Forum Replies Created
-
Posts
-
For example, the PassThru example shows a SetPacketEvent call but no way to understand how to use this event… or the various modes, or the “SendPacket” operations.
SetPacketEvent registers an event object within the driver. This event is signaled by driver when packet queue is non empty, by other words you have packets to read from the driver.
For your project you can be only interested in tunnel modes, because listen mode does not allow to drop or modify packets.
SendPacketXXX/SendPacketsXXX re-inject packets back into the network stack.
My goal is to create a Gateway service to examine combinations of several variables (all read from a file):
– Client IP Address (static or wildcard)
– Client MAC Address (static or wildcard)
– Destination IP Address (static or wildcard)
– Destination Port (static or wildcard)The service must either drop the packet(s) or pass them along to the external interface.
Such simple functionality can be implemented on top of built-in WinpkFilter static filters. For the sample usage of these filters please refer FILTER.CPP (C++ Filter sample).
If you prefer to filter packets on your own then the basic start point for your application is PassThru sample. When you want to to drop the packet after examination just don’t call SendPacketXXX for this packet and continue the loop.
Please refer wwwcensor sample. This sample generates an HTTP response when specific web page should be blocked. Instead blocking you can generate HTTP redirect page.
To block IP addresses you should take PassThru sample as a base. MSVC sample of this utility demonstrates parsing packet for IP address.
Windows Packet Filter Kit 3.2.0 released:
– Fixed compatibility issues (covers but not limited to) with Cisco AnyConnect VPN, Yes Go 4G USB modem, Vodafone/HUAWEI USB modems
– Extended built-in filters compatibility:
– Added counters for incoming/outgoing packets/bytes
– Added TCP flagsIf you are eligible for a free update, please send the following details to [email protected] tо receive an update instruction:
1) Your order ID.
2) An approximate date of purchasing.Yes of course, this is possible. And we have customers who built their solutions using C#. Personally because of strong type control in C# I find it not that convenient when parsing packet protocol headers.
I would recommend you to take a look at Internet Gateway (implements simple NAT solution), LAN HTTP Monitor (implements HTTP redirector and HTTP proxy).
Actually Internet Gateway implements topic number 1. It allows one system to share Internet to several other systems.
Topic number 2 can be implemented sing techniques demonstrated by LAN HTTP Monitor. Instead of redirecting to proxy you can redirect to your own HTTP authentication page.
Topic 3 is an easy addition to previous ones.
Antamedia solution is based on WinpkFilter driver. In order to start you may want to look at Internet Gateway and LAN HTTP Monitor samples code.
If your application is slow in reading and processing packets and driver queue grows fast enough then this is possible to start loosing packets for other network interfaces.
If you had not set tunnel mode for the 3rd adapter then it will send/receive packets as before and ignore filters set.
Internet Gateway is a sample application and does not pretend to be a full featured and performance optimized solution. Although there are ways to improve it.
1) This is so called default filter which defines the action for the packets which were not selected by other filters.
2) The default action in this case is FILTER_PACKET_REDIRECT
3) All zeroes entry will be skipped.That depends from the OS you installing on. The functions for NSIS installer are below:
######################################
Function InstallNDISHookDriverNT2000XP
######################################
SetOutPath $SYSDIRdrivers
File ......Kernelbinhookdrvi386ndisrd.sys
!insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesndisrd
WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Start 1
WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Type 1
WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd ErrorControl 1
${If} ${IsWinNT4}
WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Network"
${Else}
WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Streams Drivers"
${EndIf}
SetRebootFlag true
FunctionEnd
######################################
################################
Function InstallNDISHookDriver9x
################################
SetOutPath $WINDIRsystem
File ......Kernelbinhookdrvwin9xndisrd.vxd
!insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesVxDndisrd
WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDndisrd StaticVxD "ndisrd.vxd"
SetRebootFlag true
FunctionEnd
