(.NET) Routing to local socks proxy causes Connection Reset / Closed by Peer

Home Forums Discussions Support (.NET) Routing to local socks proxy causes Connection Reset / Closed by Peer

Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 5, 2021 at 9:17 pm #11777
    VirtualSmile
    Participant

      Hello!

      I have been experimenting with this driver as a way to route game packets through a proxy. It currently goes like this: Game > Local Proxy > Remote Proxy > Game Server

      My issue is on the Remote Proxy Logs, the connection will throw “remote peer error (connection reset by peer)” or just “remote peer closed” with the connection duration lasting for only 1 second. This is not an issue with the proxy as I can use Proxifier to route game packets to the same proxy with no issues. If I test with basic TCP Connect packets, it will work fine.

      Do you know what might be causing this problem? Is the game server closing the connection because the packets have been modified?

      Thank you.

      September 7, 2021 at 2:28 pm #11778
      Vadim Smirnov
      Keymaster

        Hi!

        There is a sample https://github.com/wiresock/ndisapi/tree/master/examples/cpp/socksify which redirects specified local application to the local TCP proxy and then to the specified SOCKS proxy. If I understood you right then this is what you doing in your application. I have also used similar approach in a couple of commercial projects and I can confirm that this works just fine.

        To figure out what is going wrong in your case I would capture and save the traffic to analyze. May be the packet you modified has incorrect checksum or length and thus dropped by the stack.

        September 12, 2021 at 5:09 pm #11783
        VirtualSmile
        Participant

          Hi Vadim!

          Thank you for responding so fast. I have already been through the sample before and actually used it for reference for my project (but in .NET).

          I have solved the issue – on my end, it looks like the socket connection to the proxy was closing after a few packets, and that’s why tcp ping / connect tests were working fine (as only 1 packet). Thank you again for the help.

          I have another question now, but if it’s better off being put on a new thread, let me know and I’ll make another one. Do you have any recommendations or tips on filtering by ProcessID or ProcessName? Would P/Invoke into C / C++ functions be the best way by comparing network tables? I was thinking of doing an LSP Hook via. DLL Injection to build an out-going network table but I want to avoid that due to anti cheat.

          Thank you.

          September 13, 2021 at 11:14 am #11785
          Vadim Smirnov
          Keymaster

            There are actually two ways to filter with ProcessID or ProcessName:

            • The easy one is IP Helper API. You can find the details in process_lookup.h
            • More complicated one is creating WFP callout driver to track network connections (sockets) creation/termination

            The LSP is deprecated and I’m not sure if it is supported on Windows 10.

          • Author
            Posts
          Viewing 4 posts - 1 through 4 (of 4 total)
          • You must be logged in to reply to this topic.