Re: NDIS passthru packet redirection

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Again,

at the moment, I want to redirect packets (which are lokaly requested with
netcat) to a local or a remote webserver and I have bound the IM to the
network card. If I bound them to \DEVICE\NDISWANIP it's not working too.

Should I adjust the MAC address? In MPSendPackets they are not filled in the
etherheader.

--
Mathias

"Thomas F. Divine [DDK MVP]" <tdivine@xxxxxxxxxxxxxxxx> wrote in message
news:Ob3he0GSGHA.1844@xxxxxxxxxxxxxxxxxxxxxxx
You might skip the call to NDIS_SET_ORIGINAL_PACKET. That is effectively
saying that your new packet is the same as the original packet. Set it to
NULL or to your packet.
If you have disable NDIS task offload, then all of that OOB stuff doesn't
matter. If you have not disabled NDIS task offload,then you should examine
the OOB data and see if it applies to your modified packet.

Thomas F. Divine, Windows DDK MVP
http://www.pcausa.com


"Mathias Walter" <mathias.walter@xxxxxxx> wrote in message
news:ue3u7lGSGHA.4456@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thomas,

thank you for your quick response.

I did all things you sad, except that I moved along the buffer chain and
copied each buffer memory separately. I changed this as you suggested,
but it's still not working.

I changed the miniport.c MPSendPackets function as following:

if (!(SndFltAction & SND_FLT_REDIR_PACKET)) {
//
// Copy the OOB data from the original packet to the new
// packet.
//
NdisMoveMemory(NDIS_OOB_DATA_FROM_PACKET(MyPacket),
NDIS_OOB_DATA_FROM_PACKET(Packet),
sizeof(NDIS_PACKET_OOB_DATA));
//
// Copy relevant parts of the per packet info into the new packet
//
#ifndef WIN9X
NdisIMCopySendPerPacketInfo(MyPacket, Packet);
#endif

//
// Copy the Media specific information
//
NDIS_GET_PACKET_MEDIA_SPECIFIC_INFO(Packet,
&MediaSpecificInfo,
&MediaSpecificInfoSize);

if (MediaSpecificInfo || MediaSpecificInfoSize)
{
NDIS_SET_PACKET_MEDIA_SPECIFIC_INFO(MyPacket,
MediaSpecificInfo,
MediaSpecificInfoSize);
}

} else {
// Copy package buffers
NdisQueryPacketLength(Packet, &TotalPacketLength);
// Allocate my data buffer for the whole packet
NdisAllocateMemoryWithTag( &pBuf, TotalPacketLength, TAG );

// Allocate my buffer handle
NdisAllocateBuffer( &Status, &pMyBuffer,
pAdapt->SendBufferPoolHandle, pBuf, TotalPacketLength );

// Insert my buffer into my packet
NdisChainBufferAtFront( MyPacket, pMyBuffer );

DbgPrint("copying packet data...\n");

// Copy original packet data into my new buffer
NdisCopyFromPacketToPacketSafe(MyPacket, 0, TotalPacketLength,
Packet, 0, &uiCopied, NormalPagePriority);

// Redirect IP to myself
pIPHeader = (struct ip*)&pBuf[sizeof(struct ether_header)];
pIPHeader->ip_dst.s_addr = inet_addr("10.150.36.8");
chksum = getChecksum(pIPHeader);
pIPHeader->ip_sum = chksum;
DbgPrint("redirected to ip: %d.%d.%d.%d\n", pBuf[30], pBuf[31],
pBuf[32], pBuf[33]);

NDIS_SET_ORIGINAL_PACKET(MyPacket, NDIS_GET_ORIGINAL_PACKET(Packet));
NdisSetPacketFlags(MyPacket, NdisGetPacketFlags(Packet));
Status = NDIS_GET_PACKET_STATUS( Packet );
NDIS_SET_PACKET_STATUS( MyPacket, Status );
NDIS_SET_PACKET_HEADER_SIZE(MyPacket,
NDIS_GET_PACKET_HEADER_SIZE(Packet));

FltPrintPacketInfo(MyPacket); // prints ip information
}

NdisSend(&Status,
pAdapt->BindingHandle,
MyPacket);

The function FltPrintPacketInfo prints out the correctly changed
destination address.
A network monitor on the destination computer does not recieve any
packages.

