WFP connect redirect with udp and get original destination

zx852 · April 7, 2024, 6:47am

Hi, there~

I am developing WFP in windows 10 21H2, and i want to use WFP FWPS_LAYER_ALE_CONNECT_REDIRECT_V4 to make the origin traffic redirect to my local proxy, and in my local proxy to send to the origin destination.

i.e: client --> server change to: client (connect_redirect)--> proxy (get origin dest)--> server

The problem is: i test TCP by using WFPSample or WFP doc, it works well, but when i turn to UDP, it doesn't work.

the detail problem is i can't get origin destination from udp socket by WSAIoctl with SIO_QUERY_WFP_CONNECTION_REDIRECT_CONTEXT, the fake code may like this:

auto status = WSAIoctl(_socket.native_handle(),
                            SIO_QUERY_WFP_CONNECTION_REDIRECT_CONTEXT,
                            NULL, 0,
                            redirect_records->buf_,
                            sizeof(redirect_records->buf_),
                            &redirect_records->buf_size_,
                            0, 0);

and i get error code is WSAEO PNOTSUPP.

I know the difference between tcp and udp is the socket, because tcp has accept pharse, so i use accepted socket in tcp, it works well.
but udp don't need accept, so i directly use listen udp socket, but i get the error code. i don't know how to fix it because there is no doc in msdn or sample code with UDP.

i find in developing a DNS redirection and interception project making use of Windows Filtering Platform. here, also use udp connect redirect, but didn't show how to get origin destination.

and what's more, redirect udp dns traffic, there is no need to get original destination, because you only need to redirect to your dns server, so can't get original destination is ok.

i also find in Failed to redirect connected UDP traffic - Hardware Developer | Microsoft Learn, but it seems the client behavor, that's if client use sendto, the udp traffic can redirect to my proxy. but if client use connect and send, the udp traffic can't redirect to my proxy. but all can't get original destination.

pelucky

NNT · April 28, 2024, 11:16pm

Sorry to bother you, I also encountered the same problem, have you solved it?
In the document of that control code, it is said that the redirection context of the UDP socket can be obtained. The following is the original text:
The SIO_QUERY_WFP_CONNECTION_REDIRECT_RECORDS IOCTL is used by a WFP-based redirect service to retrieve the redirect record from the accepted TCP/IP packet connection (the connected socket for a TCP socket or a UDP socket, for example) redirected to it by its companion kernel-mode callout registered at ALE_CONNECT_REDIRECT layers in a kernel-mode driver. The SIO_QUERY_WFP_CONNECTION_REDIRECT_CONTEXT IOCTL is used by a WFP-based redirect service to retrieve the redirect context for a redirect record from the accepted TCP/IP packet connection (the connected socket for a TCP socket or a UDP socket, for example) redirected to it by its companion callout registered at ALE_CONNECT_REDIRECT layers. The redirect context is optional and is used if the current redirection state of a connection is that the connection was redirected by the calling redirect service or the connection was previously redirected by the calling redirect service but later redirected again by a different redirect service. The redirect service transfers the retrieved redirect record to the TCP socket it uses to proxy the original content using the SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS IOCTL.

zx852 · April 30, 2024, 7:33am

no, i think udp can't get origin connection...