WinTun support

Home Forums Discussions Support Portal WinTun support

Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #11524
    oriolarcas
    Participant

    Hi,

    I would like to intercept packets before they are processed by a tunnel software, Wintun.

    Wintun creates a virtual interface, similar to a TUN or TAP in Linux. Said interface can be seen using ipconfig. However, it doesn’t appear in NDISAPI’s GetTcpipBoundAdaptersInfo call.

    Is there any solution or workaround?

    Thanks.

    #11525
    oriolarcas
    Participant

    Follow up:

    This is the code in Wintun that creates the adapter:

    
        NDIS_MINIPORT_DRIVER_CHARACTERISTICS miniport = {
            .Header = { .Type = NDIS_OBJECT_TYPE_MINIPORT_DRIVER_CHARACTERISTICS,
                        .Revision = NdisVersion < NDIS_RUNTIME_VERSION_680
                                        ? NDIS_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_2
                                        : NDIS_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_3,
                        .Size = NdisVersion < NDIS_RUNTIME_VERSION_680
                                    ? NDIS_SIZEOF_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_2
                                    : NDIS_SIZEOF_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_3 },
    
            .MajorNdisVersion = (UCHAR)((NdisVersion & 0x00ff0000) >> 16),
            .MinorNdisVersion = (UCHAR)(NdisVersion & 0x000000ff),
    
            .MajorDriverVersion = WINTUN_VERSION_MAJ,
            .MinorDriverVersion = WINTUN_VERSION_MIN,
    
            .InitializeHandlerEx = TunInitializeEx,
            .HaltHandlerEx = TunHaltEx,
            .UnloadHandler = TunUnload,
            .PauseHandler = TunPause,
            .RestartHandler = TunRestart,
            .OidRequestHandler = TunOidRequest,
            .SendNetBufferListsHandler = TunSendNetBufferLists,
            .ReturnNetBufferListsHandler = TunReturnNetBufferLists,
            .CancelSendHandler = TunCancelSend,
            .DevicePnPEventNotifyHandler = TunDevicePnPEventNotify,
            .ShutdownHandlerEx = TunShutdownEx,
            .CancelOidRequestHandler = TunCancelOidRequest,
            .DirectOidRequestHandler = TunDirectOidRequest,
            .CancelDirectOidRequestHandler = TunCancelDirectOidRequest,
            .SynchronousOidRequestHandler = TunSynchronousOidRequest
        };
    
        Status = PsSetCreateProcessNotifyRoutine(TunProcessNotification, FALSE);
        if (!NT_SUCCESS(Status))
            goto cleanupResources;
    
        Status = NdisMRegisterMiniportDriver(DriverObject, RegistryPath, NULL, &miniport, &NdisMiniportDriverHandle);
        if (!NT_SUCCESS(Status))
            goto cleanupNotifier;
    
    #11527
    Vadim Smirnov
    Moderator

    Windows Packet Filter NDIS filter driver does not bind to WinTun network adapter because of the following in wintun.inf:

    HKR, Ndi\Interfaces, LowerRange, , "nolower"

    while in ndisrd_lwf.inf we have:

    HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip, bluetooth"

    So there are two choices:

    • Change wintun.inf ‘nolower’ to ‘ethernet’
    • Add ‘nolower’ to the list of FilterMedia types in ndisrd_lwf.inf

    As a side effect second option will cause Windows Packet Filter driver binding to the interfaces it normally would not bind to and therefore it is not supported by stock driver build.

    #11528
    oriolarcas
    Participant

    Thank you Vadim, I added nolower to the FilterMediaTypes list in ndisrd_lwf.inf and it detected the WinTun interface. It worked out of the box.

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.