Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

How to update source ip address in UDP packets

chetanchauhan111992chetanchauhan111992 Member Posts: 6
edited July 15 in NTDEV

I am trying to update the source IP address of the UDP and TCP packets which are captured at layer FWPM_LAYER_ALE_CONNECT_REDIRECT_V4and FWPM_LAYER_ALE_AUTH_CONNECT_V4.
In case of TCP packets source IP address is successfully updated but in the case of UDP packets source IP address is not updated.
I am checking the IP address used in the packet using Wireshark.

UINT64 classifyHandle = 0;
NTSTATUS status = FwpsAcquireClassifyHandle0(
    (void*)classifyContext,
    (UINT32)0,
    &classifyHandle
);
if (!NT_SUCCESS(status))
{
    DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "Could not get the classify handle %x\r\n", status);
    return;
}
FWPS_CONNECT_REQUEST* writableLayerData = NULL;
status = FwpsAcquireWritableLayerDataPointer(
    classifyHandle,
    filter->filterId,
    0,
    (PVOID*)&writableLayerData,
    classifyOut
);
if (!NT_SUCCESS(status))
{
    DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FwpsAcquireWritableLayerDataPointer Failed %x\r\n", status);
    return;
}
SOCKADDR_IN* sourceAddr = (SOCKADDR_IN*)(&(writableLayerData->localAddressAndPort));
if(sourceAddr ==NULL)
{
    DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "socket address is NULL\r\n");
    goto Exit;
}
sourceAddr->sin_addr.S_un.S_addr = RtlUlongByteSwap(*(unsigned long*)&vip);

#if (NTDDI_VERSION >= NTDDI_WIN8)
    if (inFixedValues->layerId == FWPS_LAYER_ALE_CONNECT_REDIRECT_V4)
        writableLayerData->localRedirectHandle = gRedirectConnectHandlev4;
    else if (inFixedValues->layerId == FWPS_LAYER_ALE_AUTH_CONNECT_V4)
        writableLayerData->localRedirectHandle = gAuthConnectHandlev4;

    writableLayerData->localRedirectContext = NULL;
    writableLayerData->localRedirectContextSize = 0;
#endif
    classifyOut->actionType = FWP_ACTION_PERMIT;
    FwpsApplyModifiedLayerData(
        classifyHandle,
        writableLayerData,
        0
    );
Exit:
    FwpsReleaseClassifyHandle(classifyHandle);

Please let me know how to correctly update the source IP address in UDP packets.

Thanks,
Chetan

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 15 November 2021 Live, Online
Writing WDF Drivers TBD Live, Online
Developing Minifilters 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online