Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 646 through 660 (of 1,496 total)
  • Author
    Posts
  • in reply to: Need Gateway Sample with Drop #7181
    Vadim Smirnov
    Keymaster

      For example, the PassThru example shows a SetPacketEvent call but no way to understand how to use this event… or the various modes, or the “SendPacket” operations.

      SetPacketEvent registers an event object within the driver. This event is signaled by driver when packet queue is non empty, by other words you have packets to read from the driver.

      For your project you can be only interested in tunnel modes, because listen mode does not allow to drop or modify packets.

      SendPacketXXX/SendPacketsXXX re-inject packets back into the network stack.

      My goal is to create a Gateway service to examine combinations of several variables (all read from a file):

      – Client IP Address (static or wildcard)
      – Client MAC Address (static or wildcard)
      – Destination IP Address (static or wildcard)
      – Destination Port (static or wildcard)

      The service must either drop the packet(s) or pass them along to the external interface.

      Such simple functionality can be implemented on top of built-in WinpkFilter static filters. For the sample usage of these filters please refer FILTER.CPP (C++ Filter sample).

      If you prefer to filter packets on your own then the basic start point for your application is PassThru sample. When you want to to drop the packet after examination just don’t call SendPacketXXX for this packet and continue the loop.

      in reply to: how i redirect specific request to a new destination #7179
      Vadim Smirnov
      Keymaster

        Please refer wwwcensor sample. This sample generates an HTTP response when specific web page should be blocked. Instead blocking you can generate HTTP redirect page.

        in reply to: Block ips from file #7178
        Vadim Smirnov
        Keymaster

          To block IP addresses you should take PassThru sample as a base. MSVC sample of this utility demonstrates parsing packet for IP address.

          in reply to: WinpkFilter news/updates. #5517
          Vadim Smirnov
          Keymaster

            Windows Packet Filter Kit 3.2.0 released:

            – Fixed compatibility issues (covers but not limited to) with Cisco AnyConnect VPN, Yes Go 4G USB modem, Vodafone/HUAWEI USB modems

            – Extended built-in filters compatibility:
            – Added counters for incoming/outgoing packets/bytes
            – Added TCP flags

            If you are eligible for a free update, please send the following details to [email protected] tо receive an update instruction:

            1) Your order ID.
            2) An approximate date of purchasing.

            in reply to: how could i start #7175
            Vadim Smirnov
            Keymaster

              Yes of course, this is possible. And we have customers who built their solutions using C#. Personally because of strong type control in C# I find it not that convenient when parsing packet protocol headers.

              in reply to: how could i start #7173
              Vadim Smirnov
              Keymaster

                Besides programming skills it would be nice to have a strong knowledge of TCP/IP networks.

                in reply to: how could i start #7171
                Vadim Smirnov
                Keymaster

                  I would recommend you to take a look at Internet Gateway (implements simple NAT solution), LAN HTTP Monitor (implements HTTP redirector and HTTP proxy).

                  Actually Internet Gateway implements topic number 1. It allows one system to share Internet to several other systems.

                  Topic number 2 can be implemented sing techniques demonstrated by LAN HTTP Monitor. Instead of redirecting to proxy you can redirect to your own HTTP authentication page.

                  Topic 3 is an easy addition to previous ones.

                  in reply to: Start a captive portal #7170
                  Vadim Smirnov
                  Keymaster

                    Antamedia solution is based on WinpkFilter driver. In order to start you may want to look at Internet Gateway and LAN HTTP Monitor samples code.

                    in reply to: Problem with Winpkfilter #7168
                    Vadim Smirnov
                    Keymaster

                      If your application is slow in reading and processing packets and driver queue grows fast enough then this is possible to start loosing packets for other network interfaces.

                      in reply to: Regarding Static Filter Table #7166
                      Vadim Smirnov
                      Keymaster

                        If you had not set tunnel mode for the 3rd adapter then it will send/receive packets as before and ignore filters set.

                        in reply to: NAT server based on Internet Gateway Sample #7164
                        Vadim Smirnov
                        Keymaster

                          Internet Gateway is a sample application and does not pretend to be a full featured and performance optimized solution. Although there are ways to improve it.

                          in reply to: Filter.cpp questions #7159
                          Vadim Smirnov
                          Keymaster

                            1) This is so called default filter which defines the action for the packets which were not selected by other filters.
                            2) The default action in this case is FILTER_PACKET_REDIRECT
                            3) All zeroes entry will be skipped.

