sumitani

Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • January 12, 2021 at 4:34 pm in reply to: Filtering by protocol using STATIC_FILTER structure #11458
    sumitani
    Participant

      Oh, I see. This is the behavior that I getting here.

      Regarding the multiply layers driver. When you refer to the layers, are you referring to the layer defined in the STATIC_FILTER structure (DATALINK, NETWORK, TRANSPORT) or the multiple STATIC_FILTERS for each CNdisApi instance without override?

      Using different layers for each application, both of them cannot intercept the same packet?

      January 12, 2021 at 1:19 pm in reply to: Filtering by protocol using STATIC_FILTER structure #11456
      sumitani
      Participant

        It is not possible to instantiate more than one CNdisApi class to apply different filters for each protocol? Using only the filter as you said worked well for TCP.

        January 12, 2021 at 10:29 am in reply to: Filtering by protocol using STATIC_FILTER structure #11453
        sumitani
        Participant

          I sent the wrong parameter in m_dwDirectionFlags.

          This is the first filter, to capture only outbound TCP:

          m_Adapter.QuadPart = 0;
          m_ValidFields = NETWORK_LAYER_VALID;
          m_FilterAction = FILTER_PACKET_REDIRECT;
          m_dwDirectionFlags = PACKET_FLAG_ON_SEND;

          m_NetworkFilter.m_dwUnionSelector = IPV4;
          m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
          m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_TCP;

          Then the second pass the other packets:
          m_Adapter.QuadPart = 0;
          m_dwDirectionFlags = PACKET_FLAG_ON_SEND;
          m_FilterAction = FILTER_PACKET_PASS;

          This combination is not working, I need to change the approach and filter the ICMP and UDP in order to capture TCP?

        • Author
          Posts
        Viewing 3 posts - 1 through 3 (of 3 total)