locked
Transport layer redirection to loopback. RRS feed

  • Question

  • Hi,

    I am trying to redirect outboud TCP traffic to loopback address(127.0.0.1) listened by a user-mode proxy service on port 5555. After reading the WDK as well as this forum, seems it's better to do it on transport layer for IPsec compatibility and perhaps a better performance.

    But now I'm stuck on reinjecting the packet at the INBOUND_TRANSPORT_DISCARD.
    Following is what I do in each layer:

    Client :
        1. [SYN] OUTBOUND_TRANSPORT :
           Original connection is from [192.168.186.33:49723] to [192.168.186.1:80].
           Referemce-colone-modify-reinject botb source/destination IP to loopback, set destination port to the proxy listening port(5555).
           So now the 4-tuple looks like [127.0.0.1:49723] [127.0.0.1:5555].
        2. [SYN] OUTBOUND_IPPACKET :
            I can see a packet from [127.0.0.1] to [127.0.0.1].

    Server(actually the proxy process running on the same machine) :
        3. successfully get the SYN from client and sends back SYN-ACK to client.
       
    Client :
        4. [SYN-ACK] INBOUND_IPPACKET :
           The packet is from [127.0.0.1] to [127.0.0.1].
        5. [SYN-ACK] INBOUND_TRANSPORT_DISCARD :
           The packet is from [127.0.0.1:5555] to [127.0.0.1:49723] with discard reason InetDiscardEndpointNotFound.
           Using FwpsConstructIpHeaderForTransportPacket0(), reinject the packet by modifing IP/Port to [192.168.186.1:80]-->[192.168.186.33:49723]
        6. [SYN-ACK] INBOUND_IPPACKET_DISCARD :
           The packet is from [192.168.186.1] to [192.168.186.33] with discard reason IpDiscardNotLocallyDestined...
         

    Looks like TCPIP discard the IP packet at step 6 because it did not appear on step 2?
    Don't know what I can do now..
    Really appreciate if someone can give me a clue how to fix this..

    PS: I am using WDK 6001 on Vista SP1.
    Also on step 5, I tried modifying the Compartment, Interface, Sub-interface when calling FwpsInjectTransportReceiveAsync0(), but nothing useful happened..

    Best regards,
    peter.
    Tuesday, July 1, 2008 1:00 PM

Answers

  • I am guessing the interfaceIndex/subInterfaceIndex passed to the FwpsInjectTransportReceiveAsync0 are not the same pair as indicated to the OUTBOUND_TRANSPORT layers before modifications are made.

     

    They need to be the same.

     

    Thanks,

    Biao.W.

    Wednesday, July 2, 2008 5:58 AM

All replies

  • I am guessing the interfaceIndex/subInterfaceIndex passed to the FwpsInjectTransportReceiveAsync0 are not the same pair as indicated to the OUTBOUND_TRANSPORT layers before modifications are made.

     

    They need to be the same.

     

    Thanks,

    Biao.W.

    Wednesday, July 2, 2008 5:58 AM
  • Hi Biao!

    Thank you so much!!
    Your answer fixes the exact problem I have!
    Really really appreciate your help.

    Thanks again and best regards,
    Peter.





    Wednesday, July 2, 2008 7:28 AM
  •    HI  

           I have same question , can you tell me ?  How to  fixes ?

           Tanks

     

    Wednesday, May 16, 2012 8:35 AM
  •     How  make  interfaceIndex/subInterfaceIndex   same pair ?

       get  this value   from 

      packet->interfaceIndex =
                    inFixedValues->incomingValue\
                    [FWPS_FIELD_OUTBOUND_TRANSPORT_V4_INTERFACE_INDEX].value.uint32;
                packet->subInterfaceIndex =
                    inFixedValues->incomingValue\
                    [FWPS_FIELD_OUTBOUND_TRANSPORT_V4_SUB_INTERFACE_INDEX].value.uint32;

    packet->interfaceIndex =
                    inFixedValues->incomingValue\
                    [FWPS_FIELD_INBOUND_TRANSPORT_V4_INTERFACE_INDEX].value.uint32;
                packet->subInterfaceIndex =
                    inFixedValues->incomingValue\
                    [FWPS_FIELD_INBOUND_TRANSPORT_V4_SUB_INTERFACE_INDEX].value.uint32;

     

    Wednesday, May 16, 2012 9:44 AM
  • Unless you are supporting Vista, it is recommended to use FWPM_LAYER_ALE_CONNECT_REDIRECT_V* for your proxying needs.  You may also want to consider whether you have to proxy at all, and just handle the data at STREAM.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Thursday, May 17, 2012 5:20 AM
    Moderator