Hello everybody!
I want to make simple TCP proxy, as simple as ddproxy from WDK.
The first thing I’ve made is FWPM_LAYER_INBOUND_TRANSPORT_V4 filter.
It works in transparent mode, so particular incoming packets go through the filter and i see this in DebugViewer (ClassifyFn -> Worker -> CloneModifyReinjectInbound).
No packets are missed and no errors are found!
Next step I tryied to do the same thing with FWPM_LAYER_OUTBOUND_TRANSPORT_V4.
Probably the same scheme as for inbound way. But after all succesfull procedures, the outcoming traffic is gone(Wireshark silent). Still no errors.
I think I’ve missed some thing.
Also I wonder what layers should I filter to redirect, for example, HTTP traffic?
If it needs some code to analyse I will put it on.
Thank You in advance.
Aleksey M.
I’ve passed this step.
So now I having problems with ACK packet:
- Sending request to Server (TRANSPORT_OUTBOUND - modifing destination port) — Ok
- Receiving SYN,ACK from Server (from modified port –
TRANSPORT_INBOUND_DISCARD hooks it but there I get error (status after calling FwpsConstructIpHeaderForTransportPacket0).
------------------------code snippet---------------------------------
…classify
packet->ipv4LocalAddr = RtlUlongByteSwap(inFixedValues->incomingValue[FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_LOCAL_ADDRESS].value.uint32);
packet->ipv4RemoteAddr = RtlUlongByteSwap(inFixedValues->incomingValue[FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_REMOTE_ADDRESS].value.uint32);
…classify
…inject
DbgPrint(“ProxyCloneModifyReinjectInbound(): Source Address: %x”, packet->ipv4LocalAddr);
DbgPrint(“ProxyCloneModifyReinjectInbound(): Destination Address: %x”, packet->ipv4RemoteAddr);
DbgPrint(“ProxyCloneModifyReinjectInbound(): ipheadersize: %x”, packet->ipHeaderSize);
DbgPrint(“ProxyCloneModifyReinjectInbound(): addressFamily: %x”, packet->addressFamily);
DbgPrint(“ProxyCloneModifyReinjectInbound(): protocol: %x”, packet->protocol);
status = FwpsConstructIpHeaderForTransportPacket0(
clonedNetBufferList,
packet->ipHeaderSize,
packet->addressFamily,
&packet->ipv4LocalAddr, //uint32
&packet->ipv4RemoteAddr,
packet->protocol,
0,
NULL,
0,
0,
NULL,
0,
0);
…inject
------------------------code snippet---------------------------------
------------------------log snippet---------------------------------
DDProxyWorker INBOUND
DDProxyCloneModifyReinjectInbound BEGIN
DDProxyCloneModifyReinjectInbound netBufferList OK
DDProxyCloneModifyReinjectInbound nblOffset not eq
DDProxyCloneModifyReinjectInbound NDISRetreatNBDS OK
DDProxyCloneModifyReinjectInbound NdisAdvNBDS
ProxyCloneModifyReinjectInbound(): Source Port: 8080
ProxyCloneModifyReinjectInbound(): Destination Port: 49582
ProxyCloneModifyReinjectInbound(): Source Address: f02000a
ProxyCloneModifyReinjectInbound(): Destination Address: 112557c2
ProxyCloneModifyReinjectInbound(): ipheadersize: 14
ProxyCloneModifyReinjectInbound(): addressFamily: 2
ProxyCloneModifyReinjectInbound(): protocol: 6
ProxyCloneModifyReinjectInbound IPHeader Not Success c000000d STATUS_INVALID_PARAMETER
DD_proxy.c:DDProxyCloneModifyReinjectInbound END
------------------------log snippet---------------------------------
For help I used this thread:
http://social.msdn.microsoft.com/forums/en-US/wfp/thread/3ccb32da-c240-477b-bd28-ea584784bd48/
Author had no problem with it, and I wonder why do I have
Finished it! No errors anymore.
But I reached same problem as in Yu Yeongjae Users Medals Users Medals Users Medals Users Medals Users Medals in http://social.msdn.microsoft.com/forums/en-US/wfp/thread/3ccb32da-c240-477b-bd28-ea584784bd48/
The OUTBOUND_TRANSPORT doesn’t hook the ACK packet.
No. Time Source Destination Protocol Info
25 598.326684 10.0.2.15 ***.87.***.17 TCP 49186 > cbt [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=8 SACK_PERM=1
No. Time Source Destination Protocol Info
26 598.332451 194.87.37.17 10.0.2.15 TCP cbt > 49186 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
No. Time Source Destination Protocol Info
27 598.334618 10.0.2.15 *** 87. *** .17 TCP 49186 > http-alt [ACK] Seq=1 Ack=1 Win=64240 Len=0
For now it should change only ports. IP address stays the same.
Is there any solutions?
Also as Yu Yeongjae Users Medals I found that if I remove PORT CONDITION - It works well.