WinPkFilter: Duplicate packets

Home Forums Discussions Support Portal WinPkFilter: Duplicate packets

This topic contains 8 replies, has 2 voices, and was last updated by  ByTE 12 years, 5 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #4927

    ByTE
    Participant

    Why when filtering started with dwFlags equals to MSTCP_FLAG_SENT_LISTEN + MSTCP_FLAG_RECV_LISTEN + MSTCP_FLAG_FILTER_DIRECT + MSTCP_FLAG_LOOPBACK_BLOCK
    and HwFilter equals to NDIS_PACKET_TYPE_PROMISCUOUS,
    for one ARP request sended four ARP responses?
    What I do wrong?

    #5741

    Vadim Smirnov
    Moderator

    Could you please provide more details? What OS you have expirienced this behaviour with? Is it incoming or outgoing ARP request? What network media do you use. Have you seen four response packets in WinpkFilter of using any network sniffer?

    #5742

    ByTE
    Participant

    Thank’s.
    Problem resolved.
    I set wrong flags (*_LISTEN) but after *_TUNNEL flag setted – all works fine!

    I have other question now:
    Why when windows XP network bridge created, and when I try to filter created virtual bridge adapter – packets not dropped 🙁 and sended to destination. I can’t to filter real adapters, because after creating bridge in adapters list contains only “Nework bridge” and “WAN connection”.
    I can see packets, but when I drop them – packets sended to destination 🙁
    Can you help me?

    #5743

    ByTE
    Participant

    I has forgotten to tell:
    I can to block packets, directed to computer with bridge, but I can’t to block transit packets to other computers.

    #5744

    ByTE
    Participant

    Maybe I can get not only TCP/IP bound adapters info?
    Because bridge removes binding of TCP/IP from adapters in bridge.
    WinPKFilter works correctly with non TCP/IP bound adapters?
    Just I need try to filter this adapters.

    #5745

    Vadim Smirnov
    Moderator

    WinpkFilter driver works between TCP/IP stack and it’s bound adapters, it does not filter non TCP/IP interfaces. As I understand you miss packets which are routed by network bridge and never reach TCP/IP stack. This is just how it should work.

    However, driver can be modified to additionally support filtering between the bridge and real network interfaces below the bridge, it just requires some modifications in driver itself. If you own Source Code license you can easily do required modifications yourself, I think it should be enough to add network bridge protocol name to the list of filtered protocols.

    #5746

    ByTE
    Participant

    Yes, you understand me correctly.

    I’m not owner of any license.
    I try to test WinPKFilter.

    Why only TCP/IP adapters can be filtered?
    For example, you can add some flag to internal structure of packet in driver code and when program try send non TCP/IP packet to stack, driver can detect this by flag and just drop this packet…

    Somtimes need simply filter any incoming packets and filtering of non TCP/IP adapters can help in this case…
    In my case this is transit packets.

    Thank’s for answers.

    #5747

    Vadim Smirnov
    Moderator

    Why only TCP/IP adapters can be filtered?

    It is by driver design. However, driver can be extended to work below other protocols in addition to TCP/IP.

    For example, you can add some flag to internal structure of packet in driver code and when program try send non TCP/IP packet to stack, driver can detect this by flag and just drop this packet…

    TCP/IP is the primary protocol in the meantime and WinpkFilter main purpose is modification of it’s behaviour on different ways (firewall, NAT, VPN and etc…). Filtering absolutely all protocols on the system would cause a real mess and perfomance degradation (protocols can be joint into the stacks in the form of IM drivers, like the bridge you have mentioned).

    #5748

    ByTE
    Participant

    I’m understand, thank’s.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.