Forum Replies Created
-
Posts
-
However, are there any special thinks to consider when using your pkt filter ??
I’m not sure what you actually mean here, but there is no technical problems to realize NAT using WinpkFilter.
If you mean packet sent to localhost (127.X.X.X) then the answer is NO. These packets (actually they never have the form of packets with IP and TCP headers, just chunks of data) are processed internally by TCP/IP and never reach NDIS level.
It looks that something was wrong when processing the packets below:
PCA <- SYN/ACK <- PCB
PCA <- SYN/ACK <- PCB
and connection was terminated due to time out. I would try to check what happens there.After outgoing packet modification I would indicate it to MSTCP instead sending it over the network.
Hope it helps…
Yes, sure. the only thing you should do is creating some registry entries (please find the details in the WinlkFilter docs).
I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?
This is not hardware driver, so for Windows NT/2000/XP/2003 you should use NT legacy driver, which sceleton can be generated using something like QuickSYS (http://www.ntkernel.com/resources.shtml). For Windows 98/ME you can use VToolsD framework to generate the driver sceleton.
I think you can create the dedicated working thread and perform packet processing in this thread. In this case you won’t block your main thread.
Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.
If you have kernel mode expirience then using IOCTL interface from the kernel mode should not be a problem for you. Otherwise, it may appear even more then difficult. You will have to create two drivers (SYS for NT/2000/XP/2003 and VxD for Windows 9x/ME, please refer relative DDKs for the details).
If it looks too difficult then you should try to optimize user-mode packet processing or upgrade (upgrade fee is 2000USD) to Source Code license(in this case you also won’t avoid kernel mode development, but you will be able to create cross-platform packet processing code using ready WinpkFilter interfaces).
Using IOCTL interface from kernel is very similar to doing it from user-mode. However, if you really need kernel mode solution, the easiest way would be licensing source code and modifying original driver’s code.
There should be no problem with using WinpkFilter from GUI application. As for you problem, then it is probably somethere in your packet filtering code. Hope it helps…
Please could somebody confirm that I can achieve the following:
Parse IP packets on Ethernet and Dial-up adaptors.
Alter TCP/UDP data (with checksum adjustment).
Block TCP/UDP packets
Use MS Visual C++ for developmentYes, that’s right.
Will I need different versions of WinPkFilter for different Windows releases (2000, Xp Home, Xp Pro) ?.
No, there are two helper drivers, one supports Windows 9x/ME, another Windows NT/2000/XP/2003.
Ethernet Bridge is free and unsupported tool. There is no warranty that it will work any OS/hardware configuration.
When implementing IPSec you need to insert additional headers (AH, ESP) or even incapsulate packets, thats why you need to decrement MTU used by system.
