Hello, I am trying to develop ndis filter driver working as NAT driver. I want to change destination address.
Here is my method to do it.
- read eth header and ip header from NB
- using NdisAdvanceNetBufferDataStart() function, logically remove eth header + ip header from NBL
- make clone of NBL using NdisAllocateCloneNetBufferList
- using NdisRetreatNetBufferDataStart() function, make space for header to cloned NBL (all underneath steps are ‘to cloned NBL’)
- get an starting address that eth header should be located in cloned NBL, using NdisGetDataBuffer() and add the eth header(got from 1st step)
- using NdisAdvanceNetBufferDataStart() and NdisGetDataBuffer, get an starting address of ip header and add the ip header(got from 1st step) to the address
- I want to modify dest ip from ip header, so get an dest ip address through using NdisAdvanceNetBufferDataStart() for sizeof(ipheader)-4 and NdisGetDataBuffer()
- overwrite dest ip in ip header (using RtlIpv4StringToAddress())
- in FilterSendNetBufferListsComplete, free the cloned NBL
I referenced “https://community.osr.com/discussion/255174/how-to-send-cloned-nbls” to free the cloned NBL in FilterSendNetBufferListsComplete.
However, I built it and install at VM, but its internet access cut off.
So for testing, I wrote same destination ip addresses as original NBL in cloned NBL, by same methods above, and it worked normally.
So is it a problem with the one ip address that I arbitrarily overwrite? Or is it an ip checksum problem? or else?
I don’t know because there is too little information to find.
After struggling a few weeks, I think I am close to what I want to make… but this problem is blocking me from progression.
Thank you