locked
How do I send a new (not cloned) UDP packet from a callout driver RRS feed

  • Question

  • When I identify a certain flow (in the ALE_FLOW_ESTABLISHED layer) I need to send a short message with the flow information to a different address/port. How can I do this?


    Freddy

    Monday, June 25, 2012 9:44 PM

Answers

All replies

  • From within the classifyFn, you would need to create a new NBL.  To do this you will need to:

    1) allocate the memory  (sizeof payload + sizeof transport header + sizeof IP header) [ExAllocatePoolWithTag()] -  http://msdn.microsoft.com/en-us/library/windows/hardware/ff544520(v=vs.85).aspx

    2) Populate the memory with your information.

    3) Allocate the MDL [IoAllocateMDL()]  -  http://msdn.microsoft.com/en-us/library/windows/hardware/ff548263(v=vs.85).aspx

    4) Build the MDL [MmBuildMdlForNonPagedPool()]  -  http://msdn.microsoft.com/en-us/library/windows/hardware/ff554498(v=vs.85).aspx

    5) create the NBL and NB [FwpsAllocateNetBufferAndNetBufferList()]  - http://msdn.microsoft.com/en-us/library/ff551135.aspx

    7) You can then either compute the checksums yourself, or use FwpsConstructIpHeaderForTransportPacket() (depending on what layer you are at).

    8) Call the appropriate injection API (i.e. FwpsInjectTransportSendAsync()) - http://msdn.microsoft.com/en-us/library/ff569975.aspx

    When the memory is no longer needed, you can free the resources using FwpsFreeNetBufferList(), IoFreeMDL(), and ExFreePoolWithTag().

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Monday, June 25, 2012 11:47 PM
    Moderator
  • Thanks. I was hoping it will be simpler than that... I'll try, and if I get into trouble you'll probably hear from me again :)


    Freddy

    Tuesday, June 26, 2012 12:07 AM
  • Hi Dusty,

    I have a few follow-up questions:

    1. I can use as my source address the one from inFixedValues (at FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_LOCAL_ADDRESS), but I need also a port.  Can I get a dynamically assigned source port? How?

    2. In item 7 above you said that I can "use FwpsConstructIpHeaderForTransportPacket() (depending on what layer you are at)". Considering that I'm in the classifyFn of ALE_FLOW_ESTABLISHED - can I do this?

    3. Is there any function for building UDP header in the same way as for the IP header? or do I have to do it manually?

    Thanks.


    Freddy

    Tuesday, June 26, 2012 12:59 AM
  • 1) you can use port reservations to reserve a pool of ports.  You will need to keep track of what ports from the pool are in use. http://msdn.microsoft.com/en-us/library/windows/desktop/gg696069(v=vs.85).aspx

    2) You should have all available data at FLOW_ESTABLISHED, so yes, this shouldn't be a problem.

    3)no, You need to manually build the Transport headers.  FwpsConstructIpHeaderForTransportPacket() will recalculate the Transport checksum for you though.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, June 26, 2012 2:56 AM
    Moderator
  • Thanks. Answer to questions 2 & 3 is what I needed. But -

    As for the UDP port question - it is not what I asked for. I don't need to permanently assign a port number (or range) that I have selected. I wanted a dynamically assigned port (from the dynamic ports range 49152–65535) assigned to my kernel-mode callout driver for a limited time (normally for one message). A second question related to your answer - can a IP helper library function (such as the CreatePersistentUdpPortResrvation) be called from a kernel mode callout driver?


    Freddy


    Tuesday, June 26, 2012 5:43 PM