In intercepting IP header of data packet header

Typedef struct _IP_HEADER
{
Char cVersionAndHeaderLen;//version information (4), head length (4) after
Char cTypeOfService;//service type 8
Short sTotalLenOfPacket;//packet length
Short sPacketID;//packet marking
Short sSliceinfo;//shard use
Char cTTL;//survival time
Char Protocol;//protocol type
Short sCheckSum;//the checksum
Unsigned int uiSourIp;//source IP
Unsigned int uiDestIp;//destination IP
} __attribute__ ((the packed)) IP_HEADER, * PIP_HEADER;

This does not mean that number is the upper member of the Protocol Protocol type 17 6 TCP UDP why I print out here is full of 17? Package is based on the TCP and obviously a great god reply

CodePudding user response:

Sure is done with a TCP connection? Useless IP_HEADER, to study under

CodePudding user response:

reference 1st floor aabbabababaa response:

sure is done with a TCP connection? IP_HEADER doesn't work, to study under the

Is indeed a TCP package now more wide of the mark I user layer with the IP address of the LSP intercept to the kernel in the judgment, apart from a few IP right on all the rest and LSP in on some of the packages to 360
Want to give up,,,,

CodePudding user response:

Must first clear the NDIS driver here you specific refers to which level driver: NDIS protocol driver, the middle tier of the NDIS driver or NDIS miniport driver,
And then confirm your program under the premise of no problem, make sure that your driver to send and receive data has not been other filter drivers Attach or hooks directly on its modification, you can use the Device object a stack of view tool (such as the Device Tree, WinDBG) test,

CodePudding user response:

# define PROTOCOL_TCP 0 x06
# define PROTOCOL_UDP 0 x11

If (pIpHeader - & gt; Protocol=={PROTOCOL_TCP)
//TCP
}
Else if (pIpHeader - & gt; Protocol=={PROTOCOL_UDP)
//UDP
}