Forum Replies Created
-
Posts
-
Interesting behavior, I have never heard about anything like this before and I suspect this is somehow specific to particular TCP/IP stack implementation.
INTERMEDIATE_BUFFER.m_Length indicates the total size of the buffers containing packet data which were indicated from the NIC to MSTCP OR sent by MSTCP to NIC. So this is a system specific value, it is not taken/calculated from packet headers.
In the meantime NeT Firewall does not support Windows 2008 because of the serious changes in the network stack introduced by 2008/Vista. We do plan to add Vista/2008 support in the near future.
I’m sorry, I’ve been a bit overloaded last time. I just need an to find some time to update an INF file, VirtNet driver itself rebuilds without any problems for x64.
Да вообще странно как-то, косяк компилятора, разбираться не особенно хочется. WWWCensor ищет по всему пакету, он не разбирает запросы. Но проверяет только пакеты пришедшие с 80 порта или уходящие на 80 порт. Так что в общем-то в нем нужно поменять только номер порта или сделать порт параметром командной строки. Ну и соответственно сделать так чтобы он на две строчки проверял а не на одну.
Happy New Year to you too!
Very strange issue, if standard samples run fine and you use standard build of the WinpkFilter driver (named NDISRD) then there should not be any problems with using it from Delphi. However, Delphi samples originally were developed and tested from Delphi 7 environment. I don’t know how it is different from CodeGear Delphi 2009. Does Delphi 2009 .NET based or it still generates pure Win32 code?
I have attached Delphi 7 compiled binaries. If these binaries also run fine on your system then this is probably something relative to Delphi 2009 code generation/project settings. Let me know how it works.
Лучше запоминать идентификатор процесса в момент создания address/connection objects, эти операции обычно не откладываются и обьект создается именно в контексте вызывающего процесса.
You can turn on routing on Windows system and it will route the packet without additional efforts from your side.
You have only to make user authentication on the internal interface and NAT on the eternal (if necessary).
Refer Internet Gateway sample for the details about NAT. Install script for this sample also turns on routing (NSIS script function):
Function EnableRouter
SetRebootFlag true
${If} ${IsNT}
WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesTcpipParameters IPEnableRouter 1
${Else}
WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDMstcp EnableRouting 1
WriteRegDWORD HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDMstcp IPEnableRouter 1
${EndIf}
FunctionEnd
I don’t know if it helps but I would try to call NdisMIndicateStatus with NDIS_STATUS_MEDIA_DISCONNECT and then with NDIS_STATUS_MEDIA_CONNECT. Probably you will be queried for MAC address after these indications, but I have never tried anything like this.
If you are still able to install WInpkFilter NDIS IM driver on that system then probably you doing something wrong when using snetcfg.
There is no ready-to-use function for redirecting in NDISAPI. NDISAPI only provides you raw interface to manipulate packets. You have to implement redirecting (packet header changes, checksums recalculations) by yourself.
You can refer Internet Gateway sample which implements NAT for the details. This sample is in C++ but not that complex to catch the basics.
Problem is this redirecting.
How can ı redirect my client to other network car.Client-to-Server: Save the connection information, change the destination IP (and port if necessary), recalculate the checksums and forward the packet.
Server-to-Client: Find the saved connection. Change the source IP (and port if necessary) to the original ones, recalculate the checksums and forward the packet.if want return one block page to user how can i do? certain,i have read the topics beforetimes on the board. u had suggest us to modify the current packet. well, but if the current packet is not enought long,what can we do? i think u must be asked for many times,u can consider to release out a modify pakcet sdk!
This is a very general question. If there is not enough space in the original packet you can extend it to the maximum possible size or inject extra packets into the TCP stream. In both cases you have to care of about controlling the TCP connection state and modify SEQ/ACK fields of the follow up packets. I would advise to inject a simple and short HTTP redirect code instead of injecting extra packets, this would save you lots of time.
once,i buy it,how to distribute it? ( ask user to install the winpkflt_rtl.exe first of all?)
WinpkFilter Developer Edition includes all necessary modules/scripts required for WinpkFilter drivers redistribution.
and then,we known the winpkfilter is a public sales software product,so,many people known how to use it throught the sdk.
that’s to say, i once used it on a computer,another people can also use it.To avoid possible conflicts we provide custom build of WinpkFilter driver to Developer Edition licensees.
please and please,can u do me a distribute package with the installer(inno or nsis)?
For non-commercial software you can ask users to download and install WinpkFilter run-time before installing your software.
and,can two application(two thread) can both to open the driver?(SetAdapterMode,SetPacketEven)!
Only one of these applications/threads (the second one) will be actually getting packets.
is there a circus buffer in ndisrd.sys??? MSTCP_FLAG_FILTER_DIRECT by default it is setting on or off?
Probably you have run into confusion with loopback packets. MSTCP_FLAG_FILTER_DIRECT is needed when promiscuous mode is set on the adapter to avoid loopback indications.
My client connect to Access point and ethernet hub via first network card. I will manage this client and redirect to second network card (internet connection). İf username and password is correct.
There are several WiFi hotspot solutions based on WinpkFilter are available on the market (TrueCafe, Antamedia and etc…). In general you have to redirect user to authentication page on his first attempt to use Internet browser, then if user is allowed to use Internet you have to save user credentials (MAC, IP addresses) and route user packets to external network. The detailed description of this would take a large amount of time, but if you have some more exact questions I will try to help.
