Forum Replies Created
-
Posts
-
If you mean localhost packets (an example, two applications communicating via Winsock and running on the same system) then these packets are processed internally by TCP/IP and never reach NDIS layer. So you can’t use WinpkFilter to control these packets. However, you can use Local Network Monitor, which is based on TDI filter driver and allows to intercept localhost data transfers.
Difficult to say as this issue needs a deep analyses. May be this is just a software bug in firewall.
Something similar is possible if you use IE to download from FTP server:
FTP protocol normally uses two connections, first is control channel for FTP commands and second data channel to send the actual data. In active mode FTP client creates a local listening socket and sends PORT command to FTP server specifying local IP address and port. Then FTP server connects this IP:port and requested file is transferred over this TCP connection. Thus request for file is sent over one TCP connection but file is sent over another one. In passive mode both control and data channels are initiated by FTP client (this mode is easier for NAT traversal), but once again request is sent by client over control channel but data are sent from server over data channel. This is very similar to what you have reported. If I remember fine normally IE uses FTP in passive mode.
1) Yes, of course this is possible to do with WinpkFilter.
2) We don’t have defragment/fragment sample code we can send to you. Although we can develop one as a small consulting project if you agree to pay the development effort.GetAdapterPacketQueueSize was added on the customer request. Personally I never used it myself in WinpkFilter based projects. But it may have sense to use it an example when you have a single thread reading packets from several network interfaces. In this case you can use this call to determine the interface with the largest amount of packets queued and read that amount of packets in next API call.
NdisrdRequest is a wrapper around NdisRequest NDIS call. It only needed if you need to query some specific information from the network interface.
-1 means WAIT_FAILED and the problem is in hEvent[0] value which is NULL
You defined hEvent array indexed from 0, as below
hEvent: array[0..255] of THANDLE;But you fill it with event handles starting from index 1 (see below), so for index 0 you have an invalid event handle.
for dwAdIndex := 1 to AdList.m_nAdapterCount do
begin
...
hEvent[dwAdIndex] := CreateEvent(nil, TRUE, FALSE, nil);You have to install the correct driver into the system, 32 bit driver for 32 bit system and 64 bit driver for 64 bit one. Application can be the same, however 64 bit application may give some advantage on 64 bit platform.
WinpkFilter has an internal packet pool for 500 packets, if the network gets locked then may be there are already 500 packets waiting for you to read them out from the driver. Try to call GetAdapterPacketQueueSize for every adapter you have set into tunnel/listen modes to see how many packets are queued and not processed by your application yet.
You can’t load 32 bit driver on 64 bit system and vice versa, so you should use drivers according target architecture. However, you can use 32 bit application on 64 bit Windows, ndisapi.dll does all required conversions.
Well, we can’t be responsible for NAT32 behaviour because everything depends on how this application routes packets. If you can describe the problem with WinpkFilter itself I can try to help, but hardly likely I can help with NAT32. 🙄
When dealing with NDIS IM drivers you should sign both CAT file and driver binaries (embedded signing).
Normally all WAN connections in Windows go through the NDISWANIP (for IPv4)/NDISWANIPV6 (for IPv6) Ethernet 802.3 emulation on top of WAN miniports. So if you need to filter packets going through WAN connection you are supposed to filter on NDISWANIP (or NDISWANIPV6) network adapter listed by listadapters.
Update:
ndisrd.inf describes protocol part of NDIS IM driver and installed with hidden attribute.Hook driver is installed using the direct creation of the registry key. If you want to be able to install through command line you can create a simple console application to do that. Or alternatively you can use regini tool from the DDK along with appropriate INI file. Although I’m not sure if regeini supports removal of the registry keys.
It seems I have to use snetcfg.exe in order to make a silent install, right ?
Yes, that’s right.
In the mail I received, it is said I can send you new names for drivers and devices and information to include in the resource.What exactly can be changed, and where will I see it ? I mean, I don’t know exactly what I can custom.
It supposed that you provide the new name for driver binaries instead NDISRD (ndisrd.sys/ndisrd.vxd) used for the standard build. And any copyright/product name information you would like to include into the binaries resource.
By devices, does it mean that you can change the name of VirtNet adapter for us, or will we have to do it thank to its source code ?
We don’t customize VirtNet and you can do it yourself when needed. By the way, in order to get the source code for VirtNet please send a request to support(at)ntkernel.com along with your Plimus order ID.
