[Vadim Smirnov]

WinpkFilter 3.0.4 does not support this feature. Although it was added in the development version and available to WinpkFilter customers. The new added API allows to retrieve the information about currently active WAN connections. Structures for getting this information are defined as the following:

typedef

struct _RAS_LINK_INFO

{

#define RAS_LINK_BUFFER_LENGTH 1024

ULONG  LinkSpeed;			// Specifies the speed of the link, in units of 100 bps.

// Zero indicates no change from the speed returned when the protocol called NdisRequest with OID_GEN_LINK_SPEED.

ULONG  MaximumTotalSize;	// Specifies the maximum number of bytes per packet that the protocol can send over the network.

// Zero indicates no change from the value returned when the protocol called NdisRequest with OID_GEN_MAXIMUM_TOTAL_SIZE.

UCHAR  RemoteAddress [ETHER_ADDR_LENGTH];	// Represents the address of the remote node on the link in Ethernet-style format. NDISWAN supplies this value.

UCHAR  LocalAddress [ETHER_ADDR_LENGTH];	// Represents the protocol-determined context for indications on this link in Ethernet-style format.

ULONG  ProtocolBufferLength;// Specifies the number of bytes in the buffer at ProtocolBuffer

UCHAR  ProtocolBuffer [RAS_LINK_BUFFER_LENGTH]; // Containing protocol-specific information supplied by a higher-level component that makes connections through NDISWAN

// to the appropriate protocol(s). Maximum size is 600 bytes (on Windows Vista)

} RAS_LINK_INFO, *PRAS_LINK_INFO;



typedef

struct _RAS_LINKS

{

#define RAS_LINKS_MAX	256

ULONG nNumberOfLinks;

RAS_LINK_INFO RasLinks[RAS_LINKS_MAX];



} RAS_LINKS, *PRAS_LINKS;

[Vadim Smirnov]

Thanks. Happy New Year to you too!

I’ve been a bit overloaded last time. Need to find some free time to complete the new release. Hopefully in March.

[Vadim Smirnov]

You can use IP helper API to query current active connections table and match your packet against this table using IP address and port information you have. Since Windows XP connections table contains process ID. Another way is using LSP or TDI filter driver.

[Vadim Smirnov]

Most probably there is something wrong with structures definitions. Or you may be trying to process non TCP packet.

[Vadim Smirnov]

How do you expect to use VirtNet?

[Vadim Smirnov]

All samples are ok for WiFi.

[Vadim Smirnov]

Yes, you are right.

[Vadim Smirnov]

Yes, sure you can. Old table is dropped and new one is set.

[Vadim Smirnov]

Under “using MSTCP default behavior” I mean that you may modify incoming/outgoing packets and let TCP/IP route them. Like in case of NAT, WIndows TCP/IP stack by default routes packets coming from LAN into default gateway interface (connected to the Internet). To implement NAT you can only capture packets from external (Internet connected) network interface:
– For outgoing packets change source IP address to Internet interface assigned one and port allocated/according NAT table
-For incoming packets change destination IP/port according NAT table

This way you use Microsoft TCP/IP routing and don’t have to implement it on your own.

Is that clear now?

[Vadim Smirnov]

Internet Gateway is only available in C++.

PassThru is basic packet filtering sample.

Under MSTCP I mean Microsoft TCP/IP stack implementation. You don’t have to use it from your application, but you can use its default behavior to solve the routing task.

[Vadim Smirnov]

Of course you can implement the routing by yourself. You can read packet from one interface, check/modify and forward to another using NDISAPI interface. You have to support you own routing table and etc.. to implement this properly. IHMO it is doable, but there is easier way…

Personally I prefer to let the MSTCP to do the routing work like it is done in Internet Gateway advanced sample http://www.ntkernel.com/w&p.php?id=31. This is very similar to what you need but the routing operation is performed by MSTCP, so probably it should help you to start.

[Vadim Smirnov]

Can I use WinpkFilter run-time libraries (from the site) to make such application?

Yes, these libraries are fully functional and you can use them for the development.

[Vadim Smirnov]

On my computer, the list of available adapters includes a “WAN Network Interface (IP)” adapter. If I attempt to send a generic Ethernet packet through this adapter, using SendPacketToAdapter(), it causes my Windows XP SP3 VMware Server instance to fault and reboot. I didn’t test for this on other computers.

This is a know issue. If you try to send packet with incorrect Ethernet header on the NDISWANIP (WAN Network Interface (IP)) it may crash the NDIS.SYS. NDISWAN uses Ethernet addresses from the packet header to identify the exact WAN link (actually bytes from Ethernet header used as an index in the WAN links table). If the index for the table is wrong NDISWAN references incorrect memory and crashes. So you should be very careful with what packet you send on NDISWANIP.

The only way it can be fixed is checking Ethernet header for WAN interface in driver and dropping packets with incorrect headers (not associated with any active WAN links). However, from other side this would add some sort of limitation to what you can do with WInpkFilter (I can imagine the situation with layered filters which uses Ethernet addresses for some sort of remapping). So dealing with this issue was left to developers who use WInpkFilter. By request this special check can be added to the driver custom build.

[Vadim Smirnov]

Well, do U have any schedule when to ship a vista/2008 version?

Hopefully in the next couple of months 🙂

[Vadim Smirnov]

1) can I make mentioned miniport driver using WinPkFilter?

In case of using WinpkFilter you even don’t need to create an extra miniport driver. You can intercept RTP packets between the physical network card and TCP/IP stack, set the QOS bits, recalculate checksums and re-inject packets back into the stack.

2) Does application need admin rights to load this driver?

You need admin rights to install the driver, not to use.

[Author]

Posts