Forum Replies Created
-
Posts
-
VirtNet should work fine on Windows 7, however I have never tested Ethernet Bridge under this OS and I don’t know how it may behave. Initially Ethernet Bridge was designed for WIndows NT/2000 where was no native Windows bridging functionality.
May be this helps a bit http://www.ntkernel.com/w&p.php?id=14
NDIS IM driver consists of two parts, protocol and miniport. It does bind to lowe layer as protocol and exports NDIS miniports to upper layer.
usually,i like to got the net packet in the windows service.the code is almost from your sample code. but when i stop the service, and start the service, the windows is disconnect from my mstsc.exe. so bad.
why? so server are ok, but some work are abnormality.It is rather some kid of problem in your packet processing code. Probably you miss proper cleanup when packet processing thread is stopped.
i will stop all the traffica atfer install the drivers.
Note to reboot after drivers installation. Although you are right, MS support of NDIS IM drivers under Windows 7 is not perfect and I do plan to release a new version this summer.
The structure referred in listadapters sample for assigned IP address is not documented, so I cant’t say wether server IP can be found there or not. By the way can’t you use for that RAS API or IP Helper API?
When driver receives the memory block it checks if it has the correct size before filling it with data. If you shrinked the RAS_LINKS structure and passed smaller memory block to driver then it just has failed the operation. Is there a problem in C# with allocating large block of unmanaged memory?
Are you sure that you need these kind of loopback packets? In WinpkFilter context loopback packets are the packets indicated by NDIS layer to bound protocols in response of outgoing packet from one of the bound protocols. An example, TCP/IP sends a packet without NDIS_FLAGS_DONT_LOOPBACK. In this case packets does not only go out on the network media, but normally it is also indicated back to protocol layer as it would be received from the network. Some additional information on loopback packets you can find here http://www.ndis.com/ndis-ndis5/loopback/loopback.htm
I’m not aware much about you firewall code, but I would start with loging data out of your firewall solkution and running network sniffer in parallel in order to catch the situation and analyze what hapens.
If you mean localhost packets (an example, two applications communicating via Winsock and running on the same system) then these packets are processed internally by TCP/IP and never reach NDIS layer. So you can’t use WinpkFilter to control these packets. However, you can use Local Network Monitor, which is based on TDI filter driver and allows to intercept localhost data transfers.
Difficult to say as this issue needs a deep analyses. May be this is just a software bug in firewall.
Something similar is possible if you use IE to download from FTP server:
FTP protocol normally uses two connections, first is control channel for FTP commands and second data channel to send the actual data. In active mode FTP client creates a local listening socket and sends PORT command to FTP server specifying local IP address and port. Then FTP server connects this IP:port and requested file is transferred over this TCP connection. Thus request for file is sent over one TCP connection but file is sent over another one. In passive mode both control and data channels are initiated by FTP client (this mode is easier for NAT traversal), but once again request is sent by client over control channel but data are sent from server over data channel. This is very similar to what you have reported. If I remember fine normally IE uses FTP in passive mode.
