Forum Replies Created
-
Posts
-
Does NDISRD.SYS only bind itself to interfaces with TCP/IP enabled?
Yes. For your needs you’d better use protocol driver (Winpcap, PCAUSA RAWETHER or etc.).
You just need to create virtual NDIS miniport and extend it with required functionalities. The sceleton driver can be generated by DriverNetworks suite from Compuware or you just can adopt your ne2000 derrived driver (I don’t remember all the details, it’s gone pretty much time since I did similar thing).
I have rechecked the code, and yes you are right. Internal request processing routine returnes STATUS_UNSUCCESFULL, but higher level dispatching routine returnes STATUS_INVALID_PARAMETER for any status different from STATUS_SUCCESS. So your code is pretty correct.
NDIS_STATUS_FAILURE is the same as STATUS_UNSUCCESSFUL. Are you sure that you get STATUS_INVALID_PARAMETER?
You should check the returned status, when there are no packets in the queue WinpkFilter driver returnes NDIS_STATUS_FAILURE.
How to wait for an event in a driver model (i.e. with dispatch routines).
I’m not sure that I understand your question. In kernel mode you can wait on the event object using KeWaitForSingleObject. It should be called on the passive level IRQL only but you can create the dedicated system thread for this…
Please refer CNdisApi::SetPacketEvent regarding translating Win32 event to Ring0 event under Windows 9x/ME.
For Windows NT/2000/XP/2003 you can create Win32 event in kernel with ZwCreateEvent and pass it to driver. In order to wait on this event you should first get event object with ObReferenceObjectByHandle call.
Hope it helps…
However, are there any special thinks to consider when using your pkt filter ??
I’m not sure what you actually mean here, but there is no technical problems to realize NAT using WinpkFilter.
If you mean packet sent to localhost (127.X.X.X) then the answer is NO. These packets (actually they never have the form of packets with IP and TCP headers, just chunks of data) are processed internally by TCP/IP and never reach NDIS level.
It looks that something was wrong when processing the packets below:
PCA <- SYN/ACK <- PCB
PCA <- SYN/ACK <- PCB
and connection was terminated due to time out. I would try to check what happens there.After outgoing packet modification I would indicate it to MSTCP instead sending it over the network.
Hope it helps…
Yes, sure. the only thing you should do is creating some registry entries (please find the details in the WinlkFilter docs).
I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?
This is not hardware driver, so for Windows NT/2000/XP/2003 you should use NT legacy driver, which sceleton can be generated using something like QuickSYS (http://www.ntkernel.com/resources.shtml). For Windows 98/ME you can use VToolsD framework to generate the driver sceleton.
