0

I 'm using Sharppcap to convert multicast udp packets to unicast then forward the packet to another network I established a tunnel IPsec connection between two networks like the following scenario IPsec-tools and racoon and it works fine

diagram

But in gateway1 I run a simple program using sharppcap that listen to eth1 to capture all multicast udp packets from network A and change the destination address to the eth1 address of gateway2 then resend it then the other gateway change the packet to multicast and forward it to network B. I did this because IPsec tunnel mode doesn't work with multicast For example in gatway1:

private static void device_PcapOnPacketArrival(object sender, PcapCaptureEventArgs e)
        {   
            if(e.Packet is UDPPacket)
            {               
                UDPPacket udp = (UDPPacket)e.Packet;
                System.Net.IPAddress dstIp = udp.DestinationAddress;
              if (dstIp.ToString() == "224.5.6.7")
                {
                    udp.DestinationAddress= IPAddress.Parse("192.168.2.1");
                    udp.SourceHwAddress= System.Net.NetworkInformation.PhysicalAddress.Parse("A0-48-1C-D6-7E-C0");
                    udp.DestinationHwAddress= System.Net.NetworkInformation.PhysicalAddress.Parse("A0-48-1C-D6-D5-90");
                    udp.TimeToLive=20;
                    udp.ipv4.IPChecksum= udp.ComputeIPChecksum();
                    device1.SendPacket(udp);
                }
            }
        }

The modified packet gets to its destination in the other network but still not encrypted in the tunnel between gateway1 and gateway2 I think the solution is to let the operating system handle sending the packets But I don’t know how to do it using sharppcap.

Ahmad Darwish
  • 91
  • 5

1 Answers1

0

libpcap/winpcap (and thus Sharppcap) sends packets via pcap_sendpacket/pcap_inject(). These are raw packets so if you want to use encryption you'll have to apply that yourself when sending the packet as these calls are bypassing the higher level communication stacks in the OS.

Maybe you could use a hybrid approach of receiving the packet with Sharppcap and then using the IPSec tunnel as one would normally use it as an application, eg. open a socket between the two systems and send the packet through that socket. That would let the OS route the data through the IPSec tunnel.

Chris Morgan
  • 1,277
  • 1
  • 13
  • 33
  • Thanks @Chris is there any way to open socket between the two gateways using sharppcap could you give me an example – Ahmad Darwish Feb 09 '15 at 08:43
  • @AhmadDarwish, you'd open the socket like you would any other socket. https://msdn.microsoft.com/en-us/library/kb5kfec7%28v=vs.110%29.aspx It really depends if you want sync vs. async, which port, what protocol etc. – Chris Morgan Feb 09 '15 at 15:47
  • thanks, the problem is when I use socket I lose the source ip address of the original packet because socket accept to send only from one of the local addresses, it can't be bind to the original source ip address and that is not acceptable in my application I need to find another way to do it – Ahmad Darwish Feb 10 '15 at 12:30
  • Does the endpoint have to see the original ip? Why not have your application (and system it is running on) be the endpoint for the remote side? It won't appear transparent but to get that you'd need to write a firewall packet filter application. – Chris Morgan Feb 11 '15 at 21:12