************************************************************************************
    // 1. Outgoing DNS requests filter: REDIRECT OUT UDP packets with destination PORT 53
    // Common values
    pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
    pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
    pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;
    pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND;

    // Network layer filter
    pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
    pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
    pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

    // Transport layer filter
    pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
    pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_DEST_PORT;
    pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS
    pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;

    //****************************************************************************************
    // 2. Incoming DNS responses filter: REDIRECT IN UDP packets with source PORT 53
    // Common values
    pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
    pFilters->m_StaticFilters[1].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
    pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_REDIRECT;
    pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;

    // Network layer filter
    pFilters->m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = IPV4;
    pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
    pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

    // Transport layer filter
    pFilters->m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = TCPUDP;
    pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
    pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53; // DNS
    pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53;

    //***************************************************************************************
    // 3. Pass all packets (skipped by previous filters) without processing in user mode
    // Common values
    pFilters->m_StaticFilters[2].m_Adapter.QuadPart = 0; // applied to all adapters
    pFilters->m_StaticFilters[2].m_ValidFields = 0;
    pFilters->m_StaticFilters[2].m_FilterAction = FILTER_PACKET_PASS;
    pFilters->m_StaticFilters[2].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

    break;

    Does this sample work for you?