locked
How to drop packet Using C++? RRS feed

  • Question

  • Hi for all.
    I want to drop packets using C ++ based on the destination IP address
    For example: the packet to IP address 8.8.8.8 will be drop.
    Currently, I have captured packet network card using C++
    If anyone have any links or comments, please share with me
    thank you
    • Moved by Jesse Jiang Monday, September 10, 2012 8:50 AM (From:Visual C++ Express Edition)
    Friday, September 7, 2012 6:36 AM

Answers

All replies

  • Hi,

    Welcome to the MSDN forum.

    Based on your description, your problems is about Winsock, I’d move the thread to Windows Desktop Winsock Kernel (WSK) ,since we here only discuss general native C++ problems on developing.

    Thanks for your understanding.

    Regards,


    Elegentin Xie [MSFT]
    MSDN Community Support | Feedback to us

    Monday, September 10, 2012 9:22 AM
  • Thank sir

    Hi all . I just found link at msdn http://msdn.microsoft.com/en-us/library/windows/hardware/ff546492%28v=vs.85%29.aspx

    I think Filter Hook Driver drop packet

    If anyone have idea , plzz share for me .

    Thank so much.

    Monday, September 10, 2012 11:13 AM
  • You can't with normal sockets. Sockets are built on top of the transport layer, and therefore you can't drop a TCP packet without sending the ACK back.

    For simulation purposes, you can rewrite the TCP using UDP packets. Then you have the ability to drop packets and what not.

    Another option would be to write something on the driver level which could filter indivudual packets. Then your simulation would be true to the actual TCP implementation between the machines you are working on. This method is OS dependent, and perhaps even hardware dependent (NIC dependent). On windows you could write an intermediate driver which would be a bit easier than writing an actual NIC driver. On linux, you could modify the source of a pre-existing driver to suit your needs.

    Well TCP implements several things like sequence numbers, acknowledgement packets, a checksum, and a sliding window which you would have to implement on top of UDP.

    Here is how it would look:
    Sender sends X number of packets (Where X is the window size). Sender then waits for ACK from receiver. When it receives ACK for packet 1, sender sends packet X+1. When sender receives ACK for packet 2, it sends packet X+2. If sender times out waiting for an ACK, sender resends that packet.

    If you want to be true to the TCP, then you would initiate a connection with a 3 way handshake. The handshake works like:
    Connection initiator chooses sequence number SEQA, and sends packet to server with SEQ=SEQA. Server chooses sequance number SEQB, and sends packet back with ACK=SEQA, and SEQ=SEQB. Connection initiator then sends back packet with SEQ=SEQA+1, and ACK=SEQB+1.

    TCP also has some flags which are used in initiating or tearing down connections, but they probably wont be needed for what you are trying to do. You can always do a search to figure out what these flags are, and when they are used though.

    Monday, September 10, 2012 11:25 AM
  • Hi james .

    I have read document about TCP/IP packet. A both using connection with a 3 way handshake

    TCP reliable / UDP unreliable

    Currently . I captured all packet in my location . check packet TCMP , UDP or TCP , Destination IP , Source IP

    Now , maybe i should drop packet follow destinaton IP

    #include "stdafx.h" #include <conio.h> #include <stdio.h> #include <string> #include <cstring> #include <string.h> #include <string> #include <iostream> #include <fstream> #include <Windows.h> #include <Winhttp.h> #include <winsock2.h> #include <mstcpip.h> #include <ws2tcpip.h> using namespace std; #define MAX_PACKET_SIZE 65525 typedef struct iphdr1 { unsigned char VerIHL; //Version and IP Header Length unsigned char Tos; unsigned short Total_len; unsigned short ID; unsigned short Flags_and_Frags; //Flags 3 bits and Fragment offset 13 bits unsigned char TTL; unsigned char Protocol; unsigned short Checksum; unsigned long SrcIP; unsigned long DstIP; //unsigned long Options_and_Padding; } IpHeader1; typedef struct port { unsigned short SrcPort; unsigned short DstPort; } TcpUdpPort; void ProcessPacket(char* Buffer, int Size) { IpHeader1 *iphdr1; TcpUdpPort *port; struct sockaddr_in SockAddr; unsigned short iphdrlen; char C; iphdr1 = (IpHeader1 *)Buffer; iphdrlen = (iphdr1->VerIHL << 4); memcpy(&C, &iphdrlen, 1); iphdrlen = (C >> 4) * 4; //20 memset(&SockAddr, 0, sizeof(SockAddr)); SockAddr.sin_addr.s_addr = iphdr1->SrcIP; printf("Packet From: %s ", inet_ntoa(SockAddr.sin_addr)); memset(&SockAddr, 0, sizeof(SockAddr)); SockAddr.sin_addr.s_addr = iphdr1->DstIP; printf("To: %s ", inet_ntoa(SockAddr.sin_addr)); switch (iphdr1->Protocol) { case 1: printf("Protocol: ICMP "); break; case 2: printf("Protocol: IGMP "); break; case 6: printf("Protocol: TCP "); if (Size > iphdrlen) { port = (TcpUdpPort *)(Buffer + iphdrlen); printf("From Port: %i To Port: %i ", ntohs(port->SrcPort), ntohs(port->DstPort)); } break; case 17: printf("Protocol: UDP "); if (Size > iphdrlen) { port = (TcpUdpPort *)(Buffer + iphdrlen); printf("From Port: %i To Port: %i ", ntohs(port->SrcPort), ntohs(port->DstPort)); } break; default: printf("Protocol: %i ", iphdr1->Protocol); } printf("\n"); } void StartSniffing(SOCKET Sock) { char *RecvBuffer = (char *)malloc(MAX_PACKET_SIZE + 1); int BytesRecv, FromLen; struct sockaddr_in From; if (RecvBuffer == NULL) { printf("malloc() failed.\n"); exit(-1); } FromLen = sizeof(From);

