Forum Replies Created
-
Posts
-
I have rechecked the code, and yes you are right. Internal request processing routine returnes STATUS_UNSUCCESFULL, but higher level dispatching routine returnes STATUS_INVALID_PARAMETER for any status different from STATUS_SUCCESS. So your code is pretty correct.
NDIS_STATUS_FAILURE is the same as STATUS_UNSUCCESSFUL. Are you sure that you get STATUS_INVALID_PARAMETER?
You should check the returned status, when there are no packets in the queue WinpkFilter driver returnes NDIS_STATUS_FAILURE.
How to wait for an event in a driver model (i.e. with dispatch routines).
I’m not sure that I understand your question. In kernel mode you can wait on the event object using KeWaitForSingleObject. It should be called on the passive level IRQL only but you can create the dedicated system thread for this…
Please refer CNdisApi::SetPacketEvent regarding translating Win32 event to Ring0 event under Windows 9x/ME.
For Windows NT/2000/XP/2003 you can create Win32 event in kernel with ZwCreateEvent and pass it to driver. In order to wait on this event you should first get event object with ObReferenceObjectByHandle call.
Hope it helps…
However, are there any special thinks to consider when using your pkt filter ??
I’m not sure what you actually mean here, but there is no technical problems to realize NAT using WinpkFilter.
If you mean packet sent to localhost (127.X.X.X) then the answer is NO. These packets (actually they never have the form of packets with IP and TCP headers, just chunks of data) are processed internally by TCP/IP and never reach NDIS level.
It looks that something was wrong when processing the packets below:
PCA <- SYN/ACK <- PCB
PCA <- SYN/ACK <- PCB
and connection was terminated due to time out. I would try to check what happens there.After outgoing packet modification I would indicate it to MSTCP instead sending it over the network.
Hope it helps…
Yes, sure. the only thing you should do is creating some registry entries (please find the details in the WinlkFilter docs).
I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?
This is not hardware driver, so for Windows NT/2000/XP/2003 you should use NT legacy driver, which sceleton can be generated using something like QuickSYS (http://www.ntkernel.com/resources.shtml). For Windows 98/ME you can use VToolsD framework to generate the driver sceleton.
I think you can create the dedicated working thread and perform packet processing in this thread. In this case you won’t block your main thread.
Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.
If you have kernel mode expirience then using IOCTL interface from the kernel mode should not be a problem for you. Otherwise, it may appear even more then difficult. You will have to create two drivers (SYS for NT/2000/XP/2003 and VxD for Windows 9x/ME, please refer relative DDKs for the details).
If it looks too difficult then you should try to optimize user-mode packet processing or upgrade (upgrade fee is 2000USD) to Source Code license(in this case you also won’t avoid kernel mode development, but you will be able to create cross-platform packet processing code using ready WinpkFilter interfaces).
