hi,SerpentFly please come in:about send rawpacket

Home Forums Discussions Support Portal hi,SerpentFly please come in:about send rawpacket

This topic contains 4 replies, has 2 voices, and was last updated by  lovepkfilter 10 years, 1 month ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #5141

    lovepkfilter
    Participant

    i my sitation,i test the winpkfilter functions but some failed

    look this:

    [PACKET_FLAG_ON_RECEIVE]

    …….
    while ReadPacket (hFilt, @ReadRequest) <> 0 do
    begin
    ….
    if Buffer.m_dwDeviceFlags=PACKET_FLAG_ON_RECEIVE then
    begin

    if pIpheader_.Protocol=IPPROTO_TCP then
    begin
    //
    =============================
    if we want this packet go on we can call
    “SendPacketToMstcp(hFilt,@ReadRequest);”
    if we dont want and drop this packet,wo do nothing,go on for read next packet. all right?:)

    yes!i did want to drop a tcp packet,but before this the three times handshake had been connection.the socket state is:ESTABLISHED. althoght i will prevent the packet from the drop souce to connect again.but the Applicaiton still keep a ESTABLISHED state.

    so,i think i should send a raw packet to my MSTCP to tell it:CLOSE the ESTABLISHED. yes ! RST packet.

    what ever i modify the buffer.m_IBuffer or make up a new ETH_REQUEST,we dont get the connection to disconnected. 🙁
    i am be sure the checksum is ok!
    how to constructre a RST packet can u give me a delphi example?
    why it is will be failed for my operation?please give me a slight.~~ 🙂
    some code splice here:

    PMYTcpPacket= ^ TMYTcpPacket;
    TMYTcpPacket = packed record
    Etherheader:TEthernetHeader;
    IPHeader:TIPHeader;
    TCPHeader:TTCPHeader;
    // Data:Array[0..32767] of byte;
    end;

    PMyTcpPsdHeader=^TmyTcpPsdHeader;
    TmyTcpPsdHeader=packed record
    psdheader:TPSD_HEADER;
    TcpHeader:TTCPHeader;
    end;

    rst_PTcpheader:TMYTcpPacket;
    rst_psdTcpheader:TmyTcpPsdHeader;

    ZeroMemory(@rst_PTcpheader,54);
    ZeroMemory(@rst_psdTcpheader,32);
    CopyMemory(@rst_PTcpheader,@buffer.m_IBuffer,SizeOf(rst_PTcpheader));
    rst_PTcpheader.IPHeader.CheckSum:=0;
    rst_PTcpheader.TCPHeader.Checksum:=0;
    rst_PTcpheader.IPHeader.TotalLen:=40;
    rst_PTcpheader.IPHeader.TTL:=50;
    rst_PTcpheader.TCPHeader.Offset:=50;
    rst_PTcpheader.TCPHeader.Flags:=$14;
    rst_psdTcpheader.TcpHeader:=rst_PTcpheader.TCPHeader;
    rst_psdTcpheader.psdheader.saddr:=rst_PTcpheader.IPHeader.SourceIp;
    rst_psdTcpheader.psdheader.daddr:=rst_PTcpheader.IPHeader.DestIp;
    rst_psdTcpheader.psdheader.mbz:=0;
    rst_psdTcpheader.psdheader.ptcl:=IPPROTO_TCP;
    rst_psdTcpheader.psdheader.tcpl:=htons(20);
    rst_PTcpheader.TCPHeader.Checksum:=htons(Checksum(@rst_psdTcpheader,32));
    rst_PTcpheader.IPHeader.CheckSum:=htons(Checksum(@rst_PTcpheader.IPHeader,40));
    CopyMemory(@buffer.m_IBuffer,@rst_PTcpheader,54);
    buffer.m_Length:=54;

    ..
    SendPacketToMstcp(hFilt,@ReadRequest); //ReadRequest —-buffer
    ….
    i am wonder whether can winpkfilter send the raw packet

    =============================
    end;

    end

    end;

    end;

    3ks very much~wait for u online~~ 💡

    ===========================================

    and some other suggestions:

    1 think the most of the people which buy winpkfilter will use it to create Firewall Programer.all right? in the ring3,i want to will drop the packet,this’is to see,most of this packet from same ip will be drop by the netcard.

    but in winpkfilert it is always pass the packet to ring3 done with it,use the event.
    can we make up a hardware filterinfo in the ring0. to complete the drop packet by the ring0 driver not need event. i think this is a necessary for most pelple.it can be improve the performance of winpkfilter.

    best regards
    😉 😉

    #6466

    Vadim Smirnov
    Moderator

    how to constructre a RST packet can u give me a delphi example?
    why it is will be failed for my operation?please give me a slight.~~ Smile

    I’m sorry, but I’m not a Delphi expert. Though the easiest would be sending your RST packet to the network (in addition to sending to stack) and intercept it with Network Monitor or any other sniffer you prefer. This will help to discover any probelms you may have in forming the packet.

    can we make up a hardware filterinfo in the ring0. to complete the drop packet by the ring0 driver not need event. i think this is a necessary for most pelple.it can be improve the performance of winpkfilter.

    This is already implemented in WinpkFilter 3.0.4 and currently under testing.

    #6467

    lovepkfilter
    Participant

    good!hope the next version~can u give a release time?

    byt the way. i did not send out a packet by winpkfilter. 3.0.4 need more Characteristic property for firewall secion. let more things done in ring0 Automationly

    #6468

    Vadim Smirnov
    Moderator

    good!hope the next version~can u give a release time?

    It is expected in next couple of weeks.

    byt the way. i did not send out a packet by winpkfilter. 3.0.4 need more Characteristic property for firewall secion.

    I’m not sure I understand this statement. Could you clarify?

    #6469

    lovepkfilter
    Participant

    i means i hope 3.0.4’s winpkfilter could add more characteristic.

    eg: filterinfo or get the packet easy to deal with, after all,many time people are deal with the tcppacket. so How convenient!!!! like checksum,psdtcpheader,winpkfilter can give a temple structure. then not so much people will ask more question like “how to send a raw packet?” etc~~

    best reguard~~ 😆 😆

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.