I'm writing a NDIS filter driver for windows. Now I face a problem.
I'm going to redirect TCP packets to a TCP server on the current PC which the NDIS filter driver installs on. For example, the IP address of the current PC is 192.168.1.1 and there is a TCP server on it which is listening port 8000.
A user enters a URL: http://192.168.1.10/xxxx in the IE browser and my NDIS filter driver can absolutely see the TCP SYN packet. I modify the destination IP address of the packet to 192.168.1.1 and the destination port to 8000, because I'm expecting the packet can be redirected to the local TCP server.
Then I use NdisFIndicateReceiveNetBufferLists() to to inject the NBL into the receiving path instead of sending it to the underlying miniport driver.
However, it seems that the local TCP server can never get the redirected SYN packet. I don't know where the thing is going wrong. Would anyone help me or give me some advice?
Thank you very much!
In general, you can't take an NBL from one path (the transmit path) and just drop it into another path (the receive path). You'd need to clone the NBL and indicate the clone. Also, you'll have to edit the IP and TCP headers to fix the checksums.
But before you go down that route -- be advised that a WFP callout is a more appropriate type of driver for this project. WFP callouts are designed to operate at Layer 3 and Layer 4 of the network stack, while NDIS operates at Layer 2.