如何在传输层(TCP)修改/插入数据. [英] How to modify/insert data at transport layer (TCP).
问题描述
如果我在传输层(TCP)上拦截入站数据,然后再将其到达应用程序,然后更改数据,那么在将数据发送到应用程序之前我需要更新什么?
If I intercept inbound data at the transport layer (TCP), before it gets to it's application, then change the data, what do I need to update before sending the data to the Application?
尤其是:
- 由于有效载荷的大小现在不同,我是否需要更新TCP标头中的序列号?
- Do I need to update the sequence number in the TCP Header, since the payload is now of a different size?
-我是否需要重新计算TCP校验和,因为有效负载数据现在不同了,否则F FwpsInjectTransportReceiveAsync0 执行此操作吗?
- Do I need to recalculate the TCP checksum, since the payload data is now different, or will FwpsConstructIpHeaderForTransportPacket0 or FwpsInjectTransportReceiveAsync0 do this?
-自从我更改了有效负载,是否需要更改IP标头中的数据包大小?还是有办法 FwpsConstructIpHeaderForTransportPacket0 会执行此操作,例如 如果我更改了NetBuffer MDL大小,或以其他方式更改了?
- Since I've changed the payload, do I need to change the packet size in the IP header? Or is there a way that FwpsConstructIpHeaderForTransportPacket0 will do this, for example if I changed the NetBuffer MDL size, or some other way?
我已经尝试过进行NBL克隆并更改数据,我尝试从头开始分配NBL并完全构建TCP和IP标头 从入站数据包中获取并修改修改后的有效负载.到目前为止,我都无法被应用程序接受.
I've tried doing a NBL clone and changing the data, and I've tried allocating an NBL from scratch and completely building both the TCP and IP header from the Inbound packet with adjustments for the modified payload. So far I've not been able to get either to be accepted by the Application.
感谢您的帮助.
推荐答案
您应该在FWPM_LAYER_STREAM_V {4/6}上执行此操作.这样一来,您就可以仅对数据进行操作,而无需处理TCP标头中的ACK/SEQ/校验和.
You should be doing this at FWPM_LAYER_STREAM_V{4 / 6}. Doing so will let you operate solely on the data, and no need in mucking with the ACK / SEQ / checksum in the TCP Header.
不过,要回答您的问题,是的,您需要更新传输头并重新计算ACK/SEQ/和校验和.此外,您需要为同一连接保留每个数据包,以便调整其ACK/SEQ/校验和信息. 这就是为什么在流中轻松,高效地执行此操作的主要原因.
To answer your question though, yes you'd need to update the transport header and recalculate the ACK / SEQ / and checksum. In addition you'll need to hold up every packet for the same connection so you can tweak their ACK / SEQ / Checksum info. This is the major reason why doing this at stream is much easier and more efficient.
FwpsConstructIpHeaderForTransportPackets和FwpsInjectTransportReceiveAsync0都不会更新传输校验和.
Neither FwpsConstructIpHeaderForTransportPackets nor FwpsInjectTransportReceiveAsync0 will update the transport checksum.
希望这会有所帮助,
这篇关于如何在传输层(TCP)修改/插入数据.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
