none
Compiling with WFP

    Question

  • Hello,

    I'm trying to make a small app that redirects outgoing connections to a certain host on a certain TCP ports to another host and another port. I tried some sample code that I found in the WFP API reference to begin with but it doesn't compile at all. I am using the latest windows SDK and Visual C++ 10 Express. Here's the code:

     

     

     

    #define _WIN32_WINNT	_WIN32_WINNT_WIN7
    
    #define WINVER			_WIN32_WINNT_WIN7
    
    #define NTDDI_VERSION	NTDDI_WIN7
    
    
    
    #include <windows.h>
    
    #include <fwpmu.h>
    
    
    
    #pragma comment (lib, "fwpuclnt.lib")
    
    
    
    void redirectPorts()
    
    {
    
       HANDLE *engineHandle;
    
       FwpmEngineOpen0(NULL,RPC_C_AUTHN_DEFAULT,NULL,NULL,engineHandle);
    
    
    
       FWPM_FILTER0 filter;
    
       FWPM_SUBLAYER0 sublayer;
    
    
    
       RtlZeroMemory(&filter,sizeof(FWPM_FILTER0));
    
    
    
       filter.layerKey = FWPM_LAYER_ALE_CONNECT_REDIRECT_V4;
    
       filter.action.type = FWP_ACTION_BLOCK;
    
    
    
       if (&sublayer.subLayerKey != NULL)
    
           filter.subLayerKey = sublayer.subLayerKey;
    
    
    
       filter.weight.type = FWP_EMPTY; // auto-weight
    
       filter.numFilterConditions = 0; // This applies to all application traffic
    
       filter.displayData.name = L"Blockade/Redirect";
    
       filter.displayData.description = L"Filter";
    
       
    
      
    
       int res;
    
       res = FwpmFilterAdd0(engineHandle,&filter,NULL,NULL);
    
    
    
    }
    
    
    
    int main()
    
    {
    
    	redirectPorts();
    
    	return 0;
    
    }
    

    and here's the errors:

     

    1>------ Build started: Project: lpcfw, Configuration: Debug Win32 ------
    1> lpcfw.cpp
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwptypes.h(275): error C2059: syntax error : 'constant'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwptypes.h(345): error C2059: syntax error : 'constant'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(369): error C2059: syntax error : 'constant'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(418): error C2016: C requires that a struct or union has at least one member
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(418): error C2061: syntax error : identifier 'IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(419): error C2061: syntax error : identifier 'v6Statistics'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(419): error C2059: syntax error : ';'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(424): error C2059: syntax error : '}'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(474): error C2016: C requires that a struct or union has at least one member
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(474): error C2061: syntax error : identifier 'IKEEXT_KEYMODULE_STATISTICS0'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(475): error C2061: syntax error : identifier 'authipStatistics'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(475): error C2059: syntax error : ';'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\iketypes.h(477): error C2059: syntax error : '}'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmtypes.h(413): error C2061: syntax error : identifier 'FWP_FILTER_ENUM_TYPE'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmtypes.h(420): error C2059: syntax error : '}'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmtypes.h(431): error C2016: C requires that a struct or union has at least one member
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmtypes.h(431): error C2061: syntax error : identifier 'FWPM_FILTER_ENUM_TEMPLATE0'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmtypes.h(434): error C2059: syntax error : '}'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3178): error C2143: syntax error : missing ')' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3178): error C2143: syntax error : missing '{' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3179): error C2040: 'HANDLE' : 'int' differs in levels of indirection from 'void *'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3179): error C2143: syntax error : missing ';' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3180): error C2059: syntax error : ')'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3233): error C2143: syntax error : missing ')' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3233): error C2143: syntax error : missing '{' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3234): error C2373: 'FWPM_FILTER_CHANGE_CALLBACK0' : redefinition; different type modifiers
    1>     c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3224) : see declaration of 'FWPM_FILTER_CHANGE_CALLBACK0'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3234): error C2146: syntax error : missing ';' before identifier 'callback'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3235): error C2059: syntax error : 'type'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3237): error C2059: syntax error : ')'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3251): error C2143: syntax error : missing ')' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3251): error C2081: 'FWPM_FILTER_SUBSCRIPTION0' : name in formal parameter list illegal
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3251): error C2143: syntax error : missing '{' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3252): warning C4142: benign redefinition of type
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3252): error C2370: 'UINT32' : redefinition; different storage class
    1>     c:\program files\microsoft sdks\windows\v7.0a\include\basetsd.h(82) : see declaration of 'UINT32'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3252): error C2143: syntax error : missing ';' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3253): error C2059: syntax error : ')'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3642): error C2143: syntax error : missing ')' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3642): error C2081: 'IKEEXT_STATISTICS0' : name in formal parameter list illegal
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3642): error C2143: syntax error : missing '{' before '*'
    1>c:\program files\microsoft sdks\windows\v7.0a\include\fwpmu.h(3643): error C2059: syntax error : ')'
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(15): error C2275: 'FWPM_FILTER0' : illegal use of this type as an expression
    1>     c:\program files\microsoft sdks\windows\v7.0a\include\ipsectypes.h(65) : see declaration of 'FWPM_FILTER0'
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(15): error C2146: syntax error : missing ';' before identifier 'filter'
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(15): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(16): error C2275: 'FWPM_SUBLAYER0' : illegal use of this type as an expression
    1>     c:\program files\microsoft sdks\windows\v7.0a\include\fwpmtypes.h(273) : see declaration of 'FWPM_SUBLAYER0'
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(16): error C2146: syntax error : missing ';' before identifier 'sublayer'
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(16): error C2065: 'sublayer' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(18): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(20): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(20): error C2224: left of '.layerKey' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(21): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(21): error C2224: left of '.action' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(21): error C2059: syntax error : ';'
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(23): error C2065: 'sublayer' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(23): error C2224: left of '.subLayerKey' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(24): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(24): error C2224: left of '.subLayerKey' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(24): error C2065: 'sublayer' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(24): error C2224: left of '.subLayerKey' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(26): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(26): error C2224: left of '.weight' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(27): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(27): error C2224: left of '.numFilterConditions' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(28): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(28): error C2224: left of '.displayData' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(29): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(29): error C2224: left of '.displayData' must have struct/union type
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(32): error C2143: syntax error : missing ';' before 'type'
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(33): error C2065: 'res' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(33): error C2065: 'filter' : undeclared identifier
    1>c:\users\nikos\documents\visual studio 2010\projects\lpcfw\lpcfw\lpcfw.cpp(33): warning C4133: 'function' : incompatible types - from 'int *' to 'const FWPM_FILTER0 *'
    ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
    

