Re: Re: STATIC FILTER using VB

Home Forums Discussions Support STATIC FILTER using VB Re: Re: STATIC FILTER using VB

#7146
Vadim Smirnov
Keymaster

    Hi,

    I nearly have no experience in VB, but there is a C sample filter.cpp which has a scenario to redirect only DNS packets for processing by WinpkFilter application.

    This sample scenario can be easily modified to intercept only DNS queries destined to local DNS server this way:


    pFilters->m_TableSize = 2;


    // 1. Incoming DNS requests filter: REDIRECT IN UDP packets with destination PORT 53
    // Common values
    pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
    pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
    pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_REDIRECT;
    pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;

    // Network layer filter
    pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
    pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
    pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

    // Transport layer filter
    pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
    pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
    pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS
    pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53;

    //***************************************************************************************
    // 2. Pass all packets (skipped by previous filters) without processing in user mode
    // Common values
    pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
    pFilters->m_StaticFilters[1].m_ValidFields = 0;
    pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_PASS;
    pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

    break;

    The filter you showed in your initial post should select only outgoing DNS queries, not incoming ones.