locked
FwpsConstructIpHeaderForTransportPacket0 createIP usage RRS feed

  • Question


  • Hi Guys

    I have the following code in my driver which I am trying to clone and then create a IP Header.
    When I run this code and try to create a IP header I see that the IP header contents are INVALID.
    what I doing wrong? Please suggest.

    Also, I am not clear about the "netBufferList " of FwpsConstructIpHeaderForTransportPacket0(below).
    Also, What should I assume about a packet cloned with FwpsAllocateCloneNetBufferList0().
    For using with FwpsConstructIpHeaderForTransportPacket0, Should I set "offset" to beginning of the transport header (OR) at the beginning of the IP header

    netBufferList
    A pointer to a NET_BUFFER_LIST structure that describes the cloned transport layer packet data for which a new IP header is to be constructed or rebuilt. To construct a new IP header, locate the offset of the cloned NET_BUFFER_LIST structure at the beginning of the transport header. To rebuild a pre-existing IP packet header, locate the offset at the beginning of the IP header.
     
    Thanks
    Harry

        // Adjust the net buffer list offset to the start of the IP header.
       while( pNetBuffer )
        {
            status = NdisRetreatNetBufferDataStart(pNetBuffer,
                                                   expandSize,    //      packet->ipHeaderSize + packet->transportHeaderSize -> FWPS_LAYER_INBOUND_TRANSPORT_V4
                                                                        //       packet->ipHeaderSize  -> FWPS_LAYER_OUTBOUND_TRANSPORT_V4
                                                   0, NULL) ;
            if( !NT_SUCCESS(status) )
            {
                goto errorexit ;
            }
            pNetBuffer = NET_BUFFER_NEXT_NB(pNetBuffer) ;
        }
    
        status = FwpsAllocateCloneNetBufferList0(pNetBufList,
                                                 NULL,
                                                 NULL,
                                                 0,
                                                 ppClonedNetBufferList) ;
        if( !NT_SUCCESS(status) )
       {
            goto errorexit ;
        }
    
        pNetBuffer = NET_BUFFER_LIST_FIRST_NB(pNetBufList) ;
    
    
        // Undo the adjustment on the original net buffer list.
        while( pNetBuffer && pNetBuffer != pStopBuffer )
        {
            NdisAdvanceNetBufferDataStart(pNetBuffer,
                                          expandSize,
                                          FALSE, NULL) ;
    
            pNetBuffer = NET_BUFFER_NEXT_NB(pNetBuffer) ;
        }
    
    
          status = FwpsConstructIpHeaderForTransportPacket0(
                      clonedNetBufferList,
                      packet->ipHeaderSize,
                      AF_INET,
                      packet->belongingFlow->toRemoteAddr, 
                                           // This is our new source address --
                                           // or the destination address of the
                                           // original outbound traffic.
                      (UINT8*)&packet->belongingFlow->localAddr,
                                           // This is the destination address of
                                           // the clone -- or the source of the
                                           // original outbound traffic.
                      packet->belongingFlow->protocol,
                      0,
                      NULL,
                      0,
                      0,
                      NULL,
                      0,
                      0
                      );
    

    Friday, November 20, 2009 9:08 AM

Answers

  • FwpsConstructIpHeaderForTransportPacket0 can do two things -- 1) build an IP header in front of an NBL that starts with a transport header, and 2) re-built the IP header for an NBL that starts with an IP header.

    In either case the input NBL must be a clone. For 1) you pass headerIncludeHeaderSize as 0 and for 2) you set it to the size of the existing IP header.

    For example, when you intercept an NBL from OUTBOUND_TRANSPORT, all NBs (packets) chained under it begin with transport header. If you wish to add ip headers in front of them, you would first allocate a clone of the indicate NBL (the clone would also begin with TL header) and then you call FwpsConstructIpHeaderForTransportPacket0 with the cloned NBL and 0 as headerIncludeHeaderSize .

    For another example, say you intercept an NBL from OUTBOUND_IPPACKET and would like to change the destination IP address. you would first make a clone (and the clone will begin with the IP header) and then call  FwpsConstructIpHeaderForTransportPacket0 with headerIncludeHeaderSize  set to inMetaValues->ipHeaderSize and the remote Address set to the appropriet value.

    Hope this helps,
    Biao.W.
    Saturday, November 21, 2009 2:19 AM

All replies

  • Hi,

    just a good guess from me: You seem to have a small error in your FwpsConstructIpHeaderForTransportPacket0 call, shouldn't is be:

          status = FwpsConstructIpHeaderForTransportPacket0(
    clonedNetBufferList,
    packet->ipHeaderSize,
    AF_INET,
    (UINT8*)&packet->belongingFlow->toRemoteAddr, // This is our new source address -- // or the destination address of the // original outbound traffi (UINT8*)&packet->belongingFlow->localAddr,
    // This is the destination address of // the clone -- or the source of the // original outbound traffic. packet->belongingFlow->protocol,
    0, NULL,
    0,
    0,
    NULL,
    0,
    0 );

    Or was it just a copy & past error?

    Dennis
    Friday, November 20, 2009 3:30 PM
  • Hi Mips128,

    I am sure I am passed the right pointers of both Src/Dest addresses.

    However, I am passing it them as follows.

         unsigned int srcAddr = 0x7F000001;

          (UINT8 *)htonl(srcAddr)  ->  and pass this value as 'sourceAddress' argument

    What I actually worried about is the headerIncludeHeaderSize argument.
    When I clone a NET_BUFFER_LIST and want to create a IP header for it using FwpsConstructIpHeaderForTransportPacket0(), what should I pass 'headerIncludeHeaderSize'  as?

    Should I set "offset" to beginning of the transport header (OR) at the beginning of the IP header?


    Thanks
    - Harry
    Friday, November 20, 2009 6:25 PM
  • FwpsConstructIpHeaderForTransportPacket0 can do two things -- 1) build an IP header in front of an NBL that starts with a transport header, and 2) re-built the IP header for an NBL that starts with an IP header.

    In either case the input NBL must be a clone. For 1) you pass headerIncludeHeaderSize as 0 and for 2) you set it to the size of the existing IP header.

    For example, when you intercept an NBL from OUTBOUND_TRANSPORT, all NBs (packets) chained under it begin with transport header. If you wish to add ip headers in front of them, you would first allocate a clone of the indicate NBL (the clone would also begin with TL header) and then you call FwpsConstructIpHeaderForTransportPacket0 with the cloned NBL and 0 as headerIncludeHeaderSize .

    For another example, say you intercept an NBL from OUTBOUND_IPPACKET and would like to change the destination IP address. you would first make a clone (and the clone will begin with the IP header) and then call  FwpsConstructIpHeaderForTransportPacket0 with headerIncludeHeaderSize  set to inMetaValues->ipHeaderSize and the remote Address set to the appropriet value.

    Hope this helps,
    Biao.W.
    Saturday, November 21, 2009 2:19 AM
  • Hi Biao,

    Thanks for the help. Now, I understand it. Is there a place in MSDN where I read more about what to expect at each of these layer(detailed).

    Similarly, What should I expect the state of NBLs in the INBOUND_TRANSPORT (receive)?

    - Harry Ball
    Monday, November 23, 2009 8:54 AM
  • Monday, November 23, 2009 8:18 PM