    What is the problem? I tried removing all the code too and compiling just with the <fwpmu.h> header but it throws all these errors that come from fwpmtypes.h and iketypes.h. I am compiling this as a C program because if I compile as a C++ program the error go even crazier.

    Any help with this?

     

    Thank you in advance

     

    Monday, March 07, 2011 1:44 PM

Answers

  • There is a bug in the header files (extra line spaces).  You can modify your copies directly:

    FwpTypes.h @ line 275:

       #define FWP_ACTION_BLOCK \
          (0x00000001 | FWP_ACTION_FLAG_TERMINATING)
       #define FWP_ACTION_PERMIT \
          (0x00000002 | FWP_ACTION_FLAG_TERMINATING)
       #define FWP_ACTION_CALLOUT_TERMINATING \
          (0x00000003 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_TERMINATING)
       #define FWP_ACTION_CALLOUT_INSPECTION \
          (0x00000004 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_NON_TERMINATING)
       #define FWP_ACTION_CALLOUT_UNKNOWN \
          (0x00000005 | FWP_ACTION_FLAG_CALLOUT)
       #define FWP_ACTION_CONTINUE \
          (0x00000006 | FWP_ACTION_FLAG_NON_TERMINATING)
       #define FWP_ACTION_NONE \
          (0x00000007)
       #define FWP_ACTION_NONE_NO_MATCH \
          (0x00000008)

    FwpTypes.h @ line 343

       #define FWP_FILTER_ENUM_VALID_FLAGS \
          (FWP_FILTER_ENUM_FLAG_BEST_TERMINATING_MATCH | \
           FWP_FILTER_ENUM_FLAG_SORTED)

    IkeTypes.h @ line 367

       #define IKEEXT_ERROR_CODE_COUNT  \
          (ERROR_IPSEC_IKE_NEG_STATUS_END - ERROR_IPSEC_IKE_NEG_STATUS_BEGIN)

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Monday, March 07, 2011 6:03 PM
    Moderator
  • WFP is not available on Windows XP.  For Vista+, you would need to clone / drop / modify the clone / inject all of the packets you wish to proxy (both outbound, and inbound).

