Dear gurus, dear Krishnaa

I wrote a LSP dll , and installed it correctly.
It's the code:

#define UNICODE
#define _UNICODE

#include <ws2spi.h>
#include <tchar.h>
#include <fstream.h>

GUID filterguid={0x4d1e91fd,0x116a,0x44aa,{0x8f,0xd4,0x1d,0x2c,0xf2,0x7b,0xd9,0xa9}};

LPWSAPROTOCOL_INFOW protoinfo=NULL;
WSPPROC_TABLE nextproctable;
DWORD protoinfosize=0;
int totalprotos=0;
TCHAR processname[MAX_PATH];
TCHAR showmessage[MAX_PATH+25];


BOOL getfilter()
{
int errorcode;

protoinfo=NULL;
protoinfosize=0;
totalprotos=0;

if(WSCEnumProtocols(NULL,protoinfo,&protoinfosize,&errorcode)==SOCKET_ERROR)
{
if(errorcode!=WSAENOBUFS)
{
OutputDebugString(_T("First WSCEnumProtocols Error!"));
return FALSE;
}
}

if((protoinfo=(LPWSAPROTOCOL_INFOW)GlobalAlloc(GPTR,protoinfosize))==NULL)
{
OutputDebugString(_T("GlobalAlloc Error!"));
return FALSE;
}

if((totalprotos=WSCEnumProtocols(NULL,protoinfo,&protoinfosize,&errorcode))==SOCKET_ERROR)
{
OutputDebugString(_T("Second WSCEnumProtocols Error!"));
return FALSE;
}

return TRUE;
}

void freefilter()
{
GlobalFree(protoinfo);
}

BOOL WINAPI DllMain(HINSTANCE hmodule,
DWORD reason,
LPVOID lpreserved)
{

if(reason==DLL_PROCESS_ATTACH)
{
GetModuleFileName(NULL,processname,MAX_PATH);
_tcscpy(showmessage,processname);
_tcscat(showmessage,_T(" Loading IPFilter ..."));
OutputDebugString(showmessage);
}
return TRUE;
}

int WSPAPI WSPSendTo(SOCKET s,
LPWSABUF lpbuffer,
DWORD dwbuffercount,
LPDWORD lpnumberofbytessent,
DWORD dwflags,
const struct sockaddr FAR *lpto,
int itolen,
LPWSAOVERLAPPED lpoverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpcompletionroutine,
LPWSATHREADID lpthreadid,
LPINT lperrno)
{
OutputDebugString(_T("SendTo..."));
struct sockaddr_in sin;
sin=*(const struct sockaddr_in *)lpto;
return 0;

if(sin.sin_port==htons(8000))
{
OutputDebugString(_T("WSPSendTo Tencent Filtered"));
return 0;
}
else
{
return nextproctable.lpWSPSendTo(s,lpbuffer,dwbuffercount,
lpnumberofbytessent,dwflags,lpto,itolen,
lpoverlapped,lpcompletionroutine,lpthreadid,lperrno);
}
}

int WSPAPI WSPStartup(
WORD wversionrequested,
LPWSPDATA lpwspdata,
LPWSAPROTOCOL_INFOW lpprotoinfo,
WSPUPCALLTABLE upcalltable,
LPWSPPROC_TABLE lpproctable
)
{
OutputDebugString(_T("IPFilter WSPStartup ..."));
int i;
int errorcode;
int filterpathlen;
DWORD layerid=0;
DWORD nextlayerid=0;
TCHAR *filterpath;
HINSTANCE hfilter;
LPWSPSTARTUP wspstartupfunc=NULL;

if(lpprotoinfo->ProtocolChain.ChainLen<=1)
{
OutputDebugString(_T("ChainLen<=1"));
return FALSE;
}

getfilter();

for(i=0;i<totalprotos;i++)
{
if(memcmp(&protoinfo[i].ProviderId,&filterguid,sizeof(GUID))==0)
{
layerid=protoinfo[i].dwCatalogEntryId;
break;
}
}

for(i=0;i<lpprotoinfo->ProtocolChain.ChainLen;i++)
{
if(lpprotoinfo->ProtocolChain.ChainEntries[i]==layerid)
{
nextlayerid=lpprotoinfo->ProtocolChain.ChainEntries[i+1];
break;
}
}

filterpathlen=MAX_PATH;
filterpath=(TCHAR*)GlobalAlloc(GPTR,filterpathlen);
for(i=0;i<totalprotos;i++)
{
if(nextlayerid==protoinfo[i].dwCatalogEntryId)
{
if(WSCGetProviderPath(&protoinfo[i].ProviderId,filterpath,&filterpathlen,&errorcode)==SOCKET_ERROR)
{
OutputDebugString(_T("WSCGetProviderPath Error!"));
return WSAEPROVIDERFAILEDINIT;
}
break;
}
}

if(!ExpandEnvironmentStrings(filterpath,filterpath,MAX_PATH))
{
OutputDebugString(_T("ExpandEnvironmentStrings Error!"));
return WSAEPROVIDERFAILEDINIT;
}

if((hfilter=LoadLibrary(filterpath))==NULL)
{
OutputDebugString(_T("LoadLibrary Error!"));
return WSAEPROVIDERFAILEDINIT;
}

if((wspstartupfunc=(LPWSPSTARTUP)GetProcAddress(hfilter,"WSPStartup"))==NULL)
{
OutputDebugString(_T("GetProcessAddress Error!"));
return WSAEPROVIDERFAILEDINIT;
}

if((errorcode=wspstartupfunc(wversionrequested,lpwspdata,lpprotoinfo,upcalltable,lpproctable))!=ERROR_SUCCESS)
{
OutputDebugString(_T("wspstartupfunc Error!"));
return errorcode;
}

nextproctable=*lpproctable;
lpproctable->lpWSPSendTo=WSPSendTo;

freefilter();
return 0;
}

It's the source of install.cpp
#define UNICODE
#define _UNICODE

#include <stdio.h>
#include <tchar.h>
#include <string.h>
#include <ws2spi.h>
#include <sporder.h>

GUID filterguid={0x4d1e91fd,0x116a,0x44aa,{0x8f,0xd4,0x1d,0x2c,0xf2,0x7b,0xd9,0xa9}};

GUID filterchainguid={0xd3c21121,0x85e1,0x48f3,{0x9a,0xb6,0x23,0xd9,0x0c,0x73,0x07,0xef}};

BOOL getfilter();
void freefilter();
void installfilter();
void removefilter();
void start();
void usage();

int totalprotos=0;
DWORD protoinfosize=0;
LPWSAPROTOCOL_INFOW protoinfo=NULL;

int main(int argc,char *argv[])
{
start();

if(argc==2)
{
if(strcmp(argv[1],"-install")==0)
{
installfilter();
return 0;
}
else if(strcmp(argv[1],"-remove")==0)
{
removefilter();
return 0;
}
}
usage();
return 0;
}

BOOL getfilter()
{
int errorcode;

protoinfo=NULL;
totalprotos=0;
protoinfosize=0;

if(WSCEnumProtocols(NULL,protoinfo,&protoinfosize,&errorcode)==SOCKET_ERROR)
{
if(errorcode!=WSAENOBUFS)
{
_tprintf(_T("First WSCEnumProtocols Error: %d\n"),errorcode);
return FALSE;
}
}

if((protoinfo=(LPWSAPROTOCOL_INFOW)GlobalAlloc(GPTR,protoinfosize))==NULL)
{
_tprintf(_T("GlobalAlloc in getfilter Error: %d\n"),GetLastError());
return FALSE;
}

if((totalprotos=WSCEnumProtocols(NULL,protoinfo,&protoinfosize,&errorcode))==SOCKET_ERROR)
{
_tprintf(_T("Second WSCEnumProtocols Error: %d\n"),GetLastError());
return FALSE;
}

_tprintf(_T("Found %d protocols!\n"),totalprotos);
return TRUE;
}

void freefilter()
{
GlobalFree(protoinfo);
}

void installfilter()
{
int i;
int provcnt;
int cataindex;
int errorcode;
BOOL rawip=FALSE;
BOOL udpip=FALSE;
DWORD iplayercataid=0,udporigcataid=0;
TCHAR filter_path[MAX_PATH];
TCHAR filter_name[MAX_PATH];
TCHAR chainname[WSAPROTOCOL_LEN+1];
LPDWORD cataentries;
WSAPROTOCOL_INFOW iplayerinfo,udpchaininfo,chainarray[1];

getfilter();

for(i=0;i<totalprotos;i++)
{
if(!rawip
&& protoinfo[i].iAddressFamily==AF_INET
&& protoinfo[i].iProtocol==IPPROTO_IP)
{
rawip=TRUE;
memcpy(&iplayerinfo,&protoinfo[i],sizeof(WSAPROTOCOL_INFOW));
iplayerinfo.dwServiceFlags1=protoinfo[i].dwServiceFlags1 & (~XP1_IFS_HANDLES);
}

if(!udpip
&& protoinfo[i].iAddressFamily==AF_INET
&& protoinfo[i].iProtocol==IPPROTO_UDP)
{
udpip=TRUE;
udporigcataid=protoinfo[i].dwCatalogEntryId;
memcpy(&udpchaininfo,&protoinfo[i],sizeof(WSAPROTOCOL_INFOW));
udpchaininfo.dwServiceFlags1=protoinfo[i].dwServiceFlags1 & (~XP1_IFS_HANDLES);
}
}

_tcscpy(iplayerinfo.szProtocol,_T("T-IpFilter"));
iplayerinfo.ProtocolChain.ChainLen=LAYERED_PROTOCOL;

if(GetCurrentDirectory(MAX_PATH,filter_path)==0)
{
_tprintf(_T("GetCurrentDirectory Error: %d\n"),GetLastError());
return ;
}
_tcscpy(filter_name,_T("\\ipfilter.dll"));
_tcscat(filter_path,filter_name);

if(WSCInstallProvider(&filterguid,filter_path,&iplayerinfo,1,&errorcode)==SOCKET_ERROR)
{
_tprintf(_T("WSCInstallProvider Error: %d\n"),errorcode);
return ;
}

freefilter();

getfilter();

for(i=0;i<totalprotos;i++)
{
if(memcmp(&protoinfo[i].ProviderId,&filterguid,sizeof(GUID))==0)
{
iplayercataid=protoinfo[i].dwCatalogEntryId;
break;
}
}

provcnt=0;
if(udpip)
{
_tcscpy(chainname,_T("T-UdpFilter"));
_tcscpy(udpchaininfo.szProtocol,chainname);

if(udpchaininfo.ProtocolChain.ChainLen==BASE_PROTOCOL)
{
udpchaininfo.ProtocolChain.ChainEntries[1]=udporigcataid;
}
else
{
for(i=udpchaininfo.ProtocolChain.ChainLen;i>0;i--)
{
udpchaininfo.ProtocolChain.ChainEntries[i+1]=udpchaininfo.ProtocolChain.ChainEntries[i];
}
}

udpchaininfo.ProtocolChain.ChainLen++;
udpchaininfo.ProtocolChain.ChainEntries[0]=iplayercataid;

memcpy(&chainarray[provcnt++],&udpchaininfo,sizeof(WSAPROTOCOL_INFOW));
}

if(WSCInstallProvider(&filterchainguid,filter_path,chainarray,provcnt,&errorcode)==SOCKET_ERROR)
{
_tprintf(_T("WSCInstallProvider for chain Error: %d\n"),errorcode);
return ;
}

freefilter();

getfilter();

if((cataentries=(LPDWORD)GlobalAlloc(GPTR,totalprotos*sizeof(WSAPROTOCOL_INFOW)))==NULL)
{
_tprintf(_T("GlobalAlloc int installfilter Error: %d\n"),errorcode);
return ;
}

cataindex=0;
for(i=0;i<totalprotos;i++)
{
if(memcmp(&protoinfo[i].ProviderId,&filterguid,sizeof(GUID))==0
|| memcmp(&protoinfo[i].ProviderId,&filterchainguid,sizeof(GUID))==0)
{
cataentries[cataindex++]=protoinfo[i].dwCatalogEntryId;
}
}

for(i=0;i<totalprotos;i++)
{
if(memcmp(&protoinfo[i].ProviderId,&filterguid,sizeof(GUID))!=0
&& memcmp(&protoinfo[i].ProviderId,&filterchainguid,sizeof(GUID))!=0)
{
cataentries[cataindex++]=protoinfo[i].dwCatalogEntryId;
}
}

if((errorcode==WSCWriteProviderOrder(cataentries,totalprotos))!=ERROR_SUCCESS)
{
_tprintf(_T("WSCWriteProviderOrder Error: %d\n"),GetLastError());
return ;
}

freefilter();

_tprintf(_T("\nInstall IP Filter Successfully"));
return ;
}

void removefilter()
{
int errorcode;
BOOL signal=TRUE;

if(WSCDeinstallProvider(&filterguid,&errorcode)==SOCKET_ERROR)
{
_tprintf(_T("WSCDeinstall filterguid Error: %d\n"),errorcode);
signal=FALSE;
}

if(WSCDeinstallProvider(&filterchainguid,&errorcode)==SOCKET_ERROR)
{
_tprintf(_T("WSCDeinstall filterchainguid Error: %d\n"),errorcode);
signal=FALSE;
}

if(signal)
{
_tprintf(_T("Deinstall IP Filter Successfully"));
}
return ;
}

void start()
{
_tprintf(_T("Install IP Filter, by TOo2y\n"));
_tprintf(_T("E-Mail: TOo2y@safechina.net\n"));
_tprintf(_T("HomePage: www.safechina.net\n"));
_tprintf(_T("Date: 10-29-2002\n\n"));
return ;
}

void usage()
{
_tprintf(_T("Usage: instif [ -install │ -remove ]\n"));
return ;
}


But when I reoot the OS, the "IPSEC Services" can't start and all network connections are error. Then I start "IPSEC Services" manually, and everything is OK. What shall I do?
Another problem is I never watch the debug messages , "IPFilter WSPStartup ..." and "SendTo..." , on the DbMon. Does it means the WSPStartup and WSPSendTo function of my LSP DLL worked incorrectly?

My OS is Win server 2003 standard edition. VC++ 6.0

Please help me. Thank you very much.

If ipsec service failed to start then it must have reported the error/reason in event viewer, does your LSP work fine with the browsers ?

If ipsec service failed to start then it must have reported the error/reason in event viewer, does your LSP work fine with the browsers ?


I got the error message from event viewer/ microsoft.com.

It is:

Details
Product: Windows Operating System
Event ID: 7023
Source: Service Control Manager
Version: 5.0
Component: System Event Log
Symbolic Name: EVENT_SERVICE_EXIT_FAILED
Message: The %1 service terminated with the following error:
%2

Explanation
The specified service stopped unexpectedly with the error indicated in the message. The service closed safely.


User Action
To troubleshoot the error:

Review the error information displayed in the message.
To display the WIN32_EXIT_CODE error that SCM encountered, at the command prompt, type
sc query service name
The information displayed can help you troubleshoot possible causes for the error.



Version: 5.2
Symbolic Name: EVENT_SERVICE_EXIT_FAILED
Message: The %1 service terminated with the following error:
%2

Explanation
The specified service stopped unexpectedly with the error indicated in the message. The service closed safely.


User Action
To troubleshoot the error:

Review the error information displayed in the message.
To display the WIN32_EXIT_CODE error that SCM encountered, at the command prompt, type
sc query service name
The information displayed can help you troubleshoot possible causes for the error.


Not only my browser, but also other programs can't connect to network.
Thanks for you reply.

PS. Use code-tags


nextproctable=*lpproctable;
lpproctable->lpWSPSendTo=WSPSendTo;

Shouldn't you implement all functions?! Or memcpy the previous provider's dispatch table and override the WSPSendTo function.

It is also important to install it correctly. Pls attach a screenshot on SpOrder.exe from your system.

WSPStartup should be called if you have installed your LSP correctly.

PS. Use code-tags

I'm so sorry for my harum-scarum. I've used CODE TAG.

Shouldn't you implement all functions?! Or memcpy the previous provider's dispatch table and override the WSPSendTo function.

That's all my code here. I only implemnt 2 functions, WSAStarup and WSASendTo, and I don't know if I memcpy the previous provider's dispatch table and override the WSPSendTo function.

It is also important to install it correctly. Pls attach a screenshot on SpOrder.exe from your system.
I attached a screenshot.

WSPStartup should be called if you have installed your LSP correctly.
Unfortunately WSPStartup wasn't called.


Thank you .

I think you need to implement few more funcitons, why dont you use the LSP sample on MSDN or Platform SDK as base and then add your code in it.

I think you need to implement few more funcitons, why dont you use the LSP sample on MSDN or Platform SDK as base and then add your code in it.

Do you mean "layered.zip" on MSDN? I 'll try it.

I can't build the sample "layered " of 2003 Platform SDK in my enviorment (Windows 2003, vc++6.0), and do you know the reason? Someone told me to use VC++ 7.0 to build it...

Your installation (according to SpOrder) doesn't look right to me.

I haven't been doing LSP programming for a long-time, so I could be wrong, but shouldn't SpOrder show one entry for the LSP and additional once for each chain. In your case, I can only see the chains (one for udp and one for tcp).

I think there is a new WSC-function for LSP-installation which both installs the LSP and any chain. Don't remember the name of it, but have a look in MSDN online library (http://msdn.microsoft.com/library).

The standard and documented way is the implement, at least stubs, every function in the dispatch table... but I have successfully developed a LSP (over TCP only) which only implemented 4-5 functions... (no stubs)... The way I solved it, was to copy the dispatch-table from the next provider in line (mstcp in my case) using memcpy. I first copied the whole dispatch-table and then override those functions I had to "see" or intercept.

Thank you very much for your reply.
I attached all my code of "install.cpp" , and do you find some errors in it ?
Sorry, I'm a beginner.

P.S. My OS is Windows Server 2003 DataCenter. Does the SDK is different from the other Windows?