Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Packet manipulation with WinDivert #289

Closed
alexalok opened this issue Jun 19, 2021 · 3 comments
Closed

Packet manipulation with WinDivert #289

alexalok opened this issue Jun 19, 2021 · 3 comments

Comments

@alexalok
Copy link

Hi!

I have tried to come up with a simple example of packet manipulation using WinDivert but failed miserably. At last I've noticed that during device opening there's a special flag being passed:
https://github.com/chmorgan/sharppcap/blob/774b7f03ded1abd2845ab09641faca1052b9b369/SharpPcap/WinDivert/WinDivertDevice.cs#L250

which is, according to the WinDivert source, is

#define WINDIVERT_FLAG_SNIFF            0x0001

This flag, according to WinDivert documentation,

... opens the WinDivert handle in packet sniffing mode. In packet sniffing mode the original packet is not dropped-and-diverted (the default) but copied-and-diverted. This mode is useful for implementing packet sniffing tools similar to those applications that currently use Winpcap.

So I wonder whether this is a deliberate limitation of SharpPcap or has it just not been implemented yet. If the latter is the case, I'd be happy to work on an implementation.

@kayoub5
Copy link
Collaborator

kayoub5 commented Jun 19, 2021

the value WINDIVERT_FLAG_SNIFF was chosen as default to have a simular behavior to winpcap (original driver of sharppcap)

other values for the flags could be used as well.

When you said that you failed, what kind of error did you run into?

@alexalok
Copy link
Author

alexalok commented Jun 19, 2021

Thank you for your answer. Actually looks like I've found out the culprit of the issue. I was following these instructions which include setting WINDIVERT_FLAG_DROP flag.

The docs, however, state the following:

This flag indicates that the user application does not intend to read matching packets with WinDivertRecv(), instead the packets should be silently dropped. This is useful for implementing simple packet filters using the WinDivert filter language.

WinDivertRecv() should not be used on any WinDivert handle created with the WINDIVERT_FLAG_DROP set.

I unset all flags and now everything works as a charm.

UDP: sorry, forgot to answer on what the actual error was. There was no error, just OnPacketArrival never invoked.

@alexalok
Copy link
Author

Looks like WINDIVERT_FLAG_DROP in 1.x versions of WinDivert has a different behavior and indeed dropped the packet but also sent it to WinDivertRecv. In 2.x the this behavior is now by-default and WINDIVERT_FLAG_DROP just prevents packets from going into WinDivertRecv.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants