- This topic has 8 replies, 2 voices, and was last updated 18 years, 10 months ago by
.
-
Posts
-
Why when filtering started with dwFlags equals to MSTCP_FLAG_SENT_LISTEN + MSTCP_FLAG_RECV_LISTEN + MSTCP_FLAG_FILTER_DIRECT + MSTCP_FLAG_LOOPBACK_BLOCK
and HwFilter equals to NDIS_PACKET_TYPE_PROMISCUOUS,
for one ARP request sended four ARP responses?
What I do wrong?Could you please provide more details? What OS you have expirienced this behaviour with? Is it incoming or outgoing ARP request? What network media do you use. Have you seen four response packets in WinpkFilter of using any network sniffer?
Thank’s.
Problem resolved.
I set wrong flags (*_LISTEN) but after *_TUNNEL flag setted – all works fine!I have other question now:
Why when windows XP network bridge created, and when I try to filter created virtual bridge adapter – packets not dropped 🙁 and sended to destination. I can’t to filter real adapters, because after creating bridge in adapters list contains only “Nework bridge” and “WAN connection”.
I can see packets, but when I drop them – packets sended to destination 🙁
Can you help me?I has forgotten to tell:
I can to block packets, directed to computer with bridge, but I can’t to block transit packets to other computers.Maybe I can get not only TCP/IP bound adapters info?
Because bridge removes binding of TCP/IP from adapters in bridge.
WinPKFilter works correctly with non TCP/IP bound adapters?
Just I need try to filter this adapters.WinpkFilter driver works between TCP/IP stack and it’s bound adapters, it does not filter non TCP/IP interfaces. As I understand you miss packets which are routed by network bridge and never reach TCP/IP stack. This is just how it should work.
However, driver can be modified to additionally support filtering between the bridge and real network interfaces below the bridge, it just requires some modifications in driver itself. If you own Source Code license you can easily do required modifications yourself, I think it should be enough to add network bridge protocol name to the list of filtered protocols.
Yes, you understand me correctly.
I’m not owner of any license.
I try to test WinPKFilter.Why only TCP/IP adapters can be filtered?
For example, you can add some flag to internal structure of packet in driver code and when program try send non TCP/IP packet to stack, driver can detect this by flag and just drop this packet…Somtimes need simply filter any incoming packets and filtering of non TCP/IP adapters can help in this case…
In my case this is transit packets.Thank’s for answers.
Why only TCP/IP adapters can be filtered?
It is by driver design. However, driver can be extended to work below other protocols in addition to TCP/IP.
For example, you can add some flag to internal structure of packet in driver code and when program try send non TCP/IP packet to stack, driver can detect this by flag and just drop this packet…
TCP/IP is the primary protocol in the meantime and WinpkFilter main purpose is modification of it’s behaviour on different ways (firewall, NAT, VPN and etc…). Filtering absolutely all protocols on the system would cause a real mess and perfomance degradation (protocols can be joint into the stacks in the form of IM drivers, like the bridge you have mentioned).
- You must be logged in to reply to this topic.