search

basil00 / WinDivert

WinDivert: Windows Packet Divert
https://reqrypt.org/windivert.html
Other
2.54k stars 508 forks source link

How to obtain subinterface index? #275

Closed T-640 closed 3 years ago

T-640 commented 3 years ago

The documentation tells to consult the IP Helper API to get the interface and subinterface indexes. This is definitely true for the interface index, even multiple ways to do that. As for the subinterface index, I am not so sure. It would seem there is not a single function there that is supposed to deliver it. Subinterface is barely mentioned in the Microsoft documentation, there are some enumerations and functions that take this index as an input argument, and most are related to Windows Filtering Platform drivers anyway, not the IP Helper API, and that’s pretty much all there is. Is it even supposed to be obtained via the user mode API?

I realise that WinDivertRecv delivers it when some packet arrives, but I need to work without its assistance.

basil00 commented 3 years ago

WinDivert passes the sub-interface index because it is required by the underlying WFP functions, but I am not sure how/where to get it. This question is probably best asked to a Windows programming forum rather than here.

T-640 commented 3 years ago

It has been awhile now since I had asked about this on Windows forum and StackOverflow, no answer. It appears that whatever this subinterface index is, it belongs to Windows Filtering Platform exclusively. Considering that it is mostly kernel mode API, I am out of options for my user mode code.

Getting it from WindivertRecv() call helps only if the task is to modify an existing packet. But construction of a completely new packet becomes extremely difficult and unreliable.

Is there anything you can do from your side? Like adding something similar to this:

DWORD GetSubInterfaceIndex (DWORD interface_index);
DWORD GetSubInterfaceIndex (char* ip_address);
basil00 commented 3 years ago

I assume this is the thread: https://docs.microsoft.com/en-us/answers/questions/517816/how-to-obtain-network-sub-inteface-index-via-user.html

So even Microsoft do not know how to get the subinterface index from user-mode.

Is there anything you can do from your side?

As the thread says, you get the subinterface index from the captured packet, which is what WinDivert already does.

T-640 commented 3 years ago

As the thread says, you get the subinterface index from the captured packet, which is what WinDivert already does.

I am aware of that. What if there is no captured packet to use, what if I need to “manually” create a completely new packet, without that call to WinDivertRecv? I do not have this index in this case. The only “solution” would be to sniff random packets, hoping to find the right combination of subinterface index + IP address, which is far from being elegant. I was hoping there would be a straightforward way to do this, like it was in WinPcap, for example.

I barely know WFP, that is why I am asking: perhaps there is some other WFP function, some other WFP API to obtain these subinterfaces without having to sniff packets, a call to which you could add to WinDivert’s driver and pass to DLL for the user mode code to take advantage of. Something that could be called like “EnumSubInterfaces” perhaps, if there was such thing (like EnumProcesses in PSAPI, for example).