Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
How to update source ip address in UDP packets
chetanchauhan111992
Member Posts: 9
I am trying to update the source IP address of the UDP and TCP packets which are captured at layer FWPM_LAYER_ALE_CONNECT_REDIRECT_V4and FWPM_LAYER_ALE_AUTH_CONNECT_V4.
In case of TCP packets source IP address is successfully updated but in the case of UDP packets source IP address is not updated.
I am checking the IP address used in the packet using Wireshark.
UINT64 classifyHandle = 0;
NTSTATUS status = FwpsAcquireClassifyHandle0(
(void*)classifyContext,
(UINT32)0,
&classifyHandle
);
if (!NT_SUCCESS(status))
{
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "Could not get the classify handle %x\r\n", status);
return;
}
FWPS_CONNECT_REQUEST* writableLayerData = NULL;
status = FwpsAcquireWritableLayerDataPointer(
classifyHandle,
filter->filterId,
0,
(PVOID*)&writableLayerData,
classifyOut
);
if (!NT_SUCCESS(status))
{
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FwpsAcquireWritableLayerDataPointer Failed %x\r\n", status);
return;
}
SOCKADDR_IN* sourceAddr = (SOCKADDR_IN*)(&(writableLayerData->localAddressAndPort));
if(sourceAddr ==NULL)
{
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "socket address is NULL\r\n");
goto Exit;
}
sourceAddr->sin_addr.S_un.S_addr = RtlUlongByteSwap(*(unsigned long*)&vip);
#if (NTDDI_VERSION >= NTDDI_WIN8)
if (inFixedValues->layerId == FWPS_LAYER_ALE_CONNECT_REDIRECT_V4)
writableLayerData->localRedirectHandle = gRedirectConnectHandlev4;
else if (inFixedValues->layerId == FWPS_LAYER_ALE_AUTH_CONNECT_V4)
writableLayerData->localRedirectHandle = gAuthConnectHandlev4;
writableLayerData->localRedirectContext = NULL;
writableLayerData->localRedirectContextSize = 0;
#endif
classifyOut->actionType = FWP_ACTION_PERMIT;
FwpsApplyModifiedLayerData(
classifyHandle,
writableLayerData,
0
);
Exit:
FwpsReleaseClassifyHandle(classifyHandle);
Please let me know how to correctly update the source IP address in UDP packets.
Thanks,
Chetan
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Writing WDF Drivers | 12 September 2022 | Live, Online |
| Internals & Software Drivers | 23 October 2022 | Live, Online |
| Kernel Debugging | 14 November 2022 | Live, Online |
| Developing Minifilters | 5 December 2022 | Live, Online |
Comments
https://docs.microsoft.com/en-us/windows-hardware/drivers/network/using-bind-or-connect-redirection
Thanks Jason,
I am able to update the UDP packet using FWPM_LAYER_ALE_BIND_REDIRECT_V4 layer.
Dear chetanchauhan111992,
How did you get the classifyContext "option" turned on?
When I try a classifyFn in the FWPM_LAYER_ALE_AUTH_CONNECT_V4 myself, the classifyContext variable passed comes in as NULL. There is no documentation on this that I can find. What operating system does your code target, only Win 8 and above, or did you have this working in Win 7?
Did you declare something extra when you registered the callout?
Thank you in advance for sharing.
Peace,
Pen
First post... at it's to a thread that's almost a year old.
You know, of course, from reading the forum rules before posting, that posting to such an old thread is not allowed.
Soooo... I'm locking this thread. If you want to ask a question, start a new thread.
Please... DO try to follow the rules, OK?
Peter Viscarola
OSR
@OSRDrivers