Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:29

View unanswered posts | View active topics


Board index » aluigi.org » MyToolz

All times are UTC [ DST ]




Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 4 posts ] 
  Print view Previous topic | Next topic 
Author Message
astropirate
 Post subject: Proxocket blocking certain UDP packets
PostPosted: 08 Jan 2010 03:45 

Joined: 28 Jan 2009 03:30
Posts: 17
I am making a "mini firewall" and have am stuck at this point:

I have captured the packet via wireshark and have identified its "flag" being 0x04, 0x00, 0xff, 0xff, 0x00, 0x3d, 0x00, 0x00,
0x00, 0x00 in hex (Wiresharek generated the c array for this packet's data.). now i want block any packet that the application receives and it contains this data.

i just started and i tested it out it compiles fine but it does nothing :-(

p.s this is inside "myproxocket.c"


Code:

int __cdecl myrecv(SOCKET s, u_char *buf, int len, int flags) {

char actual[] = {
0x04, 0x00, 0xff, 0xff, 0x00, 0x3d, 0x00, 0x00,
0x00, 0x00};

    if(find_replace_string(buf, &len,actual, NULL)) {
        return(SOCKET_ERROR);
    }
return(len);
}



I do not see why it shouldn't work. I would greatly appreciate any pointers into the right direction.
Top
 Profile  
 
 
aluigi
 Post subject: Re: Proxocket blocking certain UDP packets
PostPosted: 09 Jan 2010 22:24 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
first you must be sure that it's an UDP packet because the tcp streams can't be handled easily due to nature of the TCP (what you receive is not what was sent in terms of size, that's the difference between streams and packets).

so if the connection is UDP then it's enough to do something like:
Code:
int __cdecl myrecvfrom(SOCKET s, u_char *buf, int len, int flags, struct sockaddr *from, int *fromlen) {
    static const char actual[] = { 0x04, 0x00, 0xff, 0xff, 0x00, 0x3d, 0x00, 0x00, 0x00, 0x00 };

    if((len >= sizeof(actual)-1) && !memcmp(buf, actual, sizeof(actual)-1)) {
        return(SOCKET_ERROR);
    }
    return(len);
}
Top
 Profile  
 
astropirate
 Post subject: Re: Proxocket blocking certain UDP packets
PostPosted: 09 Jan 2010 23:21 

Joined: 28 Jan 2009 03:30
Posts: 17
from your code it checks to see if that static const char actual[] is the whole data in the udp packet, what i was trying to do is check if the packet contains that data then block it. not if they are equal.
Top
 Profile  
 
aluigi
 Post subject: Re: Proxocket blocking certain UDP packets
PostPosted: 09 Jan 2010 23:59 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
ah ok, if you need to search in the packet your previous idea was ok.
you need only place it in myrecvfrom and not myrecv and replace the old find_replace_string with the one pasted in this post because your string contains 0x00 bytes inside it:

http://www.aluigi.freeforums.org/post6472.html#p6472
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 4 posts ] 

Board index » aluigi.org » MyToolz

All times are UTC [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron