December 17, 2014 at 2:34 am #5417stsfParticipant
Hey guys, I ran into this problem trying to set up the following scenario – i used the C# packet filter code sample as my base and modified it (by the way – thank you for adding the C# filter code sample in the latest driver release)
filter 1 – allow IP4 traffic to and from a particular ip/port (let’s say, 192.168.7.22 port 80) to pass
Filter 2 – redirect all ipv4 TCP packets for processing in user mode
filter 3 – pass all other packets
What ends up happening is that the 192.168.7.22:80 packets are still passed to the second filter and therefore passed into user mode.
I’m guessing the default behavior of a packet when it is getting filtered is to go filter by filter until it finds a “redirect” or “block” behavior
If I try to switch filter 1 and 2 – i get the same behavior, because the packet is caught for a redirect in the tcp filter.
Is there a way to set up thee filters so that the packets respond to the first filter they match up to – so that the 3 filter scenario described above is possible?
Or is there an alternate way to set up the filters so that the desired behavior is achieved?
Thanks in advanceDecember 17, 2014 at 8:48 am #7195Vadim SmirnovModerator
Packet is matched against the filters list and first matching filter action is applied. So there is probably something wrong with your first filter.December 17, 2014 at 3:47 pm #7196stsfParticipant
Packet is matched against the filters list and first matching filter action is applied. So there is probably something wrong with your first filter.
Yeah, just came here to say that i found out what was wrong a few minutes ago. In short, i was being stupid.
I was using the “block ntkernel.com” filter as an example, and i changed its filter action to pass.
That filter was set up to look at the destination address and destination ports.
I had to set up another filter to catch source address and source ports, that solved the issue.
So my new filter setup, for anyone interested in doing the same, is:
filter 1 – pass tcp ipv4 packets with destination address of 192.168.7.22:80
filter 2 – pass tcp ipv4 packets with source address of 192.168.7.22:80
filter 3 – send all tcp ipv4 packets to user mode
filter 4 – pass all packets
- You must be logged in to reply to this topic.