I am trying to extend the functionality of a basic
filter-hook driver. currently, all it does is add a
firewall rule based on source ip, source port, dest
ip, dest port, and protocol (udp or tcp) and
determines whether the driver should forward or drop
the packet.
I would like to add functionality to the driver so
that i can modify udp payload data. here is my setup,
i have a udp server listening on port 1500 and a udp
client which sends out a text string message once a
second with 5 bytes of data…11111, 22222, 33333,
44444, 55555, and repeats. i would like to modify
message 11111 to something like 10101 for example, i
can set up the filter to recognize when a certain udp
message is received. i can also modify the payload,
and i also am re-calculating the udp checksum, but
when I issue a PF_FORWARD or PF_PASS based on the
pfhook.h file, the udp server does not print the
modified message. it is as if it is being dropped.
so what am i doing wrong? any hints or tips would be
greatly appreciated. how do i pass this udp packet
back to the IP stack so it is processed and the udp
server prints the message?
thanks,
-SA
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
Hi Steven!
you cannot modify packets in ms ip-filter driver. Use the NDIS,TDI-interface in kernelmode or a winsock hook, LSP in usermode!
Steven Aumack wrote:
I am trying to extend the functionality of a basic
filter-hook driver. currently, all it does is add a
firewall rule based on source ip, source port, dest
ip, dest port, and protocol (udp or tcp) and
determines whether the driver should forward or drop
the packet.
I would like to add functionality to the driver so
that i can modify udp payload data. here is my setup,
i have a udp server listening on port 1500 and a udp
client which sends out a text string message once a
second with 5 bytes of data…11111, 22222, 33333,
44444, 55555, and repeats. i would like to modify
message 11111 to something like 10101 for example, i
can set up the filter to recognize when a certain udp
message is received. i can also modify the payload,
and i also am re-calculating the udp checksum, but
when I issue a PF_FORWARD or PF_PASS based on the
pfhook.h file, the udp server does not print the
modified message. it is as if it is being dropped.
so what am i doing wrong? any hints or tips would be
greatly appreciated. how do i pass this udp packet
back to the IP stack so it is processed and the udp
server prints the message?
thanks,
-SA
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
---------------------------------
Do you Yahoo!?
Discover all that’s new in My Yahoo!
Can I add NDIS support to the source code of a filter-hook driver, and use
the NDIS functionality to modify udp packet payload’s? the filter-hook
driver I would add NDIS support to I downloaded from the internet. It is
the DrvFltIp.sys driver.
-SA
“Bruce Raynold” wrote in message
news:xxxxx@ntdev…
Hi Steven!
you cannot modify packets in ms ip-filter driver. Use the NDIS,TDI-interface
in kernelmode or a winsock hook, LSP in usermode!
Steven Aumack wrote:
I am trying to extend the functionality of a basic
filter-hook driver. currently, all it does is add a
firewall rule based on source ip, source port, dest
ip, dest port, and protocol (udp or tcp) and
determines whether the driver should forward or drop
the packet.
I would like to add functionality to the driver so
that i can modify udp payload data. here is my setup,
i have a udp server listening on port 1500 and a udp
client which sends out a text string message once a
second with 5 bytes of data…11111, 22222, 33333,
44444, 55555, and repeats. i would like to modify
message 11111 to something like 10101 for example, i
can set up the filter to recognize when a certain udp
message is received. i can also modify the payload,
and i also am re-calculating the udp checksum, but
when I issue a PF_FORWARD or PF_PASS based on the
pfhook.h file, the udp server does not print the
modified message. it is as if it is being dropped.
so what am i doing wrong? any hints or tips would be
greatly appreciated. how do i pass this udp packet
back to the IP stack so it is processed and the udp
server prints the message?
thanks,
-SA
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Do you Yahoo!?
Discover all that’s new in My Yahoo!
when you write an NDIS IM driver, you don’t need the filter hook driver. Look for the free Passthru sample driver from MS DDK or get the commercial samples from www.pcausa.com.
… and Microsoft does not recommend to use a Filter-Hook based driver!
Regards,
Bruce Raynold
SA wrote:
Can I add NDIS support to the source code of a filter-hook driver, and use
the NDIS functionality to modify udp packet payload’s? the filter-hook
driver I would add NDIS support to I downloaded from the internet. It is
the DrvFltIp.sys driver.
-SA
“Bruce Raynold”
wrote in message
news:xxxxx@ntdev…
Hi Steven!
you cannot modify packets in ms ip-filter driver. Use the NDIS,TDI-interface
in kernelmode or a winsock hook, LSP in usermode!
Steven Aumack wrote:
I am trying to extend the functionality of a basic
filter-hook driver. currently, all it does is add a
firewall rule based on source ip, source port, dest
ip, dest port, and protocol (udp or tcp) and
determines whether the driver should forward or drop
the packet.
I would like to add functionality to the driver so
that i can modify udp payload data. here is my setup,
i have a udp server listening on port 1500 and a udp
client which sends out a text string message once a
second with 5 bytes of data…11111, 22222, 33333,
44444, 55555, and repeats. i would like to modify
message 11111 to something like 10101 for example, i
can set up the filter to recognize when a certain udp
message is received. i can also modify the payload,
and i also am re-calculating the udp checksum, but
when I issue a PF_FORWARD or PF_PASS based on the
pfhook.h file, the udp server does not print the
modified message. it is as if it is being dropped.
so what am i doing wrong? any hints or tips would be
greatly appreciated. how do i pass this udp packet
back to the IP stack so it is processed and the udp
server prints the message?
thanks,
-SA
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Do you Yahoo!?
Discover all that’s new in My Yahoo!
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@yahoo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
---------------------------------
Do you Yahoo!?
Discover all that’s new in My Yahoo!