What is still missing or wrong?

--
Regards, Mathias

"Thomas F. Divine [DDK MVP]" <tdivine@xxxxxxxxxxxxxxxx> wrote in message
news:uO9gWGGSGHA.4960@xxxxxxxxxxxxxxxxxxxxxxx

"msnews.microsoft.com" <mathias.walter@xxxxxxx> wrote in message
news:e0tcWxFSGHA.4792@xxxxxxxxxxxxxxxxxxxxxxx
Hello,

I want to redirect tcp packets to different destination. For that, I
modified the passthru example from the Win2003 DDK and changed the
destination ip address in MPSendPackets (allocate my own packet and
buffers).

But the packet is routed somewhere else.

In Ethereal the old destination address is showing. I don't know why.

The request always times out.

I disabled task offloading at all (
NdisSetPacketPoolProtocolId(pAdapt->SendPacketPoolHandle,
NDIS_PROTOCOL_ID_DEFAULT); in PBindAdapter
and
Status = NDIS_STATUS_NOT_SUPPORTED in MPQueryInformation)
and calculate the ip header checksum. Do I need to calculate the tcp
checksum or pseudo-header checksum too?

If you did not modify the TCP header or payload, then you do not need to
recalcuate the TCP headers. Only the IP header.


Does anyone know, why Ethereal shows the original destination ip
address?
What can I do to make the redirection working?

Probably...

...you didn't actually modify the IP header correctly.

You must allocate your own NDIS_PACKET and NDIS_BUFFER (you said that
you did this already...) _AND_ you must also allocate your own virtual
memory (byte array) for the modified packet data. The simplest way is to
allocate a non-paged byte array whose length is the total packet length.
Allocate a NDIS_BUFFER for this array VM, then chain it to your
NDIS_PACKET. Now you can use NdisCopyFromPacketToPacket to copy the
original packet data to your own private copy. Then change the
destination IP in YOUR VM and re-calcuate the IP header checksum (You
should not modify the original data).

You can use the debugger to examine the packet just before you call
NdisSend to insure that what you are sending is correct.

Ethereal (or any network monitor) can cause confusion if it is run on
the same machine that hosts your NDIS IM filter driver. NDIS does some
software loopback of send packets when Ethereal is running, and these
can be misleading. In Ethereal on the local host you may see what was
originally sent - NOT your modified packet. I suggest that you use a
separate machine on the network to observe what is actually sent on the
wire.

Good luck,

Thomas F. Divine, Windows DDK MVP
http://www.pcausa.com






.

Relevant Pages

  • Re: NDIS packet buffer allocation
    ... you can allocate an NDIS_BUFFER descriptor to point to just any ... DMA for a received frame has completed. ... Now most MAC chips "eat up" one whole buffer for each frame. ... Are there other ways of creating packet descriptors for NDIS? ...
    (microsoft.public.development.device.drivers)
  • Re: NDIS passthru packet redirection
    ... copied each buffer memory separately. ... // Copy the OOB data from the original packet to the new ... // Allocate my data buffer for the whole packet ... A network monitor on the destination computer does not recieve any packages. ...
    (microsoft.public.development.device.drivers)
  • Re: Interesting TCP behaviour with large sends/small buffers
    ... My current workaround is simply setting the send buffer to a larger ... The server, upon connection, sends a configurable number of bytes to ... packet before sending the next packet. ... ACK, according to the delayed ACK algorithm - 50KB bytes means 34 MSS- ...
    (microsoft.public.win32.programmer.networks)
  • Re: Interesting TCP behaviour with large sends/small buffers
    ... The server, upon connection, sends a configurable number of bytes to ... I set the client's receive buffer size to 1MBps, ... packet before sending the next packet. ... ACK, according to the delayed ACK algorithm - 50KB bytes means 34 MSS- ...
    (microsoft.public.win32.programmer.networks)
  • Re: Problem Modifing the NDIS packet
    ... I did not modify the NDIS_PACKET in place. ... Allocate a send Packet buffer. ... Allocate the buffer, i got this buffer size by quering the NDIS buffer. ...
    (microsoft.public.development.device.drivers)