    Hope this helps.

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, March 09, 2011 7:59 PM
    Moderator
  • For WinXP you will need to use TDI or NDIS to perform your redirection (outside the scope of this forum).

    For  Vista+ it is highly recommended to use WFP.  If you are interested in getting a Windows Logo, you have to use WFP...

    So essentially you have the following options:

    WinXP+ -> TDI and /or NDIS
    Vista+   -> WFP using Clone / Drop Inject
    Win7+   -> WFP using FWPM_LAYER_{BIND / CONNECT}_REDIRECT_V{4 / 6}

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, March 24, 2011 4:48 PM
    Moderator

All replies

  • There is a bug in the header files (extra line spaces).  You can modify your copies directly:

    FwpTypes.h @ line 275:

       #define FWP_ACTION_BLOCK \
          (0x00000001 | FWP_ACTION_FLAG_TERMINATING)
       #define FWP_ACTION_PERMIT \
          (0x00000002 | FWP_ACTION_FLAG_TERMINATING)
       #define FWP_ACTION_CALLOUT_TERMINATING \
          (0x00000003 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_TERMINATING)
       #define FWP_ACTION_CALLOUT_INSPECTION \
          (0x00000004 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_NON_TERMINATING)
       #define FWP_ACTION_CALLOUT_UNKNOWN \
          (0x00000005 | FWP_ACTION_FLAG_CALLOUT)
       #define FWP_ACTION_CONTINUE \
          (0x00000006 | FWP_ACTION_FLAG_NON_TERMINATING)
       #define FWP_ACTION_NONE \
          (0x00000007)
       #define FWP_ACTION_NONE_NO_MATCH \
          (0x00000008)

    FwpTypes.h @ line 343

       #define FWP_FILTER_ENUM_VALID_FLAGS \
          (FWP_FILTER_ENUM_FLAG_BEST_TERMINATING_MATCH | \
           FWP_FILTER_ENUM_FLAG_SORTED)

    IkeTypes.h @ line 367

       #define IKEEXT_ERROR_CODE_COUNT  \
          (ERROR_IPSEC_IKE_NEG_STATUS_END - ERROR_IPSEC_IKE_NEG_STATUS_BEGIN)

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Monday, March 07, 2011 6:03 PM
    Moderator
  • Thanks again, that helped.

     

    Another problem now if I may: I want, as already stated, to redirect inbound and outbound network traffic from and to, say, address A and port B to address C and port D. I want this though to be compatible with all Windows version from XP up to Win7. I see though that the REDIRECT layer is only compatible with Win7 and for older versions you have to capture, alter and reinject every single packet.

     

    How can it be done so that the program is compatible with all windows versions? What do I use for this method?

     

    Thank you

    Wednesday, March 09, 2011 6:35 PM
  • WFP is not available on Windows XP.  For Vista+, you would need to clone / drop / modify the clone / inject all of the packets you wish to proxy (both outbound, and inbound).

    Hope this helps.

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, March 09, 2011 7:59 PM
    Moderator
  • So for versions prior to windows vista it is actually impossible to redirect inbound/outbound traffic?
    Thursday, March 24, 2011 4:41 PM
  • For WinXP you will need to use TDI or NDIS to perform your redirection (outside the scope of this forum).

    For  Vista+ it is highly recommended to use WFP.  If you are interested in getting a Windows Logo, you have to use WFP...

    So essentially you have the following options:

    WinXP+ -> TDI and /or NDIS
    Vista+   -> WFP using Clone / Drop Inject
    Win7+   -> WFP using FWPM_LAYER_{BIND / CONNECT}_REDIRECT_V{4 / 6}

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, March 24, 2011 4:48 PM
    Moderator
  • If this is a known bug, has it been fixed since when you last posted this?
    Wednesday, August 29, 2012 6:24 PM
  • "this" is very vague.  Please specify exactly what you are referring to.

    In regards to the header issue, yes this has been fixed for quite awhile.  The WDDK has the latest headers with the fixes.

    There are no plans of porting WFP to WindowsXP.

    There are no plans of porting the FWPM_LAYER_ALE_{BIND | CONNECT}_REDIRECT_V{4 | 6} to Vista.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Wednesday, August 29, 2012 7:25 PM
    Moderator