locked
Modifying Steam Edit to Drop Packets RRS feed

  • Question

  • Hello all,

    Does anyone have any pointers on how I would modify the Steam Edit example to drop a packet when a string is found instead of modifying the data?

    Thanks,

    Iwinstont

    Thursday, September 20, 2012 10:30 PM

Answers

All replies

  • STREAM is past the point of packets.  All indications at STREAM are the TCP payload. Are you wanting to drop the data, just the data that matches, or drop the whole connection?


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Thursday, September 20, 2012 10:55 PM
    Moderator
  • Hello Dusty Harper,

    I'm trying to develop a parental control application. The way I am going about it is to inspect HTTP request headers and find the host field of the header. From there I would like to drop the connection to the website. What I was previously doing was just replacing every instance of a specific website string with a NULL string, which would return a 400 Bad Request exception. However, this was only meant to be a temporary soultion.

    Thanks,

    Iwinstont

    Thursday, September 20, 2012 11:06 PM
  • If using Win8, you can call FwpsFlowAbort.  This will cause the connection to be dropped.  Alternatively, you can BLOCK the current indicated data, and set the streamFlags in FwpsStreamInjectAsync to FWPS_STREAM_FLAG_RECEIVE_DISCONNECT or FWPS_STREAM_FLAG_SEND_DISCONNECT with a NULL netBufferList.  This will cause the connection to get dropped as well.

    http://msdn.microsoft.com/en-us/library/windows/hardware/hh439582(v=vs.85).aspx

    http://msdn.microsoft.com/en-us/library/windows/hardware/ff551213(v=vs.85).aspx

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Friday, September 21, 2012 12:24 AM
    Moderator
  • Thank you very much
    Sunday, September 23, 2012 9:39 PM