May 20, 2007 at 10:28 pm #5096
First of all I’d like to thank creators of WinPkfilter lib, really great job. I haven’t touched anything but php for about two years and yet I have been able to implement simplest traffic shaper in two days with it. Thanks a lot.
My question is, and forgive me please if I’m asking something really obvious – how can one find out NATted connection source/destination address with winpkfilter? My task is to implement traffic shaper, and its primary use would be on routing server. So, to make it right, one should be able to somehow ‘link’ two connections on different network interfaces (or something like that), but how it is possible without having access to routing program’s NAT mapping table? Using modified PassThru for now I see outcoming packets from private network on public interface with destination address set to request’s server address, source address set to requesting machine’s IP, and incoming packets from request’s server IP to routing machine’s IP. No idea how to a) figure out that’s it’s single two-way connection and, more important, b) how to find out real private src/dst address for outcoming/incoming packets. Can somebody help me? Is it feasible after all?
Thanks in advance,
astolMay 21, 2007 at 11:30 am #6246
Each packet routed outside you intercept twice – first on the internal interface before NAT is applied and second on external interface after NAT is applied and vice versa for packets coming on the external interface. In theory you can match these packets (by IP address information + IP ID + TCP/UDP headers information) and build your own copy of NAT table but collisions are still possible especially if the router is heavily loaded.
I would recommend implementing NAT in the same module which implements shaper, this would save you lots time. NAT is relatively easy to implement (if you are not targeted to support complex protocols like H.323), an example this simple application has taken one day to write http://www.ntkernel.com/w&p.php?id=31May 22, 2007 at 7:18 pm #6247
Thanks for reply.
The thing is to create a shaper that only shapes, because implementing NAT automatically implies that I should implement a lot of other functionality and finally it’ll be something like Traffic Inspector – the outcome I want to avoid. To be specific I intend to use Traffic Inspector and since it’s shaping module is really bad implemented I want to write my own. If I do NAT, then I’ll have to somehow forbid TI’s NAT and I don’t know if he’s capable to work without it.
But… Wait a minute. TI doesn’t NAT. It uses Windows’s Routing and remote access. Ha, my problem is solved. I’ll do NAT and shaping, and let TI do anything else like authentication, traffic metering and else.
Thanks a lot! 🙂
PS: Hmm… And how does TI shape NATted connection!?…May 23, 2007 at 7:58 am #6248
Hmm… And how does TI shape NATted connection!?…
TI developers know for sure. I would try to reverse engineer ICS implementation in Windows and get NAT table.
You must be logged in to reply to this topic.