WinDivert ignore tor traffic - c

I'm looked at basil00's TorWall(https://github.com/basil00/TorWall) and cannot understand, how it is possible to ignore traffic that goes from tor?
I'm writing my own torwall and my goal is to add support of different types of proxies(socks5, http[s]). I stuck with problem that inbound traffic from tor.exe is going through the filter. I definitely missed something because torwall is working well.

Tallow ignores Tor traffic based on the port number, e.g. 9001. See the traffic.divert file from the Tallow repository (https://github.com/basil00/TorWall). This is a crude solution, and ideally it should be possible to instruct WinDivert to ignore traffic based on application, however such a feature does not currently exist as of 2018.

Related

How to create a BACnet client in C

I am trying to create a client in C that will talk with a BACnet server. This BACnet server is stored on an industrial device (CAN2GO) and I am not sure how I could talk with this device.
I spent quite some time reading documentation for BACnet and I never found a clear example for a BACnet client. I already did some server and clients using TCP and UDP but I don't know how to start this BACnet client and I must say I am getting quite desperate.
I found a library which seems to correspond to what I want which is called BACnet protocol stack but when I tried the whois exemple no device was found (I expected to found the bacnet server but maybe I shouldn't ?).
So my question is : could you give me an exemple in C, or another language but C would be better, that would communicate with a BACnet server (nothing complicated just a question and analysing response). This example could be using the library I just wrote about or if you prefer another library I am of course open to everything.
Thank you very much for your time and answers.
I have used that stack and it is the best open source one you are going to find. If you cannot see anything using the demo\whois\bacwi example from that library, then there is something wrong with your setup. In particular, are you using IP? Are your BACnet client and BACnet server on different machines (they cannot be on the same without some serious tweaking)? Are the two machines on the same IP subnet? (They must be, once again, unless you do some serious tweaking (in this case, setting up BBMDs (BACnet Broadcast Management Devices))).
You will also want to try the "Read Property" example (demo\readprop\bacrp.exe) to actually read a value from the server.
If you are still stuck, then post your detailed problem at the link on Sourceforge, Steve, the author, is very responsive to questions.
I am currently using the stack - just started. I had a little trouble at first, not sure if my problem is the same but.. I basically am using some BAC components made from Schneider Electric (UNC-500) and an old un-supported platform (Niagara R2). On my laptop I created a host server and addressed it to a private LAN network between it and the UNC. My laptop was also using wifi, which was utilizing DHCP, so I had two separate interfaces going. This was my problem. I couldn't read or get 'I-AM' responses back from the UNC. As soon as I turned the WIFI off, I got the 'I-AM' broadcasts. Make sure that you are on the same network as your device, and that there are not other interfaces active. Maybe there is a way to assign the interface to use, IDK. I just started using it.

Hosting multiple clients with freemodbus

I am working on a project involving a microcontroller communicating to a PC via Modbus over TCP. My platform is an STM32F4 chip, programming in C with no RTOS. I looked around and found LwIP and Freemodbus and have had pretty good success getting them both to work. Unfortunately, I'm now running into some issues which I'm not sure how to handle.
I've noticed that if I establish connection, then lose connection (by unplugging the Ethernet cable) I will not be able to reconnect (once I've plugged back in, of course). Freemodbus only allows one client and still has the first client registered. Any new clients trying to connect are ignored. It won't drop the first client until after a specific timeout period which, as far as I can tell, is a TCP/IP standard.
My thoughts are...
I need a Modbus module that will handle multiple clients. The new client request after communication loss will be accepted and the first client will eventually be dropped due to the timeout.
How do I modify Freemodbus to handle this? Are there examples out there? I've looked into doing it myself and it appears to be a decently sized project.
Are there any good Modbus packages out there that handle multiple clients, are not too expensive, and easy to use? I've seen several threads about various options, but I'm not sure any of them meet exactly what I need. I've had a hard time finding any on my own. Most don't support TCP and the ones that do only support one client. Is it generally a bad idea to support multiple clients?
Is something wrong with how I connect to the microcontroller from my PC?
Why is the PC changing ports every time it tries to reconnect? If it kept the same port it used before, this wouldn't be a problem
Should I drop the client from Freemodbus as soon as I stop communicating?
This seems to go against standards but might work.
I'm leaning towards 1. Especially since I'm going to need to support multiple connections eventually anyways. Any help would be appreciated.
Thanks.
If you have a limit on the number of modbus clients then dropping old connections when a new one arrives is actually suggested in the modbus implementation guide (https://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf)
Nevertheless a mechanism must be implemented in case of exceeding the number of
authorized connection. In such a case we recommend to close the oldest unused
connection.
It has its own problems but everything is a compromise.
Regarding supporting multiple clients...if you think about modbus/rs server - it could only ever have one master at a time. Then replace the serial cable with TCP and you see why it's not uncommon to only support one client (and of course it's easier to program). It is annoying though.
Depending on what you are doing you wont need the whole modbus protocol and implementing the parts you do need is pretty easy. Of course if you have to support absolutely everything its a different prospect. I haven't used freemodbus, or any other library appropriate to your setup, so I can't help with suggestions there.
Regarding the PC using different TCP source port each time - that is how TCP is supposed to work and no fault on your side. If it did reuse the same source port then it wouldn't help you because e.g. sequence numbers would be wrong.
Regarding dropping clients. You are allowed to drop clients though its better not to. Some clients will send a modbus command, notice the connection has failed, reconnect, but not reissue the command. That may be their problem but still nicer to not see it that often where possible. Of course things like battery life might make the calculation different.