    do { memset(RecvBuffer, 0, MAX_PACKET_SIZE + 1); memset(&From, 0, sizeof(From)); BytesRecv = recvfrom(Sock, RecvBuffer, MAX_PACKET_SIZE, 0, (sockaddr *)&From, &FromLen); printf("BytesRecv la:%i",BytesRecv); if (BytesRecv > 0) { ProcessPacket(RecvBuffer, BytesRecv); } else { printf( "recvfrom() failed.\n"); } } while (BytesRecv > 0); free(RecvBuffer); } //////////////////////////////////////////////////////////////////////////// void main() { WSAData wsaData; SOCKET Sock; struct sockaddr_in SockAddr; DWORD BytesReturned; int I = 1; try { if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) { printf("WSAStartup() failed.\n"); exit(-1); } Sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP); if (Sock == INVALID_SOCKET) { printf("socket() failed.\n"); exit(-1); } memset(&SockAddr, 0, sizeof(SockAddr)); //SockAddr.sin_addr.s_addr = inet_addr(BIND2IP); SockAddr.sin_addr.s_addr = inet_addr(GetLocalAddress()); SockAddr.sin_family = AF_INET; SockAddr.sin_port = 0; if (bind(Sock, (sockaddr *)&SockAddr, sizeof(SockAddr))== SOCKET_ERROR) { printf("bind(%s) failed.\n", GetLocalAddress()); exit(-1); } if (WSAIoctl(Sock, SIO_RCVALL, &I, sizeof(I), NULL, NULL, &BytesReturned, NULL, NULL) == SOCKET_ERROR) { printf("WSAIoctl() failed.\n"); exit(-1); } ///////////// StartSniffing(Sock); } catch (...) { printf("CRASH\n"); } closesocket(Sock); WSACleanup(); system("pause"); }

    If you have idea about it , can you tell me ?

    Thank sir


    Monday, September 10, 2012 11:52 AM
  • Hi,

    On Vista and newer, you should use Windows Filtering Platform (WFP) API http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx. At simplest form this can done in user-mode by adding a filter using FwpmFilterAdd0() on FWPM_LAYER_ALE_AUTH_CONNECT_V4 layer with FWP_ACTION_BLOCK action. It is also possible to write kernel-mode callout, if built-in filtering functionality is not enough for your purposes.

    For further WFP related questions, use WFP forum http://social.msdn.microsoft.com/Forums/en-US/wfp/threads

    BR, Antti

     

    • Marked as answer by headshot9x9 Monday, September 17, 2012 4:30 PM
    Tuesday, September 11, 2012 5:22 AM
  • Hi,

    On Vista and newer, you should use Windows Filtering Platform (WFP) API http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx. At simplest form this can done in user-mode by adding a filter using FwpmFilterAdd0() on FWPM_LAYER_ALE_AUTH_CONNECT_V4 layer with FWP_ACTION_BLOCK action. It is also possible to write kernel-mode callout, if built-in filtering functionality is not enough for your purposes.

    For further WFP related questions, use WFP forum http://social.msdn.microsoft.com/Forums/en-US/wfp/threads

    BR, Antti

     

    Hi Antti . Do you think I will get more help if topic move to the directory WFP forum http://social.msdn.microsoft.com/Forums/en-US/wfp/threads

    As far as what you share, Windows Filtering Platform can drop or forward the packet according to the user.
    For example: packets to the IP destination 8.8.8.8 are dropped, all the packets will forward .

    Maybe , I should move to WFP forum ^^

    Tuesday, September 11, 2012 7:59 AM