winpkf: stop starting packet reading in tunnel mode

Home Forums Discussions Support winpkf: stop starting packet reading in tunnel mode

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • December 3, 2004 at 11:11 am #4893
    krisleech
    Participant

      winpkf question:

      If i set an adapter to TUNNEL mode and start reading packets in a loop this is fine.
      When i want to stop reading the packets i drop out of the loop.
      However, of course, the driver is still reading packets and as soon as the winpkf buffer is full tcp/ip stops for the whole PC.

      So what can i do:

      1. Put the adapter in to LISTEN mode – this does not appear to work. Do i have to keep reading packets??

      2. Drop out of the main loop in to a secondary loop which keep reading packets but re-creates them stright away.

      3. Unload the driver – not ideal as i have to keep loading, unloading every time it is started/stopped.

      Any other ideas?

      Thanks for any help, K.

      December 3, 2004 at 12:52 pm #5673
      Vadim Smirnov
      Keymaster

        Please pay attention to the routine below (it is available in PassThru and PacketSniffer samples), which actually stops WinpkFillter operations over the network interface and releases resources:

        void ReleaseInterface()
        
{
        
// This function releases packets in the adapter queue and stops listening the interface
        
ADAPTER_MODE Mode;
        

        
Mode.dwFlags = 0;
        
Mode.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];
        

        
// Set NULL event to release previously set event object
        
api.SetPacketEvent(AdList.m_nAdapterHandle[iIndex], NULL);
        

        
// Close Event
        
if (hEvent)
        
CloseHandle ( hEvent );
        

        
// Set default adapter mode
        
api.SetAdapterMode(&Mode);
        

        
// Empty adapter packets queue
        
api.FlushAdapterPacketQueue (AdList.m_nAdapterHandle[iIndex]);
        
}
        December 3, 2004 at 1:07 pm #5674
        krisleech
        Participant

          Maybe i didnt express my question well.

          I do not want to close the filter driver, i just want to effectivly pause the processing of packets. So the are not processed any more, but processing can resume again.

          Is the best way to do this to close the driver as in the release interface example?

          thanks, K.

          December 3, 2004 at 4:35 pm #5675
          Vadim Smirnov
          Keymaster

            The code above do the following:

            1) Release event for packet indication.
            2) Set adapter into passthru mode (the state it was before you set TUNNEL mode).
            3) Flush packet queue associated with the adapter.

            For temporary stop filtering: 1 – is not necessary, 2 – should be be done, otherwise (if you exited the loop) the network will be forzen after all WinpkFilter internal buffers are used, 3 – should be done because if you have existed packet reading loop, to that moment you can have internal buffer pool exosted and the network frozen.

            So, in addition to exiting the loop you should set the default mode over the interface and flush its packet queue. If you want to restore filtering, then set tunnel mode and enter the loop again.

            December 4, 2004 at 4:51 pm #5676
            krisleech
            Participant

              Great thanks..!

            • Author
              Posts
            Viewing 5 posts - 1 through 5 (of 5 total)
            • You must be logged in to reply to this topic.