ntstatus

ntstatus

关注
发信
关注(28)粉丝(399)

WFP tcp重定向到用户应用程序

本文介绍了WFP tcp重定向到用户应用程序的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想将TCP连接重定向到用户应用程序ON WINDOWS 8.以下是分类功能,

I want to redirect TCP connection to user app ON WINDOWS 8. Following is the classify fucntion,

void NTAPI

TCPProxyConnectClassify(

  IN const FWPS_INCOMING_VALUES0 * pInFixedValues,

  IN const FWPS_INCOMING_METADATA_VALUES0 * pInMetaValues,

  IN OUT void * pLayerData,

  IN const void * pClassifyContext,

  IN const FWPS_FILTER1 * pFilter,

  IN UINT64 ui64FlowContext,

  OUT FWPS_CLASSIFY_OUT0 * pClassifyOut

 )

{

  UINT64 ui64ClassifyHandle;

  NTSTATUS ntStatus = STATUS_SUCCESS;

  FWPS_CONNECT_REQUEST0 * pModifiedLayerData;

  HANDLE hRedirectHandle;

  UINT16 ui16NewLocalPort = 27015;

  DWORD dwProcessID = 1072;

  UNICODE_STRING IPNumber;

  PWSTR终止符;

void NTAPI
TCPProxyConnectClassify(
 IN const FWPS_INCOMING_VALUES0* pInFixedValues,
 IN const FWPS_INCOMING_METADATA_VALUES0* pInMetaValues,
 IN OUT void* pLayerData,
 IN const void *pClassifyContext,
 IN const FWPS_FILTER1* pFilter,
 IN UINT64 ui64FlowContext,
 OUT FWPS_CLASSIFY_OUT0* pClassifyOut
 )
{
 UINT64 ui64ClassifyHandle;
 NTSTATUS ntStatus = STATUS_SUCCESS;
 FWPS_CONNECT_REQUEST0* pModifiedLayerData;
 HANDLE hRedirectHandle;
 UINT16 ui16NewLocalPort = 27015;
 DWORD dwProcessID = 1072;
 UNICODE_STRING IPNumber;
 PWSTR terminator;

  UNREFERENCED_PARAMETER(ui64FlowContext);

  UNREF ERENCED_PARAMETER(pLayerData);

  ntStatus = FwpsAcquireClassifyHandle0((void *)pClassifyContext,(UINT32)0,& ui64ClassifyHandle);
$
  if(NT_SUCCESS(ntStatus) ))
  {

   ntStatus = FwpsRedirectHandleCreate0(& TCP_PROXY_REDIRECT_CALLOUT_V4,0,& hRedirectHandle);

    if(!NT_SUCCESS(ntStatus))

   {

    FwpsReleaseClassifyHandle0(ui64ClassifyHandle);

    return;

  }

 UNREFERENCED_PARAMETER(ui64FlowContext);
 UNREFERENCED_PARAMETER(pLayerData);
 ntStatus = FwpsAcquireClassifyHandle0((void*)pClassifyContext, (UINT32)0, &ui64ClassifyHandle);
 if (NT_SUCCESS(ntStatus))
 {
  ntStatus = FwpsRedirectHandleCreate0(&TCP_PROXY_REDIRECT_CALLOUT_V4, 0, &hRedirectHandle);
  if (!NT_SUCCESS(ntStatus))
  {
   FwpsReleaseClassifyHandle0( ui64ClassifyHandle );
   return;
  }

   ntStatus = FwpsAcquireWritableLayerDataPointer0(ui64ClassifyHandle,pFilter-> filterId,(UINT32) )0,(PVOID *)& pModifiedLayerData,pClassifyOut);
$
   if(NT_SUCCESS(ntStatus))

   {

    //我的本地地址

    RtlInitUnicodeString(& IPNumber,L" 10.0.2.15");

    ntStatus = RtlIpv4StringToAddressW((PCWSTR)(IPNumbe) r.Buffer),TRUE,& terminator,&((SOCKADDR_IN *)& pModifiedLayerData-> remoteAddressAndPort) - > sin_addr);

  ntStatus = FwpsAcquireWritableLayerDataPointer0(ui64ClassifyHandle, pFilter->filterId, (UINT32)0, (PVOID*)&pModifiedLayerData, pClassifyOut);
  if (NT_SUCCESS(ntStatus))
  {
   //My local address
   RtlInitUnicodeString( &IPNumber, L"10.0.2.15");
   ntStatus = RtlIpv4StringToAddressW((PCWSTR)(IPNumber.Buffer),TRUE,&terminator,&((SOCKADDR_IN*)&pModifiedLayerData->remoteAddressAndPort)->sin_addr);

ui16NewLocalPort = RtlUshortSwapBytes(ui16NewLocalPort);

ui16NewLocalPort = RtlUshortSwapBytes(ui16NewLocalPort);

((SOCKADDR_IN *)& pModifiedLayerData-> remoteAddressAndPort) - > sin_port = ui16NewLocalPort;

    pModifiedLayerData-> localRedirectTargetPID = dwProcessID; //本地代理的PID为
    pModifiedLayerData-> localRedirectHandle = hRedirectHandle;

    FwpsApplyModifiedLayerData0(ui64ClassifyHandle,(PVOID)pModifiedLayerData, FWPS_CLASSIFY_FLAG_REAUTHORIZE_IF_MODIFIED_BY_OTHERS);
$
    FwpsRedirectHandleDestroy0(hRedirectHandle);

  }

   FwpsReleaseClassifyHandle0(ui64ClassifyHandle );;
 }

((SOCKADDR_IN*)&pModifiedLayerData->remoteAddressAndPort)->sin_port = ui16NewLocalPort;
   pModifiedLayerData->localRedirectTargetPID = dwProcessID; // local proxy's PID
   pModifiedLayerData->localRedirectHandle = hRedirectHandle;
   FwpsApplyModifiedLayerData0(ui64ClassifyHandle, (PVOID)pModifiedLayerData, FWPS_CLASSIFY_FLAG_REAUTHORIZE_IF_MODIFIED_BY_OTHERS);
   FwpsRedirectHandleDestroy0(hRedirectHandle);
  }
  FwpsReleaseClassifyHandle0( ui64ClassifyHandle );
 }

  return;

}

 return;
}

我的用户app使用端口27015创建套接字并在accept()中等待。重定向永远不会发生。

My user app creates socket with port 27015 and is waiting in accept(). The redirection never takes place.

我错过了什么?

在eventviewer日志中

in the eventviewer log is

Windows过滤平台已阻止连接。

The Windows Filtering Platform has blocked a connection.

应用程序信息:

 进程ID:   1164

 应用程序名称:  \ devvice \ drdiskvolume2 \windows \ system32 \svchost.exe

Application Information:
 Process ID:  1164
 Application Name: \device\harddiskvolume2\windows\system32\svchost.exe

网络信息:

 方向:   出境

 来源地址:   10.0.2.15

 来源端口:   57532

  ;目的地地址:  10.0.2.15

 目的地港口:   27015

 协议:   17

Network Information:
 Direction:  Outbound
 Source Address:  10.0.2.15
 Source Port:  57532
 Destination Address: 10.0.2.15
 Destination Port:  27015
 Protocol:  17

过滤信息:

 过滤器运行时ID:  0

 图层名称:   Connect

 图层运行时ID:  48

Filter Information:
 Filter Run-Time ID: 0
 Layer Name:  Connect
 Layer Run-Time ID: 48

推荐答案

希望这会有所帮助,


这篇关于WFP tcp重定向到用户应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-09 06:37
Powered by LMLPHP ©2025 ntstatus 0.038143