Forum Replies Created
-
Posts
-
WinPkFilter IM Driver seems to work with Vista
Yes, it does. Just need to fix the conversion of internal adapter name to user friendly one, but it can wait till Vista release.
I have signed the driver image, but Windows still complains about an unsigned driver. Do I have to package inf and sys files to a .cat file? Perhaps anybody has a short hint for me?
Have not tried myself yet, but as far as I understand you have two options, one is creating .cat file and another is embedding signature into the driver image. This papaer from MS covers some of the details:
http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx
Probably you can use raw winsock interface. Basically WinpiFilter allows you to query local MAC address, for getting MAC address for remote system you’d have to generate an ARP request packet and then process ARP reply one.
MSTCP is the name of TCP/IP protocol on Windows 9x/ME, but in context of WinpkFilter it is used to specify Microsoft TCP/IP module on Windows systems.
Sending packets to MSTCP means that packet will be indicated to TCP/IP stack from the name of the specified network interface (just like this packet would arrive to this network interfcae from the real network). By other words packet is injected into the upstream between network card and TCP/IP stack.
Sending packets to adapter means that packet will be sent directly to network interface from the name of TCP/IP protocol. By other words packet is injected into the downstream between TCP/IP and network card.
when i start to log all packets with NetFirewall it only showes TCP and UDP connections.
does it means that the firewall only manage this two protocols?NeT Firewall works just below TCP/IP and processes all IP protocols (IP, ICMP, IGMP, TCP, UDP and etc…). Probably you had not any other protocols activity when the log was collected.
when i setup my adapter to “High Security Level”.
does the programm blockes all other protocols which are not listed in the Security Rule table to allow this one ??“High Security Level” blocks every packet unless there is an allow rule matching this particular packet
what happen with IP, IGMP, RAW….. packets?
If there are no allow rules configured to pass these protocols then these packets are blocked on “High Security Level”.
В смысле С.С++ обьявления идентичны, единтсвенное по разному массивы приходится адресовать. А вот в случае C# интерпретация похоже отличается. Ну тут надо смотреть отладчиком что да как…
Сложно сказать (не являюсь поклонником С#), но предположить можно. Драйверу то все равно что за кусок памяти ему передали, он с ней работает как со структурой языка C и соответтвенно заполняет данными. Так что тут дело в том как C# интерпретирует полученную бинарную структуру, а он похоже то же самое обьявление интерпретирует по другому (возможно где-то неявно доставляются элементы, которых обычный С/C++ не добавляет). Думаю не ошибусь если предположу что в C# еть какое-то обьявление которое может заставить компилятор интерпретировать структуру как структуру С, а не managed C#. Что-нибудь подобное extern “C”, ведь как-то стандартные Win32 структуры обрабатываются нормально, думаю стоит посмотреть хидеры.
I have started to use SerpentFly’s suggestions, thus:
PEPROCESS pEprocess = PsGetCurrentProcess();
HANDLE SectionHandle = pEprocess->SectionHandle;I guess you are going to create a driver which supports all NT operating systems, so first of all you have to determine operating system version and then depending of it use the matching EPROCESS definition (from one post above). An example for Windows 2000 it would be as the following:
PEPROCESS_W2K pEprocess = (PEPROCESS_W2K)PsGetCurrentProcess();
HANDLE SectionHandle = pEprocess->SectionHandle;How can I create the new Ethernet packet?
Allocate buffer to store the packet, initialize Ethernet and IP (ICMP, UDP, TCP headers), copy packet data.
On the other hand, would it be possible to send this ethernet packet to a certain port inside the same machine with this application?
Yes, this is possible.
Hmm, since you are going to create CoClient protocol driver and call manager I assume you have CoNDIS WAN driver for your device. If yes then probably you already have a separate call manager or this CoNDIS WAN driver is an MCM driver. Please clarify.
Of course IP checksum should be recalculated if IP header was altered. PPTP GRE header never has the checksum field (Checksum Present flag is always set to 0 for PPTP).
IP type 47 corresponds PPTP GRE protocol. You can read a nice overview of PPTP protocol issues here:
http://www.microsoft.com/technet/community/columns/cableguy/cg0103.mspx
Below is the most importand NAT relative quote from the link above:
PPTP uses the Sequence Number and Acknowledgement Number fields to detect dropped data packets.
The use of a separate mechanism for PPTP data encapsulation has an interesting side effect for network address translators (NATs). For more information about NATs, see Windows 2000 Network Address Translator (NAT) (the March 2001 Cable Guy article). Most NATs can translate TCP-based traffic for PPTP tunnel maintenance. However, PPTP data packets with the GRE header are not typically translated without using either a static address mapping or a PPTP NAT editor.
When a PPTP server is behind a NAT, the NAT must be manually configured with a static address mapping that maps all the traffic for a specific public address to a specific private address. In this case, only the addresses in the IP header are modified.
When a PPTP client is behind a NAT, a PPTP NAT editor is typically used. A NAT editor is an additional software component on the NAT that performs translation services beyond IP addresses, TCP ports, and UDP ports. Although it is a simple matter for the PPTP NAT editor to monitor incoming packets for GRE payloads and translate the IP addresses in the IP header, there might be multiple PPTP clients behind the NAT. In this case, the NAT is unable to determine to which private client the incoming PPTP data packet is destined, because the same public address is being used for multiple private clients. To determine the private client to which an incoming packet is destined, the PPTP NAT editor uses the Call ID field in the GRE header. However, when two different PPTP clients use the same Call ID, the NAT is unable to determine to which private client the packet is destined.
To provide correct multiplexing of GRE-encapsulated traffic to different private clients, the PTPP NAT editor monitors the PPTP control connection setup and translates both the PPTP client’s Call ID field in the PPTP messages and the GRE-encapsulated data packets in the same way that it translates TCP or UDP source ports. By translating the PPTP client Call ID field, the NAT ensures that a unique Call ID is used for each PPTP tunnel, and for each PPTP client.
1. Do you have any news on this since I very interested by this and this is the only part that is currently missing in my evaluation of your product (I’m particularly interessted by the NAT feature in priority, traffic shaper is a high priority too but less than NAT).
NAT is already implemented in “under development” version of NeT Firewall. Regretfully I can’t point yet the exact release date, all newly addde features should be well tested before it,
2. Do you plan to support Vista too (32 bits), do you have an idea of date (note really for me urgent, but I need to know for future).
Yes, Windows Vista is planned to be supported.
3. Do you have any API that enable me to communication with the Firewall (like the winPkFilter?
In the meantime NeT Firewall interface is not published. However, could you specify for what particular tasks you’d like to use it?
For your information image in the online help are not displayed the link is bad.
Could you point the exact URL for the broken link?
“fatal error LNK1104: cannot open file D:Program.obj”
Try to move project to the path without complex names (with spaces inside) like “D:Program Files…”.
Do you run WinpkFilter inside Virtual PC (guest) system? It should work fine in this environment unless you also have installed some software which conflicts with WinpkFilter drivers.
What ListAdapters does show you? Also could you specify host and guest operating systems along with version of Virtual PC?
