Remove From My Forums

Can I change packet and redirect packet port from inbound and outbound trafffic with WFP?

Question
0

Sign in to vote
I just need to know is it possible to do following task with WFP?

I need to to change VPN header signature and redirect it to another port in both Windows Server 8 and Windows 7. so I have following idea but I wonder is it possible to do or not?

Create network Filter with WFP at both side.

In Outbound traffic

re-encrypt all outbound SSTP VPN packet including its header and diagram.
Set custom header and new PORT to X and send it again.

In Inbound traffic

restore original SSTP VPN packet from port X
send this new packet to inbound to SSTP port.

Can I do it with WFP?

Regards
Madnik7
Wednesday, October 5, 2011 1:22 AM

Answers

0

Sign in to vote
Yes. You would need to create a kernel mode callout driver to perform the injection. In the driver you would need to create at least one classify function and one completion function. In this function you would clone the NBL(s) and drop the original packet by returning FWP_ACTION_BLOCK and setting the FWPS_CLASSIFY_OUT_FLAG_ABSORB flag in the FWPS_CLASSIFY_OUT structure. You would modify the cloned NBL(s) and call the appropriate injection function (depending on which layer you are sitting at which is likely going to be TRANSPORT).

You then need to create a FWPM_FILTER that references the callout you created and would match the expected traffic, and add the callout.

WFP in the DDK: http://msdn.microsoft.com/en-us/library/ff571067.aspx
WFP in the SDK: http://msdn.microsoft.com/en-us/library/aa366510(VS.85).aspx

Hope this helps,
Dusty Harper [MSFT]
Microsoft Corporation
------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
------------------------------------------------------------
- Proposed as answer by Dusty Harper [MSFT]Moderator Wednesday, October 5, 2011 3:25 PM
- Marked as answer by Madnik7G Thursday, October 6, 2011 8:17 AM
Wednesday, October 5, 2011 3:25 PM

Moderator

All replies

0

Sign in to vote
Yes. You would need to create a kernel mode callout driver to perform the injection. In the driver you would need to create at least one classify function and one completion function. In this function you would clone the NBL(s) and drop the original packet by returning FWP_ACTION_BLOCK and setting the FWPS_CLASSIFY_OUT_FLAG_ABSORB flag in the FWPS_CLASSIFY_OUT structure. You would modify the cloned NBL(s) and call the appropriate injection function (depending on which layer you are sitting at which is likely going to be TRANSPORT).

You then need to create a FWPM_FILTER that references the callout you created and would match the expected traffic, and add the callout.

WFP in the DDK: http://msdn.microsoft.com/en-us/library/ff571067.aspx
WFP in the SDK: http://msdn.microsoft.com/en-us/library/aa366510(VS.85).aspx

Hope this helps,
Dusty Harper [MSFT]
Microsoft Corporation
------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
------------------------------------------------------------
- Proposed as answer by Dusty Harper [MSFT]Moderator Wednesday, October 5, 2011 3:25 PM
- Marked as answer by Madnik7G Thursday, October 6, 2011 8:17 AM
Wednesday, October 5, 2011 3:25 PM

Moderator
0

Sign in to vote

Yes. You would need to create a kernel mode callout driver to perform the injection. In the driver you would need to create at least one classify function and one completion function. In this function you would clone the NBL(s) and drop the original packet by returning FWP_ACTION_BLOCK and setting the FWPS_CLASSIFY_OUT_FLAG_ABSORB flag in the FWPS_CLASSIFY_OUT structure. You would modify the cloned NBL(s) and call the appropriate injection function (depending on which layer you are sitting at which is likely going to be TRANSPORT).

You then need to create a FWPM_FILTER that references the callout you created and would match the expected traffic, and add the callout.

WFP in the DDK: http://msdn.microsoft.com/en-us/library/ff571067.aspx
WFP in the SDK: http://msdn.microsoft.com/en-us/library/aa366510(VS.85).aspx

Hope this helps,

Dusty Harper [MSFT]
Microsoft Corporation
------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
------------------------------------------------------------

So I should start to going to development, I wish it work.
Madnik7

Thursday, October 6, 2011 8:18 AM

Answered by:

Can I change packet and redirect packet port from inbound and outbound trafffic with WFP?

Question

Answers

All replies