C++

Forum

 
FWPM_LAYER_INBOUND | OUTBOUND_IPPACKET_V4 capture all packet in WFP ?

headshot (23)
Hi guys
I have read http://msdn.microsoft.com/en-us/library/windows/desktop/aa366492%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff549939%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/ff546324%28v=VS.85%29.aspx
http://social.msdn.microsoft.com/Forums/en-US/wfp/thread/04b338c9-fb46-4bd0-9755-653c05ab4ebe
http://social.msdn.microsoft.com/Forums/en-US/wfp/thread/10c89f43-828b-4329-bd8a-e1289d5b1454
http://social.msdn.microsoft.com/Forums/en/wfp/thread/10c89f43-828b-4329-bd8a-e1289d5b1454

Appears in the WDK version 8.0, they have not found, so you can give me some hints to solve this problem.
More, as well as answers to people if you have questions about this

I try capture all packet . you can see and get me point the mistakes or lack , i need changed and addition


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
void Capture_Packet()
{
	UINT32                status          = NO_ERROR;
	UINT32    count_packet = 0;
	unsigned long     ip_src, ip_des;
	HANDLE                engineHandle    = 0;
	FWPM_FILTER           filter          = {0};
	FWPM_FILTER_CONDITION filterCondition = {0};

	status = FwpmEngineOpen(0,RPC_C_AUTHN_WINNT, 0,0,&engineHandle);

	if(status != NO_ERROR)
	{
		goto EXIT;
	}

	filter.displayData.name    = L"Capture packet";
	filter.layerKey			= FWPM_LAYER_INBOUND_IPPACKET_V4;
	//filter.layerKey			= FWPM_LAYER_OUTBOUND_IPPACKET_V4;

	filter.action.type         = FWP_ACTION_PERMIT;
	filter.weight.type		= FWP_EMPTY;
	filter.filterCondition     = &filterCondition;
	filter.numFilterConditions = 0;   // 0 capture all packet  

	//filterCondition.fieldKey = FWPM_CONDITION_ALE_PROMISCUOUS_MODE;
	//filterCondition.conditionValue.type   = FWP_UINT32 ;
	//filterCondition.conditionValue.uint8 = ???

	status = FwpmFilterAdd(engineHandle,&filter,0,&(filter.filterId));

	if(status != NO_ERROR)
	{
		goto EXIT;
	}

	// in this case : network LAN using Proxy-Server or Web-Proxy 
	// filter engine at Server ( LAN++++++Server++++++Internet )
	//capture all packet in LAN before the packet processing and forwarding to Proxy.
	for (UINT32 i=0 ; i < count_packet ; i++)
	{
		//	printf("Packet : %d  from IP source : %s  to IP destination : %s    \n" ,i, inet_toa(ip_src) ????,inet_toa(ip_des) ????);
	}


EXIT:
	//FwpmFilterDeleteById(engineHandle,filter.filterId);
	FwpmEngineClose(engineHandle);
}

But it`s not working .
Thank you so much.
Topic archived. No new replies allowed.