private static void DumpStaticFilters(NdisApiDotNet ndisapi)
{
// Query current filters and print the stats
var currentFilters = ndisapi.GetPacketFilterTable();
if (currentFilters.Item1)
{
if (currentFilters.Item2.Count > 0)
{
Console.WriteLine($"{currentFilters.Item2.Count} static filters were loaded into the driver:");
Console.WriteLine();
foreach (var filter in currentFilters.Item2)
{
Console.WriteLine(filter);
Console.WriteLine();
}
}
else
{
Console.WriteLine("No static filters were loaded into the driver");
}
}
else
{
Console.WriteLine("Failed to query filters stats from the driver");
}
}
static void Main(string[] args)
{
NdisApiDotNet ndisapi = new NdisApiDotNet(null);
Console.ResetColor();
Console.CancelKeyPress += HandleCancelKeyPress;
if (!ndisapi.IsDriverLoaded())
{
Console.WriteLine("WinpkFilter driver is not loaded. Exiting.");
return;
}
var vpnAdapter = NetworkAdapterHelper.GetVpnAdapter(ndisapi);
var normalAdapter = NetworkAdapterHelper.GetNormalAdapter(ndisapi);
var tableList = IpHelperWrapper.GetTcpConnections("firefox");
foreach (var line in tableList)
{
Console.WriteLine($"Source: {line.Local.Address} Port: {line.Local.Port} -> Destination: {line.Remote.Address} Port: {line.Remote.Port}");
}
Console.ReadLine();
LoadOutFilter(vpnAdapter.Handle, tableList);
LoadInFilter(normalAdapter.Handle, tableList);
LoadFilterEverythingElseFilter(vpnAdapter.Handle);
LoadFilterEverythingElseFilter(normalAdapter.Handle);
var loaded = ndisapi.SetPacketFilterTable(filterList);
outWorker.DoWork += (s, e) => { TreatOUTPacketsVPNtoNormal(ndisapi, vpnAdapter, normalAdapter); };
inWorker.DoWork += (s, e) => { TreatINPacketsNormaltoVPN(ndisapi, normalAdapter, vpnAdapter); };
Console.WriteLine("-- Filtering started");
outWorker.RunWorkerAsync();
inWorker.RunWorkerAsync();
Console.ReadLine();
Console.WriteLine("-- Filtering stopped");
DumpStaticFilters(ndisapi);
Console.WriteLine("Stopped!");
Console.ReadLine();
}
public static NetworkAdapter GetNormalAdapter(NdisApiDotNet ndisapi)
{
var adapterList = ndisapi.GetTcpipBoundAdaptersInfo();
foreach (var adapter in adapterList.Item2)
{
if (adapter.Name.Contains("{BEC37E55-8901-46E8-BF94-5A30879F30AF}", StringComparison.InvariantCultureIgnoreCase))
{
return(adapter);
}
}
return(null);
}
public static NetworkAdapter GetVpnAdapter(NdisApiDotNet ndisapi)
{
var adapterList = ndisapi.GetTcpipBoundAdaptersInfo();
foreach (var adapter in adapterList.Item2)
{
if (adapter.Name.Contains("{45518F1E-1644-4CE0-8267-D4FC37690B17}", StringComparison.InvariantCultureIgnoreCase))
{
return(adapter);
}
}
return(null);
}
public static NetworkAdapter GetAdapterById(NdisApiDotNet ndisapi, string id)
{
var adapterList = ndisapi.GetTcpipBoundAdaptersInfo();
foreach (var adapter in adapterList.Item2)
{
if (adapter.Name.Contains(id, StringComparison.InvariantCultureIgnoreCase))
{
return(adapter);
}
}
return(null);
}
// LISTENS TO VPN ADAPTER AND SENDS THE SPECIFIC PACKETS OUT THE NORMAL ADAPTER
private static void TreatOUTPacketsVPNtoNormal(NdisApiDotNet outNdisapi, NetworkAdapter vpnAdapter, NetworkAdapter normalAdapter)
{
// Lists for re-injecting packets
List <RawPacket> toAdapter = new List <RawPacket>();
List <RawPacket> toMstcp = new List <RawPacket>();
// Unmanaged memory resource for sending receiving bulk of packets
// Maximum number of packets to send/receive = 64
NdisBufferResource buffer = new NdisBufferResource(64);
outNdisapi.SetAdapterMode(vpnAdapter.Handle, MSTCP_FLAGS.MSTCP_FLAG_TUNNEL);
outNdisapi.SetPacketEvent(vpnAdapter.Handle, outPacketEvent);
do
{
outPacketEvent.WaitOne();
var packetList = outNdisapi.ReadPackets(vpnAdapter.Handle, buffer);
while (packetList.Item1)
{
foreach (var packet in packetList.Item2)
{
Packet p = null;
EthernetPacket ethernetPacket = null;
TcpPacket tcpPacket = null;
IPv4Packet ipv4Packet = null;
ushort sport = 0;
ushort dport = 0;
try {
p = Packet.ParsePacket(LinkLayers.Ethernet, packet.Data);
ethernetPacket = (EthernetPacket)p;
tcpPacket = (TcpPacket)((IPPacket)((EthernetPacket)p).PayloadPacket).PayloadPacket;
ipv4Packet = (IPv4Packet)((EthernetPacket)p).PayloadPacket;
sport = tcpPacket.SourcePort;
dport = tcpPacket.DestinationPort;
} catch (Exception ex) {
if (packet.DeviceFlags == PACKET_FLAG.PACKET_FLAG_ON_RECEIVE)
{
toMstcp.Add(packet);
}
else
{
toAdapter.Add(packet);
}
Console.WriteLine($"An exeption {ex.Message} occured while trying to parse network packet. Packet will be let thru without any changes");
continue;
}
DumpSourceChangingFilteredPacket(packet.DeviceFlags,
ipv4Packet.SourceAddress.ToString(),
sport.ToString(),
ipv4Packet.DestinationAddress.ToString(),
dport.ToString(),
p.Bytes.Length,
packet.DeviceFlags == PACKET_FLAG.PACKET_FLAG_ON_RECEIVE);
if (packet.DeviceFlags == PACKET_FLAG.PACKET_FLAG_ON_RECEIVE)
{
// Packet was received on VPN adapter, leave it as it is
toMstcp.Add(packet);
}
else
{
if (ipv4Packet.SourceAddress.Equals(vpnIP))
{
// Change the Source for outgoing packets that will later be sent thru normal adapter
ipv4Packet.SourceAddress = localIp;
ethernetPacket.SourceHardwareAddress = localMacAddress;
ipv4Packet.UpdateIPChecksum();
tcpPacket.UpdateTcpChecksum();
ethernetPacket.UpdateCalculatedValues();
var newPackage = new RawPacket()
{
Data = p.Bytes,
FilterId = packet.FilterId,
Dot1q = packet.Dot1q,
NdisFlags = packet.NdisFlags,
DeviceFlags = packet.DeviceFlags
};
toAdapter.Add(newPackage);
}
else
{
toAdapter.Add(packet);
}
}
}
if (toMstcp.Count > 0)
{
// If we have packets to forward upwards the network stack then do it here
// RECEIVED SHOULD BE TREATED BY VPN ADAPTER
outNdisapi.SendPacketsToMstcp(vpnAdapter.Handle, buffer, toMstcp);
toMstcp.Clear();
}
if (toAdapter.Count > 0)
{
// If we have packets to forward downwards the network stack then do it here
// SENT SHOULD BE TREATED BY NORMAL ADAPTER
outNdisapi.SendPacketsToAdapter(normalAdapter.Handle, buffer, toAdapter);
toAdapter.Clear();
}
packetList = outNdisapi.ReadPackets(vpnAdapter.Handle, buffer);
}
;
outPacketEvent.Reset();
} while (!stopCapturing);
//
// Release driver and associated resources
//
buffer.Dispose();
outNdisapi.SetPacketEvent(vpnAdapter.Handle, null);
outNdisapi.SetAdapterMode(vpnAdapter.Handle, 0);
}
static void Main(string[] args)
{
NdisApiDotNet ndisapi = new NdisApiDotNet(null);
Console.ResetColor();
Console.CancelKeyPress += HandleCancelKeyPress;
if (!ndisapi.IsDriverLoaded())
{
Console.WriteLine("WinpkFilter driver is not loaded. Exiting.");
return;
}
var vpnAdapter = NetworkAdapterHelper.GetAdapterById(ndisapi, vpnAdapterID);
vpnIP = NetworkAdapterHelper.GetAdapterLocalIP(vpnAdapterID);
vpnMacAddress = NetworkAdapterHelper.GetAdapterPhisicalAddress(vpnAdapterID);
var normalAdapter = NetworkAdapterHelper.GetAdapterById(ndisapi, normalAdapterID);
localIp = NetworkAdapterHelper.GetAdapterLocalIP(normalAdapterID);
localMacAddress = NetworkAdapterHelper.GetAdapterPhisicalAddress(normalAdapterID);
Console.WriteLine($"======================================================================================");
Console.WriteLine($"Found Ethernet Adapter MAC: {localMacAddress} IP: {localIp}");
Console.WriteLine($"Found VPN Adapter MAC: {vpnMacAddress} IP: {vpnIP}");
Console.WriteLine($"======================================================================================");
if (vpnIP == null)
{
throw new Exception("VPN not connected");
}
var tableList = IpHelperWrapper.GetTcpConnections("firefox");
Console.WriteLine();
Console.WriteLine($"==============================FireFox sockets=========================================");
Console.WriteLine($"======================================================================================");
foreach (var line in tableList)
{
Console.WriteLine($"Source: {line.Local.Address} Port: {line.Local.Port} -> Destination: {line.Remote.Address} Port: {line.Remote.Port}");
}
Console.WriteLine($"======================================================================================");
Console.ReadLine();
LoadOutFilter(vpnAdapter.Handle, tableList);
LoadInFilter(normalAdapter.Handle, tableList);
//LoadTESTInFilter(normalAdapter.Handle, tableList);
//LoadTESTOutFilter(normalAdapter.Handle, tableList);
//LoadTESTInFilter(vpnAdapter.Handle, tableList);
LoadFilterEverythingElseFilter(vpnAdapter.Handle);
LoadFilterEverythingElseFilter(normalAdapter.Handle);
var loaded = ndisapi.SetPacketFilterTable(filterList);
outWorker.DoWork += (s, e) => { TreatOUTPacketsVPNtoNormal(ndisapi, vpnAdapter, normalAdapter); };
inWorker.DoWork += (s, e) => { TreatINPacketsNormaltoVPN(ndisapi, normalAdapter, vpnAdapter); };
Console.WriteLine("-- Filtering started");
outWorker.RunWorkerAsync();
inWorker.RunWorkerAsync();
Console.ReadLine();
Console.WriteLine("-- Filtering stopped");
DumpStaticFilters(ndisapi);
Console.WriteLine("Stopped!");
Console.ReadLine();
}
public static NetworkAdapter GetAdapter(NdisApiDotNet ndisapi)
{
var adapterList = ndisapi.GetTcpipBoundAdaptersInfo();
if (!adapterList.Item1)
{
Console.WriteLine("WinpkFilter failed to query active interfaces. Exiting.");
return(null);
}
if (adapterList.Item2.Count > 0)
{
Console.WriteLine("Available network interfaces: ");
}
Console.WriteLine();
int counter = 0;
foreach (var adapter in adapterList.Item2)
{
Console.WriteLine($"{++counter}) {adapter.FriendlyName}");
Console.WriteLine($"\t Internal name: {adapter.Name}");
Console.WriteLine($"\t Handle: {adapter.Handle.ToString("x")}");
Console.WriteLine($"\t MAC: {adapter.CurrentAddress}");
Console.WriteLine($"\t Medium: {adapter.Medium}");
Console.WriteLine($"\t MTU: {adapter.Mtu}");
if (adapter.Medium == NDIS_MEDIUM.NdisMediumWan)
{
var rasLinkInfoList = ndisapi.GetRasLinks(adapter.Handle);
if (rasLinkInfoList.Item1 && (rasLinkInfoList.Item2.Count > 0))
{
foreach (var e in rasLinkInfoList.Item2)
{
Console.WriteLine($"----------------------------------------------------------------");
Console.WriteLine($"\t\tLinkSpeed = {e.LinkSpeed}");
Console.WriteLine($"\t\tMTU: {e.MaximumTotalSize}");
Console.WriteLine($"\t\tLocalAddress: {e.LocalAddress}");
Console.WriteLine($"\t\tRemoteAddress: {e.RemoteAddress}");
Byte[] ipAddress = new Byte[4];
Array.Copy(e.ProtocolBuffer, 584, ipAddress, 0, 4);
IPAddress ipV4 = new IPAddress(ipAddress);
Array.Copy(e.ProtocolBuffer, 588, ipAddress, 0, 4);
IPAddress ipMaskV4 = new IPAddress(ipAddress);
Console.WriteLine($"\t\tIPv4: {ipV4} Mask: {ipMaskV4}");
Console.WriteLine($"----------------------------------------------------------------");
}
}
}
Console.WriteLine();
}
Console.Write("Select network interface: ");
int index = Convert.ToInt32(Console.ReadLine());
if (index > adapterList.Item2.Count)
{
Console.WriteLine($"Wrong interface index {index}");
return(null);
}
return(adapterList.Item2[index - 1]);
}
