Forum Replies Created
-
Posts
-
1. How can I use WinpkFilter for capturing packets from multiple adapters ?
You can start the dedicated thread for each network interface to capture and process packets from it, just like PassThru sample does. Another way is setting up events for each interface and using WaitForMultipleObjects.
2. Dose my WinpkFilter Appication NOT conflict with any other NDIS hooking drivers or WinpkFilter Applications ?
We can’t guarantee the compatibility with any other hooking drivers, but WinpkFilter is compatible with the majority of firewalls on the market. In order to avoid conflicts with other WinpkFilter applications you would need the custom build (with customized names for drivers and devices) of WinpkFilter drivers (free for the Developer license).
LSP is user mode solution, but TDI is kernel one. So, LSP is much more easier way. I don’t think that you should intercept clients who work with TDI directly, so probably LSP fits you.
Is it possible to use virtual network interface? Or even virtual NIC is not allowed? In the last case you have the only choice – TDI filter driver.
Just follow the online order link for the WinpkFilter Source Code (click Order Now) available at: http://www.ntkernel.com/products/winpkfilter.shtml
Here the exact link for your convinience:
http://secure.emetrix.com/order/product.asp?PID=38895814
If you have any problems with it please contact [email protected].
Thanks for your interest in WinpkFilter.
I’m sorry, I have not ready function for this, but you can use GetIpForwardTable for retrieving the IP routing table. Usually the deafault gateway interface (0.0.0.0 mask 0.0.0.0 is the Internet one).
Thank you for your interest. NT Kernel Firewall 2.0 development was not stopped, but this is a low priority project for us (caused by very low level of sales).
However, taking into account your interest in this product we could release the intermediate version of it (1.3) with the fetures you would like to have first. We really appreciate your ideas and interest.
We ordered it exactly 7 days ago and didn’t get anything by email
or else. I mailed the order # to support@.The download information was just resent to the address specified in the order details. Please check if it is correct. There is also a possibility that notification was killed by one of the spam filters along the way. In this case please change the e-mail in the order details.
OK, what information do you need ?
Where do you actually set up the breakpoints?
Localhost API helper driver intercepts TDI level of TCP/IP stack and you must be carefull when working with it. It is difficult to say how debugger affects system functionality in this case, but if you provide more information may be I would be able to advise.
I am still using the Demo API version (waiting for the CD
to arrive).If you have ordered Localhost API then you should receive the download link for the full version. If you have not received it then please e-mail [email protected].
There is no difference on the NDIS level between network adapter connected to the corporate network and internet adapter connected to the Internet. However, you can use IP HELPER API to query routing table, usually the default gateway interface (route 0.0.0.0 mask 0.0.0.0) is the Internet one. IP Helper API can be also used for enumeratimg active connections.
Does this driver works with token rings?
No, token ring networks are not supported. Actually, I have not heard about token ring networks for years. Do you really need to support this out-of-date standard?
Does NDISRD.SYS only bind itself to interfaces with TCP/IP enabled?
Yes. For your needs you’d better use protocol driver (Winpcap, PCAUSA RAWETHER or etc.).
You just need to create virtual NDIS miniport and extend it with required functionalities. The sceleton driver can be generated by DriverNetworks suite from Compuware or you just can adopt your ne2000 derrived driver (I don’t remember all the details, it’s gone pretty much time since I did similar thing).
I have rechecked the code, and yes you are right. Internal request processing routine returnes STATUS_UNSUCCESFULL, but higher level dispatching routine returnes STATUS_INVALID_PARAMETER for any status different from STATUS_SUCCESS. So your code is pretty correct.
NDIS_STATUS_FAILURE is the same as STATUS_UNSUCCESSFUL. Are you sure that you get STATUS_INVALID_PARAMETER?
