I use FWPM_LAYER_ALE_AUTH_CONNECT_V4/6 and FWPM_LAYER_OUTBOUND_TRANSPORT_V4/6, and FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 and FWPM_LAYER_DATAGRAM_DATA_V4. By assigning the context, the packet is redirected to the local port.
Use filter.action.type = FWP_ACTION_CALLOUT_TERMINATING
if (!gDriverUnloading)
{
signalWorkerThread = IsListEmpty(&gPacketQueue);
//....
pClassifyOut->actionType = FWP_ACTION_BLOCK;
pClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
pClassifyOut->flags |= FWPS_CLASSIFY_OUT_FLAG_ABSORB;
}
The first method to rebuild nbl:
___FwpsAllocateCloneNetBufferList ,
sendArgs.remoteAddress =
(packet->belongingFlow->toRemoteAddr ? packet->belongingFlow->toRemoteAddr
: (UINT8*)&packet->remoteAddr);_
FwpsInjectTransportSendAsync__
The second method to rebuild nbl:
___FwpsAllocateCloneNetBufferList,
sendArgs.remoteAddress = (UCHAR*)&udpDestAddr;
status = KrnlHlprIPHeaderGet(clonedNetBufferList,
&pIPHeader,
&needToFree);
FwpsConstructIpHeaderForTransportPacket,
FwpsInjectTransportSendAsync___
The packet still cannot be redirected, can you help me?