                            in reply to: Installing your Driver #7158
                            Vadim Smirnov
                            Keymaster

                              For this request please contact support(at)ntkernel.com with other details.

                              in reply to: Installing your Driver #7156
                              Vadim Smirnov
                              Keymaster

                                That depends from the OS you installing on. The functions for NSIS installer are below:

                                ######################################
                                Function InstallNDISHookDriverNT2000XP
                                ######################################
                                SetOutPath $SYSDIRdrivers
                                File ......Kernelbinhookdrvi386ndisrd.sys
                                !insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesndisrd
                                WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Start 1
                                WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Type 1
                                WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd ErrorControl 1
                                ${If} ${IsWinNT4}
                                WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Network"
                                ${Else}
                                WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesndisrd Group "Streams Drivers"
                                ${EndIf}
                                SetRebootFlag true
                                FunctionEnd
                                ######################################

                                ################################
                                Function InstallNDISHookDriver9x
                                ################################
                                SetOutPath $WINDIRsystem
                                File ......Kernelbinhookdrvwin9xndisrd.vxd
                                !insertmacro CreateRegKey ${HKEY_LOCAL_MACHINE} SystemCurrentControlSetServicesVxDndisrd
                                WriteRegStr HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDndisrd StaticVxD "ndisrd.vxd"
                                SetRebootFlag true
                                FunctionEnd
                                ################################

                                ############################
                                Function InstallNDISIMDriver
                                ############################
                                SetOutPath $INSTDIRinstimtmp
                                ${If} ${RunningX64}
                                File ......Setupbinamd64DriverSigning.exe
                                File ......Setupbinamd64snetcfg.exe
                                File ......KernelINFndisrd.inf
                                File ......KernelINFndisrd_m.inf
                                File ......Kernelbinimdrvamd64ndisrd.sys
                                ${Else}
                                File ......Setupbini386DriverSigning.exe
                                File ......Setupbini386snetcfg.exe
                                File ......KernelINFndisrd.inf
                                File ......KernelINFndisrd_m.inf
                                File ......Kernelbinimdrvi386ndisrd.sys
                                ${EndIf}

                                nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /off'
                                nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpsnetcfg.exe" -v -l ndisrd.inf -m ndisrd_m.inf -c s -i nt_ndisrd'
                                nsExec::ExecToLog /OEM '"$INSTDIRinstimtmpDriverSigning.exe" /verbose /on'

                                SetOutPath $INSTDIR
                                RMDir /r /REBOOTOK $INSTDIRinstimtmp
                                FunctionEnd
                                ############################

                                ########################
                                Function InstallLWFVista
                                ########################
                                SetOutPath $INSTDIRinstlwftmp
                                ${If} ${RunningX64}
                                File ......Setupbinamd64snetcfg.exe
                                File ......Setupbinamd64certinst.exe
                                File ......Kernelbinlwfvistaamd64packagendisrd_lwf.inf
                                File ......Kernelbinlwfvistaamd64packagendisrd.cat
                                File ......Kernelbinlwfvistaamd64packagendisrd.sys
                                ${Else}
                                File ......Setupbini386snetcfg.exe
                                File ......Setupbini386certinst.exe
                                File ......Kernelbinlwfvistai386packagendisrd_lwf.inf
                                File ......Kernelbinlwfvistai386packagendisrd.cat
                                File ......Kernelbinlwfvistai386packagendisrd.sys
                                ${EndIf}

                                File ......Setupcertroot.cer
                                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                                SetOutPath $INSTDIR
                                RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                                FunctionEnd
                                ########################

                                ####################
                                Function InstallLWF7
                                ####################
                                SetOutPath $INSTDIRinstlwftmp
                                ${If} ${RunningX64}
                                File ......Setupbinamd64snetcfg.exe
                                File ......Setupbinamd64certinst.exe
                                File ......Kernelbinlwfwin7amd64packagendisrd_lwf.inf
                                File ......Kernelbinlwfwin7amd64packagendisrd.cat
                                File ......Kernelbinlwfwin7amd64packagendisrd.sys
                                ${Else}
                                File ......Setupbini386snetcfg.exe
                                File ......Setupbini386certinst.exe
                                File ......Kernelbinlwfwin7i386packagendisrd_lwf.inf
                                File ......Kernelbinlwfwin7i386packagendisrd.cat
                                File ......Kernelbinlwfwin7i386packagendisrd.sys
                                ${EndIf}

