Forum Replies Created
-
Posts
-
We are using VMware Player 5.0.0 build 812388. We are going to try all of your suggestions today (static ip, install order).
The network adapter is connected to an local network with a router that assigns IP addresses via DHCP. The adapter inside of the VMware virtual machine is not able to obtain an IP address via the bridged connection to the local LAN. Without the WinPK filter installed on the host machine, the VMware virtual machine is able to obtain an IP address from the router and has full local network/Internet connectivity.
I’ll test with static addresses and get back to you on the results.
I’ve been testing on Windows 7. I have VirtualBox installed, which installs a VirtualBox Bridged Networking Driver, which I believe is an IM driver.
On the duplicate packets issue, I’ve been able to recreate this without calling down to the LWF driver. Calling EnableRouter (http://msdn.microsoft.com/en-us/library/aa365896%28v=vs.85%29.aspx) triggers duplicate packets on interfaces with the LWF driver attached. The following C# console app calls EnableRouter and UnenableRouter to demonstrate this.
using System;
using System.Runtime.InteropServices;
namespace TestEnableRouter
{
class Program
{
static void Main(string[] args)
{
string input="";
while (true)
{
Console.WriteLine("Pressto enable router, 'q' to quit");
input= Console.ReadLine();
if (!String.IsNullOrEmpty(input)) break;
EnableRouter();
Console.WriteLine("Pressto disable router, 'q' to quit");
input = Console.ReadLine();
if (!String.IsNullOrEmpty(input)) break;
UnenableRouter(ref overlapped, IntPtr.Zero);
}
}
static bool routing = false;
static OVERLAPPED overlapped;
static void EnableRouter()
{
try
{
OVERLAPPED overlapped = new OVERLAPPED();
overlapped.Internal = 0;
overlapped.InternalHigh = 0;
overlapped.Offset = 0;
overlapped.OffsetHigh = 0;
overlapped.Pointer = IntPtr.Zero;
overlapped.hEvent = CreateEvent(IntPtr.Zero, false, false, null); ;
Console.WriteLine("calling EnableRouter");
//Console.WriteLine("calling EnableRouter");
int feedback = EnableRouter(IntPtr.Zero, ref overlapped);
//Console.WriteLine("finished EnableRouter");
Console.WriteLine("finished EnableRouter");
if (feedback != 997) //ERROR_IO_PENDING means success, apparently
{
Console.WriteLine("IP FORWARDING: EnableRouter returned " + feedback);
}
}
catch (Exception e)
{
Console.WriteLine("IP FORWARDING: SetupFirewallAndRouting");
Console.WriteLine(e.ToString());
}
}
[StructLayout(LayoutKind.Explicit, Size = 20)]
public struct OVERLAPPED
{
[FieldOffset(0)]
public uint Internal;
[FieldOffset(4)]
public uint InternalHigh;
[FieldOffset(8)]
public uint Offset;
[FieldOffset(12)]
public uint OffsetHigh;
[FieldOffset(8)]
public IntPtr Pointer;
[FieldOffset(16)]
public IntPtr hEvent;
};
[DllImport("kernel32.dll")]
static extern IntPtr CreateEvent(IntPtr lpEventAttributes, bool bManualReset, bool bInitialState, string lpName);
[System.Runtime.InteropServices.DllImport("iphlpapi.dll")]
public static extern int EnableRouter(IntPtr hndref, ref OVERLAPPED pOverlapped);
[System.Runtime.InteropServices.DllImport("iphlpapi.dll")]
public static extern int UnenableRouter(ref OVERLAPPED pOverlapped, IntPtr lpdwEnableCount);
}
}
I think I can move forward without calling this function, but it does seem to be a regression from earlier driver version.
On the unable to switch from LWF to IM driver issue, it seems I still had a registry entry from an older customized IM driver with the same service name for the IM driver that was blocking it. After clearing it out (may have needed a reboot in there too) I am able to switch between IM and LWF. Thanks for the info, I’ll make sure to double check these keys are cleared out.
@SerpentFly wrote:
1) Could you please describe your software/hardware configuration?
This has been seen on two different laptops. 1, and Asus with an Atheros AR9285 wifi card and JMicrom Gigabit ethernet card. The other a Gateway with an Atheros AR5B92 wfi card and Broadcom Gigabit ethernet card.
@SerpentFly wrote:2) What tool have you used to capture the traffic?
Wireshark was used to verify traffic before, during, and after application execution.
@SerpentFly wrote:Have you expirienced this with your own application only or standard utilities shipped with WinpkFilter behaves the same?
It was experienced with our own application based off an older version of the Internet Gateway example application. The same application with a year old (forget the version number, but I can find it if needed) version of the IM driver did not exhibit this behavior. It was also seen using the current version of the Internet Gateway example application. Machines were rebooted between application executions (Internet Gateway was run on a fresh boot without running our own application). The problem persists after stopping either application until the LWF driver is disable on the adapter.
During this state, running a series of pings would result in some pings showing successful, some showing TTL exceeded, others showing general failure messages.@SerpentFly wrote:
3) Have you used promiscuous mode?
I have not set promiscuous mode.
@SerpentFly wrote:
Try to remove cached INF/PNF files from WIndowsINF folder.
All instances are removed from both WindowsINF and WindowsSystem32DriverStoreFileRepository using the pnputil.exe shipped with Windows, and verified through Windows Explorer and grep utilities. I’ve seen this on the Asus mentioned above, and a Virtual Machine running under Virtual Box.
In trying to switch to the IM driver to see if it yields the same issues, I’m not able to successfully install it. I’m getting error code 0x80070436 when running snetcfg, indicating “The name is already in use as either a service name or a service display name.” I’ve uninstalled the LWF drivers with snetcfg, and used pnputil to clear out all the LWF instances in the driver store. It seems to still have a reference to the LWF driver and won’t let me install the IM driver since it has the same name.
Don’t know exactly what happened. But it was another section of my code (logging code, actually) messing with this. Must have been writing off the end of an array somewhere.
Ok, got it working. Need to change the declaration of GetRasLinks to:
[DllImport("ndisapi.dll")]
public static extern bool GetRasLinks(IntPtr hOpen, IntPtr hAdapter, IntPtr pLinks);
And then you can call it via:
IntPtr data = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(RAS_LINKS)));
Ndisapi.GetRasLinks(hNdisapi, AdList.m_nAdapterHandle, data);
RAS_LINKS RasLinks = (RAS_LINKS)Marshal.PtrToStructure(data, typeof(RAS_LINKS));
Console.WriteLine("RAS_LINKS:" + RasLinks.nNumberOfLinks);
Yes, when calling the line
Ndisapi.GetRasLinks(hNdisapi, AdList.m_nAdapterHandle, ref pLinks);an exception is thrown:
System.Runtime.InteropServices.MarshalDirectiveException: Cannot marshal 'parameter #3': Internal limitation: structure is too complex or too large.This happens when RAS_LINKS_MAX = 256. From quick googling, it appears there is a hard 64k (65535 byte) limit for marshaling a single chunk of data.