################################
############################
Function InstallNDISIMDriver
############################
SetOutPath $INSTDIRinstimtmp
${If} ${RunningX64}
File ......Setupbinamd64DriverSigning.exe
File ......Setupbinamd64snetcfg.exe
File ......KernelINFndisrd.inf
File ......KernelINFndisrd_m.inf
File ......Kernelbinimdrvamd64ndisrd.sys
${Else}
File ......Setupbini386DriverSigning.exe
File ......Setupbini386snetcfg.exe
File ......KernelINFndisrd.inf
File ......KernelINFndisrd_m.inf
File ......Kernelbinimdrvi386ndisrd.sys
${EndIf}
nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /off'
nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpsnetcfg.exe" -v -l ndisrd.inf -m ndisrd_m.inf -c s -i nt_ndisrd'
nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /on'
SetOutPath $INSTDIR
RMDir /r /REBOOTOK $INSTDIRinstimtmp
FunctionEnd
############################
########################
Function InstallLWFVista
########################
SetOutPath $INSTDIRinstlwftmp
${If} ${RunningX64}
File ......Setupbinamd64snetcfg.exe
File ......Setupbinamd64certinst.exe
File ......Kernelbinlwfvistaamd64packagendisrd_lwf.inf
File ......Kernelbinlwfvistaamd64packagendisrd.cat
File ......Kernelbinlwfvistaamd64packagendisrd.sys
${Else}
File ......Setupbini386snetcfg.exe
File ......Setupbini386certinst.exe
File ......Kernelbinlwfvistai386packagendisrd_lwf.inf
File ......Kernelbinlwfvistai386packagendisrd.cat
File ......Kernelbinlwfvistai386packagendisrd.sys
${EndIf}
File ......Setupcertroot.cer
nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'
SetOutPath $INSTDIR
RMDir /r /REBOOTOK $INSTDIRinstlwftmp
FunctionEnd
########################
####################
Function InstallLWF7
####################
SetOutPath $INSTDIRinstlwftmp
${If} ${RunningX64}
File ......Setupbinamd64snetcfg.exe
File ......Setupbinamd64certinst.exe
File ......Kernelbinlwfwin7amd64packagendisrd_lwf.inf
File ......Kernelbinlwfwin7amd64packagendisrd.cat
File ......Kernelbinlwfwin7amd64packagendisrd.sys
${Else}
File ......Setupbini386snetcfg.exe
File ......Setupbini386certinst.exe
File ......Kernelbinlwfwin7i386packagendisrd_lwf.inf
File ......Kernelbinlwfwin7i386packagendisrd.cat
File ......Kernelbinlwfwin7i386packagendisrd.sys
${EndIf}
File ......Setupcertroot.cer
nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'
SetOutPath $INSTDIR
RMDir /r /REBOOTOK $INSTDIRinstlwftmp
FunctionEnd
####################
####################
Function InstallLWF8
####################
SetOutPath $INSTDIRinstlwftmp
${If} ${RunningX64}
File ......Setupbinamd64snetcfg.exe
File ......Setupbinamd64certinst.exe
File ......Kernelbinlwfwin8amd64packagendisrd_lwf.inf
File ......Kernelbinlwfwin8amd64packagendisrd.cat
File ......Kernelbinlwfwin8amd64packagendisrd.sys
${Else}
File ......Setupbini386snetcfg.exe
File ......Setupbini386certinst.exe
File ......Kernelbinlwfwin8i386packagendisrd_lwf.inf
File ......Kernelbinlwfwin8i386packagendisrd.cat
File ......Kernelbinlwfwin8i386packagendisrd.sys
${EndIf}
File ......Setupcertroot.cer
nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'
SetOutPath $INSTDIR
RMDir /r /REBOOTOK $INSTDIRinstlwftmp
FunctionEnd
####################
#############################
Function InstallNDISLWFDriver
#############################
SetOutPath $INSTDIRinstlwftmp
${If} ${IsWinVista}
${OrIf} ${IsWin2008}
call InstallLWFVista
Return
${EndIf}
${If} ${IsWin7}
${OrIf} ${IsWin2008R2}
call InstallLWF7
Return
${EndIf}
call InstallLWF8
FunctionEnd
#############################
#################################
Function InstallWinpkFilterDriver
#################################
${If} ${AtLeastWinVista}
call InstallNDISLWFDriver
GoTo post
${EndIf}
StrCmp $bIMUsed "1" 0 +3
call InstallNDISIMDriver
GoTo post
${If} ${RunningX64}
${OrIf} ${AtLeastWinXP}
call InstallNDISIMDriver
${ElseIf} ${IsNT}
call InstallNDISHookDriverNT2000XP
${Else}
call InstallNDISHookDriver9x
${EndIf}
post:
#Kernel components
SetOutPath $INSTDIRKernelbindlli386
File ......Kernelbindlli386ndisapi.dll
File ......Kernelbindlli386ndisapi.lib
SetOutPath $INSTDIRKernelbindllamd64
File ......Kernelbindllamd64ndisapi.dll
File ......Kernelbindllamd64ndisapi.lib
WriteRegStr HKLM "${REGKEY}" NDISIMUsed $bIMUsed
WriteRegStr HKLM "${REGKEY}Components" Main $availDrv
Call EnableRouter
FunctionEnd
#################################
You can query all IP addresses corresponding google.com:
Addresses: 2a00:1450:4002:800::1003
188.43.67.102
188.43.67.106
188.43.67.108
188.43.67.109
188.43.67.113
188.43.67.117
188.43.67.121
188.43.67.123
188.43.67.79
188.43.67.83
188.43.67.87
188.43.67.91
188.43.67.93
188.43.67.94
188.43.67.98
and monitor packets to/from these IP’s. If you suspect that IP of google.com may change you can also monitor DNS queries and update the domain IP list accordingly.
