none
Dynamic selection of source network-adapter for connections/sockets RRS feed

  • Question

  • Hello,
    I want to select source interface/adapter for each connection that is being created dynamically on a multi-homed system. My intent is to override TCP-IP routing for certain connections such that I can decide which adapter bears a connection for transmission.
    
    Should I process and modify each packets source IP to map to the adapter that I want the particular connection to traverse i.e redirect it to an alternate adapter such that it may override the routing table. Is there a way to do this at the transport layer such that i can clone and reinject packets targeting a particular interface using the interface index.
    OR
    can I do it using "FWPM_LAYER_ALE_CONNECT_REDIRECT_V4" or ALE_BIND_REDIRECT layer, so that when a socket is created and tries to connect, I can perform a decision for interface selection.(will the connection in this case be diverted to the intended adapter(out of the many) for its lifetime without depending on supplementary infrastructure?).
    
    If it can only be done on per packet basis then kindly specify the layer at which I should be concentrating.
    
    Kindly advice if these are valid assumptions about how this is to be done.
    
    Regards
    Umar Yaqoob
    Friday, April 11, 2014 7:01 AM

All replies

  • Hello Umar!

    With FWPM_LAYER_ALE_CONNECT_REDIRECT_V4|6 layers you do not have to think about each packet. You can just modify remote IP address and/or port of the outgoing connection to redirect it to a proxy. With FWPM_LAYER_ALE_BIND_REDIRECT_V4|6 you can do the same but for an incoming connections (port listening). MSDN page Using Bind or Connect Redirection contains a good description of how it should work. Pay attention to limitations for selected layers (only TCP, UDP, Raw UDPv4 without the header include option, Raw ICMP are supported). You can also try both FWPM_LAYER_ALE_CONNECT_REDIRECT_V4|6 and FWPM_LAYER_ALE_BIND_REDIRECT_V4|6 with WFPSampler example.

    Monday, April 14, 2014 11:41 AM
  • Hey Petr

    Thanks for replying.

    I am not interested in changing the dest Ip/Port or redirecting a bind call. ALE_CONNECT_REDIRECT_V* doesn't support Local add/port modification.

    I want to be able to select an interface for some application that is using an interface out of the many thereby disregarding the route table.

    Say a System has Interfaces A & B , Interface A connects to the internet and then interface B connects to the internet.

    Now if an application tries to connect to the internet interface B is selected by the route table coz of its low metric.

    Here I want to be able to select interface A for some applications and simultaneously interface B for others.

    I tried to achieve this at Transport Layers by changing the source ip of packets to Interface A thereby replacing the original interface B address.

    The code is something like this (for transport Outbound)

          

     NTSTATUS status = STATUS_SUCCESS;

       NET_BUFFER_LIST* clonedNetBufferList = NULL;
       FWPS_TRANSPORT_SEND_PARAMS sendArgs = {0};

       status = FwpsAllocateCloneNetBufferList(
                   packet->netBufferList,
                   NULL,
                   NULL,
                   0,
                   &clonedNetBufferList
                   );
       if (!NT_SUCCESS(status))
       {
          goto Exit;
       }

       FWP_BYTE_ARRAY16 s = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };

        s.byteArray16[0] = 101;
       s.byteArray16[1] = 58;
       s.byteArray16[2] = 198;
       s.byteArray16[3] = 223;
    //Using hardcoded ip address for now



      status = FwpsConstructIpHeaderForTransportPacket(
      clonedNetBufferList,
      0,
      packet->addressFamily, //add family
     
      (UINT8*)&s, // Inserting New source Address hoping that it will select the other interface
      (UINT8*)&packet->remoteAddr,



      packet->protocol, //new protocol
     packet->endpointHandle, //endpoint handle
    packet->controlData,//*control data
     packet->controlDataLength,  //control data length
      0, //flags
      NULL, //reserved
      0, //interface index //Specifying the interface index doesn't have any effect
      0//sub inter index

      );

      if (!NT_SUCCESS(status))
      {
      goto Exit;
      }


        status = FwpsInjectTransportSendAsync(
      gInjectionHandle,
      NULL,
      packet->endpointHandle,
      0,
      NULL,// &sendArgs,
      packet->addressFamily,
      packet->compartmentId,
      clonedNetBufferList,
      TLInspectInjectComplete,
      packet
      );

    Kindly Help

    Kindly Help
    Kindly Help
    Monday, April 14, 2014 7:42 PM
  • After setting up the two interfaces and running this code Everything goes haywire

    Ping reports General failure

    NetMon won't pickup anything from the interface.

    Syn-synack-ack packets are indicated at the transport layers.

    How else can I override the routing table? (route command is not an option)

    Kindly advice about the layer that should be used. Tips and traps are always welcome.

    Regards

    Umar Yaqoob

    Monday, April 14, 2014 7:53 PM
  • Have you found a solution?
    Tuesday, August 6, 2019 7:48 AM