                                File ......Setupcertroot.cer
                                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                                SetOutPath $INSTDIR
                                RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                                FunctionEnd
                                ####################

                                ####################
                                Function InstallLWF8
                                ####################
                                SetOutPath $INSTDIRinstlwftmp
                                ${If} ${RunningX64}
                                File ......Setupbinamd64snetcfg.exe
                                File ......Setupbinamd64certinst.exe
                                File ......Kernelbinlwfwin8amd64packagendisrd_lwf.inf
                                File ......Kernelbinlwfwin8amd64packagendisrd.cat
                                File ......Kernelbinlwfwin8amd64packagendisrd.sys
                                ${Else}
                                File ......Setupbini386snetcfg.exe
                                File ......Setupbini386certinst.exe
                                File ......Kernelbinlwfwin8i386packagendisrd_lwf.inf
                                File ......Kernelbinlwfwin8i386packagendisrd.cat
                                File ......Kernelbinlwfwin8i386packagendisrd.sys
                                ${EndIf}

                                File ......Setupcertroot.cer
                                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpcertinst.exe" "$INSTDIRinstlwftmproot.cer"'
                                nsExec::ExecToLog /OEM '"$INSTDIRinstlwftmpsnetcfg.exe" -v -l ndisrd_lwf.inf -c s -i nt_ndisrd'

                                SetOutPath $INSTDIR
                                RMDir /r /REBOOTOK $INSTDIRinstlwftmp
                                FunctionEnd
                                ####################

                                #############################
                                Function InstallNDISLWFDriver
                                #############################
                                SetOutPath $INSTDIRinstlwftmp

                                ${If} ${IsWinVista}
                                ${OrIf} ${IsWin2008}
                                call InstallLWFVista
                                Return
                                ${EndIf}

                                ${If} ${IsWin7}
                                ${OrIf} ${IsWin2008R2}
                                call InstallLWF7
                                Return
                                ${EndIf}

                                call InstallLWF8
                                FunctionEnd
                                #############################

                                #################################
                                Function InstallWinpkFilterDriver
                                #################################
                                ${If} ${AtLeastWinVista}
                                call InstallNDISLWFDriver
                                GoTo post
                                ${EndIf}

                                StrCmp $bIMUsed "1" 0 +3
                                call InstallNDISIMDriver
                                GoTo post
                                ${If} ${RunningX64}
                                ${OrIf} ${AtLeastWinXP}
                                call InstallNDISIMDriver
                                ${ElseIf} ${IsNT}
                                call InstallNDISHookDriverNT2000XP
                                ${Else}
                                call InstallNDISHookDriver9x
                                ${EndIf}

                                post:

                                #Kernel components
                                SetOutPath $INSTDIRKernelbindlli386
                                File ......Kernelbindlli386ndisapi.dll
                                File ......Kernelbindlli386ndisapi.lib

                                SetOutPath $INSTDIRKernelbindllamd64
                                File ......Kernelbindllamd64ndisapi.dll
                                File ......Kernelbindllamd64ndisapi.lib

                                WriteRegStr HKLM "${REGKEY}" NDISIMUsed $bIMUsed
                                WriteRegStr HKLM "${REGKEY}Components" Main $availDrv

                                Call EnableRouter

                                FunctionEnd
                                #################################
                                in reply to: Ip Blocking from domain #7155
                                Vadim Smirnov
                                Keymaster

                                  You can query all IP addresses corresponding google.com:

                                  Addresses: 2a00:1450:4002:800::1003
                                  188.43.67.102
                                  188.43.67.106
                                  188.43.67.108
                                  188.43.67.109
                                  188.43.67.113
                                  188.43.67.117
                                  188.43.67.121
                                  188.43.67.123
                                  188.43.67.79
                                  188.43.67.83
                                  188.43.67.87
                                  188.43.67.91
                                  188.43.67.93
                                  188.43.67.94
                                  188.43.67.98
                                  and monitor packets to/from these IP’s. If you suspect that IP of google.com may change you can also monitor DNS queries and update the domain IP list accordingly.

                                Viewing 15 posts - 646 through 660 (of 1,496 total)