[Vadim Smirnov]

In a future release, I plan to handle DisallowedApps at the kernel level. This should improve performance, and while I’m not entirely certain, it might help resolve cases like this one.

[Vadim Smirnov]

I’m glad you were able to identify the issue and resolve it successfully. 👍

[Vadim Smirnov]

localhost адреса в настоящее время не поддерживается ни для endpoint ни для socks5.

[Vadim Smirnov]

Hmm, this might be due to tunnel instability. In virtual adapter mode, activating or deactivating the tunnel changes the routing table, which can lead to disconnects. This issue doesn’t occur in transparent mode (without the -lac option) because it intercepts and processes selected packets directly from your default connection.

[Vadim Smirnov]

For Windows 10/11, you’re following the correct process. Though I sign the driver binary before submitting it to MS. However, for Windows 7/8, it’s sufficient to sign the driver with just your code signing certificate.

[Vadim Smirnov]

Hmm, interesting. I’ll make time to look into the issue further.

[Vadim Smirnov]

Driver signing can be challenging, but in my experience, token-based certificates from GlobalSign typically work without any issues for Windows 7/8.

[Vadim Smirnov]

Thank you for pointing that out! We appreciate your attention to detail. The typos have been fixed, and everything should be consistent now.

Thanks also for the compliment on the website—we’re glad you like it!

[Vadim Smirnov]

Could you please try running WireSock with the logging level set to ‘all’? This will capture the traffic into pcap files, allowing us to check for any anomalies.

[Vadim Smirnov]

Have you encountered any issues installing Windows Packet Filter or WireSock on Windows 7/8? While HCK/WHQL certification is beneficial, it is not required.

[Vadim Smirnov]

Thanks for your openness and understanding. I appreciate your perspective on keeping end-user costs to a minimum—it’s a crucial factor in any project. However, I must emphasize that kernel mode software, while powerful, carries significant risks for end users if not thoroughly tested and vetted. We’ve seen cases like CrowdStrike that underscore the importance of using well-tested, reliable solutions.

That said, I understand the need to explore cost-effective options, and it’s great that you’re considering all possibilities. If you find that other options don’t meet your needs, please feel free to reach out. We’re here to provide a well-tested and robust solution that you can trust.

[Vadim Smirnov]

Thanks for reaching out, and I’m glad to hear that you got the NdisApiDotNet example working the way you want.

Regarding your question, the behavior you’re observing when you introduce latency or debug the Task is expected. Pausing the packet reading, processing, and re-injecting loop will indeed cause the network adapter to “freeze” because the driver depends on that continuous loop to maintain traffic flow. When the loop is interrupted, the driver is essentially left waiting, which stops the traffic.

If you need to extract packets for out-of-band processing, this should be handled in a dedicated thread. This way, the main loop can continue processing and re-injecting packets while your separate thread manages the additional processing. This approach ensures that network traffic continues to flow smoothly without interruption.

And yes, when you modify packets, recalculating checksums is necessary to ensure the integrity of the data. If checksums are not recalculated, the modified packets may be rejected or cause issues further down the line.

[Vadim Smirnov]

Thank you for reaching out and for your interest in the NDISAPI project. I completely understand the confusion—licensing details can sometimes be tricky.

You’re correct that the NDISAPI library source code is open-source under the MIT license, which allows for a lot of flexibility. However, the Windows Packet NDIS drivers are a bit different—they’re free for personal and non-commercial use, but if you’re planning to use them for commercial purposes, I believe it’s fair to share a portion of the revenue.

I understand that as a small business, you might have a tight budget. If the licensing costs are a concern, I’m open to discussing flexible options, such as installment payments or perhaps a profit-sharing arrangement. My goal is to find a solution that works for both of us.

Looking forward to hearing your thoughts.

[Vadim Smirnov]

Do you have Virtual Adapter mode enabled in the WireSockUI settings?

I’m also a bit confused about the AllowedIPs value. In this context, 0.0.0.0/24 represents the IP range from 0.0.0.0 to 0.0.0.255. However, this is typically not a useful or valid range because 0.0.0.0 is a non-routable meta-address used to designate an invalid, unknown, or non-applicable target (often referred to as the default route).

Usually, AllowedIPs would be set to a range of IPs that are meaningful for the network, such as 192.168.1.0/24 to route a local network, or 0.0.0.0/0 to route all traffic through the VPN. Therefore, 0.0.0.0/24 is likely a mistake and should be corrected to reflect the intended IP range.

[Vadim Smirnov]

Could you share your Wireguard configuration, excluding the keys and server endpoint? Additionally, I have a question: Are you using WireSock in transparent mode or virtual adapter mode (-lac)?

[Author]

Posts