Reliable way to send file over internet

First of all: I'm not absolutely certain that this is the right place to ask, but I think the question fits here better then on superuser or serverfault, since it is a question from a programmer's perspective: I figured more programmers might have had the same question (although I couldn't find this specific question!).
I would like to have a feature in my program which allows users to send files to a 'friend'. You can find friends via an username: this all goes via a server which can provide the IP-adress of a friend.
I wanted to use a tcp connection to send the file. This becomes difficult, however, when one (or both) of the parties is behind a NAT. What is the best way to solve this? I heard that it's possible to send stuff via a server, but I'd rather send everything directly, to prevent server overhead.
I heard about a technique called hole punching, but also that it's pretty complex to implement and not 100% reliable. I could use UDP and implement some scheme to improve the reliability, but this seems a bit complex to me. I know skype, bittorrent and a whole lot of other programs do similiar things (but I don't know about the specifics, which protocol they use, if they use hole punching etc.).
I looked into FTP a bit, until I realised that this is just a protocol using TCP, so I should use TCP hole punching in order to let this work... Anyway, I hope someone can give me some advice on this :)
If you don't want to make data pass through a server, I'm not aware of other methods other than TCP Hole Punching or simple Port forwarding of a previously choosen port.

Web based NX client?

But I can't seem to find much about how the NX protocol actually works. I have heard it does something with sending X11 commands. But does this mean that the listening clients need to have an x server to run the actual commands and display them?
Basically, I am trying to figure out if it is possible to write an NX client for a web browser, because it sounds interesting to me. Thoughts?
Yes. NX is essentially compressed X-Window protocol.
It's not a spec, but here is a general introduction to how it works: http://www.nomachine.com/documents/NX-XProtocolCompression.php
The client doesn't need to be an X-server, but it will probably need to be able to handle at least some subset of the X protocol.
If you are going to create an web based NX client, make sure you look at noVNC which is a web based VNC/RFB client. Better yet, fork noVNC and add NX support. That way you don't have to waste time on input, events positioning, networking, etc.
Disclaimer: I am the creator of noVNC. Implementing other remote desktop protocols (NX, RDP, Spice) is on my long term todo list (part of the reason for the name). If you're serious, contact me via github and I can give you some direction/thoughts and put you in touch with somebody else who has also expressed interest.

What is the format for the headers and message body of a TIBCO-RV packet?

I need to decode a packet sent using TIBCO-RV and pull fields out of the header and skip over the message body. I have not been able to any examples or documentation. Does anybody know of any open source applications that might do this or if there is a Wireshark dissector out there somewhere?
Maybe you should try applying for a license and getting the official documentation. According to Wikipedia:
TIBCO provides messaging APIs in C,
C++, Java, Visual BASIC , Perl and
.NET to receive data feeds on MS Excel
spreadsheets and other applications of
choice.
Failing that, you could perhaps dive into the TIBCO:RV Perl module.
The methods which TibcoRV implements reliable mutli-cast are propriety, but one would assume easy to reverse engineer. I don't believe any of the official documentation goes into detail on the packet level detail. It's quite easy to get the data out if you have the API.
Several things come to mind:
Is the client on your machine running? This is required in order to create the multicast subscription (unless you are using broadcast mode). Otherwise, you need to have some client subscribe to the multicast channel, or your switch shouldn't forward the traffic.
Generally, you will have a single rrd running locally. You have TCP traffic between the RRD and your app. You can use an app like socketsniff to view the traffic between the two.

Resources