• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 444
  • Last Modified:

creating firewall hooks

Hi all,

I am interested in creating a simple packet interception program that intercepts, examines and drops packets if needed. I have looked at the code project : how to implement a firewall-hook driver but am still confused, would anyone be able to tell me how i would be able to do this? I would only need to know how to intercept packets. I would not need a gui, commandline would be fine. Thank you in advanced.
0
namsu55
Asked:
namsu55
  • 2
  • 2
1 Solution
 
jkrCommented:
If you are referring to http://www.codeproject.com/KB/IP/FwHookDrv.aspx ("An Adventure: How to implement a Firewall-Hook Driver?") - you can use the code there "as is" or study and alter it. The GUI is only used to give the user some insight on what is happening. If a command line app is OK for you, you could check out the source code of the GUI app, find the places where it talks to the driver using 'DeviceIoControl()' and implement what you need in a console application.
0
 
Kamran ArshadCommented:
Hi,

Download the iptables source. It has all the code in C++;

http://www.netfilter.org/projects/iptables/index.html
0
 
namsu55Author Commented:
Hi jkr,
i have tried to understand the "An adventure:How to implement a Firewall-Hook Driver?" already but i am not that good with c++ and could not locate where the hook and interception is taking place. All i need is to intercept packets.

Uetian1707, are iptables not for linux? i am trying to do this under windows, would this still work?

Thank you.
0
 
jkrCommented:
The hook is located in FwHookDrv.c inside http://www.codeproject.com/KB/IP/FwHookDrv/FwHookDrv_src.zip - it basically examines the incoming packets based on the filter rules that were installed earlier. It is installed by sending an IOCTL_IP_SET_FIREWALL_HOOK request to the IP driver. The actual code is
FORWARD_ACTION FilterPacket(unsigned char *PacketHeader,
							unsigned char *Packet, 
							unsigned int PacketLength, 
							DIRECTION_E direction, 
							unsigned int RecvInterfaceIndex, 
							unsigned int SendInterfaceIndex)
{
	IPHeader *ipp;
	TCPHeader *tcph;
	UDPHeader *udph;
	ICMPHeader *icmph;
 
	int countRule = 0;
 
	struct filterList *aux = first;
 
	BOOLEAN retTraffic;
 
	// Extract Ip header.
	ipp=(IPHeader *)PacketHeader;
 
		
	if(ipp->protocol == IPPROTO_ICMP)
	{
		icmph = (ICMPHeader *) Packet;
	}
 
 
	if(ipp->protocol == IPPROTO_TCP)
		tcph=(TCPHeader *)Packet; 
 
	
	// Compare each packet with filter rules
	while(aux != NULL)
	{
		if(aux->ipf.protocol == 0 || ipp->protocol == aux->ipf.protocol)
		{
			retTraffic = FALSE;
 
			if(aux->ipf.sourceIp != 0 && (ipp->source & aux->ipf.sourceMask) != aux->ipf.sourceIp)
			{
				// For tcp packets of accepted conexions, pass packets in both directions.
				if(ipp->protocol == IPPROTO_TCP)
				{	
					// TCP rules!
					if(((tcph->flags & TH_SYN) != TH_SYN) || ((tcph->flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)))
					{
						if((ipp->destination & aux->ipf.sourceMask) == aux->ipf.sourceIp)
						{
							retTraffic = TRUE;
						}
					}
				}
 
				if(retTraffic != TRUE)
				{
					aux=aux->next;
				
					countRule++;
					continue;
				}
			}
									
			
			if(!retTraffic)
			{
				if(aux->ipf.destinationIp != 0 && (ipp->destination & aux->ipf.destinationMask) != aux->ipf.destinationIp)
				{
					aux=aux->next;
 
					countRule++;
					continue;
				}
			}
 
			else
			{
				if(aux->ipf.destinationIp != 0 && (ipp->source & aux->ipf.destinationMask) != aux->ipf.destinationIp)
				{
					aux=aux->next;
 
					countRule++;
					continue;
				}
			}	
			
			if(ipp->protocol == IPPROTO_TCP) 
			{
				if(!retTraffic)
				{
					if(aux->ipf.sourcePort == 0 || tcph->sourcePort == aux->ipf.sourcePort)
					{ 
						if(aux->ipf.destinationPort == 0 || tcph->destinationPort == aux->ipf.destinationPort) 
						{
							if(aux->ipf.drop)
									 return  DROP;
								else
									return FORWARD;
						}
					}
				}
 
				else
				{
					if(aux->ipf.sourcePort == 0 || tcph->destinationPort == aux->ipf.sourcePort)
					{ 
						if(aux->ipf.destinationPort == 0 || tcph->sourcePort == aux->ipf.destinationPort) 
						{
							if(aux->ipf.drop)
									 return  DROP;
								else
									return FORWARD;
						}
					}
				}
 
			}
				
			//Si es un datagrama UDP, miro los puertos
			else if(ipp->protocol == IPPROTO_UDP) 
			{
				udph=(UDPHeader *)Packet; 
 
				if(aux->ipf.sourcePort == 0 || udph->sourcePort == aux->ipf.sourcePort) 
				{ 
					if(aux->ipf.destinationPort == 0 || udph->destinationPort == aux->ipf.destinationPort) 
					{
						// Coincidencia!! Decido que hacer con el paquete.
						if(aux->ipf.drop)
							return  DROP;
						
						else
							return FORWARD;
					}
				}
			}	
			
			else
			{
				// return result
				if(aux->ipf.drop)
					return  DROP;
				else
					return FORWARD;
			}	
		}
		
		// Next rule...
		countRule++;
		aux=aux->next;
	}
 
 
	return FORWARD;
}

Open in new window

0
 
Kamran ArshadCommented:
Yes they are for Linux but you can read the code and get the basic idea then you can implement it in windows.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now