Hi
I have tried to use theses iphlpapi.dll apis to make a TCP filter.
I have a some strange result.
In summary it must work with :
pfCreateInterface .....
pfAddFiltersToInterface....
pfBindInterfaceToIPAddress...
my filter :
mov ipFlt.dwFilterFlags,FD_FLAGS_NOSYN
mov ipFlt.dwRule,0
mov ipFlt.pfatType,PF_IPV4
mov ipFlt.dwProtocol,FILTER_PROTO_TCP
mov ipFlt.fLateBound,0
mov ipFlt.wSrcPort,FILTER_TCPUDP_PORT_ANY
mov ipFlt.wDstPort,80
push ipFlt.wSrcPort
pop ipFlt.wSrcPortHighRange
push ipFlt.wDstPort
pop ipFlt.wDstPortHighRange
mov ipFlt.SrcAddr,offset IP
mov ipFlt.SrcMask,offset pmask ;FFFFFFFF
mov ipFlt.DstAddr,offset localIP
mov ipFlt.DstMask,offset pmask
I would like to filter 'IP' port 80 access.
Is there someone who have successfully used filter ?
Regards
SV
I have tried to use theses iphlpapi.dll apis to make a TCP filter.
I have a some strange result.
In summary it must work with :
pfCreateInterface .....
pfAddFiltersToInterface....
pfBindInterfaceToIPAddress...
my filter :
mov ipFlt.dwFilterFlags,FD_FLAGS_NOSYN
mov ipFlt.dwRule,0
mov ipFlt.pfatType,PF_IPV4
mov ipFlt.dwProtocol,FILTER_PROTO_TCP
mov ipFlt.fLateBound,0
mov ipFlt.wSrcPort,FILTER_TCPUDP_PORT_ANY
mov ipFlt.wDstPort,80
push ipFlt.wSrcPort
pop ipFlt.wSrcPortHighRange
push ipFlt.wDstPort
pop ipFlt.wDstPortHighRange
mov ipFlt.SrcAddr,offset IP
mov ipFlt.SrcMask,offset pmask ;FFFFFFFF
mov ipFlt.DstAddr,offset localIP
mov ipFlt.DstMask,offset pmask
I would like to filter 'IP' port 80 access.
Is there someone who have successfully used filter ?
Regards
SV
Shouldn't the port be in network byte order?
Thomas
p.s. might be a stupid question but you do have .NET/2000 Server?
Thomas
p.s. might be a stupid question but you do have .NET/2000 Server?
Hi thomas
Thanks for your reply.
I have tried reverse order with no success :(
'en plus' when i add the filter, DNS requests are dead !!! even after removefilter,unbind and delete interface.
I haven't .NET/2000 Server
Regards
SV
Thanks for your reply.
I have tried reverse order with no success :(
'en plus' when i add the filter, DNS requests are dead !!! even after removefilter,unbind and delete interface.
I haven't .NET/2000 Server
Regards
SV
PfAddFiltersToInterface:
Requirements
Server: Included in Windows .NET Server 2003, Windows 2000 Server.
Header: Declared in Fltdefs.h.
Library: Use Iphlpapi.lib.
Thomas
Requirements
Server: Included in Windows .NET Server 2003, Windows 2000 Server.
Header: Declared in Fltdefs.h.
Library: Use Iphlpapi.lib.
Thomas
Despite the documentation, it does work in win2k professional (and presumably winxp home/pro) according to the Windows Developers Journal; there was an article on this some time ago with source code.
James.
James.
Despite the documentation, it does work in win2k professional (and presumably winxp home/pro) according to the Windows Developers Journal; there was an article on this some time ago with source code.
Hrm, I dunno if there's any official information as to where SOCK_RAW is available. I think it's provider specific,
Support for sockets with type SOCK_RAW is not required, but service providers are encouraged to support raw sockets whenever possible.
The most reference to OS version I've been able to find is NT/Windows 2000. Never seen it work on 9x. Iirc it works fine on my wink professional, and perhaps also on NT4? You should definitely catch errors creating the socket, and you might want to do WSAEnumProtocols too.
Support for sockets with type SOCK_RAW is not required, but service providers are encouraged to support raw sockets whenever possible.
The most reference to OS version I've been able to find is NT/Windows 2000. Never seen it work on 9x. Iirc it works fine on my wink professional, and perhaps also on NT4? You should definitely catch errors creating the socket, and you might want to do WSAEnumProtocols too.