Prev: ZwWriteFile return 0xC0000002.. why??
Next: How to open two USB pipes (0x81 - 0x02) in USB - vendor HID devi
From: Jess Howe Jess on 27 Oct 2006 15:34
Hi,
I am writing a deserialized NDIS virtual miniport driver that indicates
packets up to protocols with NdisMIndicateReceivePacket, one at a time. Under
normal operation, packets are indicated up just fine. However, when I run a
packet sniffer like wireshark on winpcap, the sniffer sees all the packets,
but the app that was using the packets doesn't see the receive packets. For
example, I'll ping a remote computer and it'll receive the ping replies just
fine until I start capturing the packets with wireshark. Then it just times
out. I can see the reply packets getting indicated up just like always in the
windows windbg, but somehow they're not getting copied to tcpip and the
packet capturer. I can't understand why it works fine with the
ndiswdm/ndisprot sample setup and not with mine, when my stuff is based on
netvmini, the same base as ndiswdm.
From: Gianluca Varenni on 27 Oct 2006 19:00
Are you sure that ndisprot sets the HW filter to PROMISCUOUS or ALL_LOCAL?
The problem arises when the HW filter is set to either these values (WinPcap
uses these two filters).

Have a nice day
Gianluca Varenni
WinPcap Team


"Jess Howe" <Jess Howe(a)discussions.microsoft.com> wrote in message
news:57A60130-4F27-40E3-86A0-FB1D18C4C107(a)microsoft.com...
> Hi,
> I am writing a deserialized NDIS virtual miniport driver that indicates
> packets up to protocols with NdisMIndicateReceivePacket, one at a time.
> Under
> normal operation, packets are indicated up just fine. However, when I run
> a
> packet sniffer like wireshark on winpcap, the sniffer sees all the
> packets,
> but the app that was using the packets doesn't see the receive packets.
> For
> example, I'll ping a remote computer and it'll receive the ping replies
> just
> fine until I start capturing the packets with wireshark. Then it just
> times
> out. I can see the reply packets getting indicated up just like always in
> the
> windows windbg, but somehow they're not getting copied to tcpip and the
> packet capturer. I can't understand why it works fine with the
> ndiswdm/ndisprot sample setup and not with mine, when my stuff is based on
> netvmini, the same base as ndiswdm.


From: Stephan Wolf [MVP] on 30 Oct 2006 04:42
Run the NDISTest tool against your NDIS miniport. See e.g.

"Testing Network Drivers with the NDIS Test Tool"
http://www.wd-3.com/archive/NDISTest.htm

"Using NDISTest During Driver Development"
http://www.microsoft.com/whdc/DevTools/tools/NDIStest.mspx

NDISTest usually finds problems like the one you describe.

Stephan
---
Jess Howe wrote:
> Hi,
> I am writing a deserialized NDIS virtual miniport driver that indicates
> packets up to protocols with NdisMIndicateReceivePacket, one at a time. Under
> normal operation, packets are indicated up just fine. However, when I run a
> packet sniffer like wireshark on winpcap, the sniffer sees all the packets,
> but the app that was using the packets doesn't see the receive packets. For
> example, I'll ping a remote computer and it'll receive the ping replies just
> fine until I start capturing the packets with wireshark. Then it just times
> out. I can see the reply packets getting indicated up just like always in the
> windows windbg, but somehow they're not getting copied to tcpip and the
> packet capturer. I can't understand why it works fine with the
> ndiswdm/ndisprot sample setup and not with mine, when my stuff is based on
> netvmini, the same base as ndiswdm.

From: Jess Howe Jess on 30 Oct 2006 08:01
I've run the ndtest suite of tests against it and my driver passed them fine,
at least in the areas that might be affected (It didn't quite pass all the
disable/enable tests :(

Jess

"Stephan Wolf [MVP]" wrote:

> Run the NDISTest tool against your NDIS miniport. See e.g.
>
> "Testing Network Drivers with the NDIS Test Tool"
> http://www.wd-3.com/archive/NDISTest.htm
>
> "Using NDISTest During Driver Development"
> http://www.microsoft.com/whdc/DevTools/tools/NDIStest.mspx
>
> NDISTest usually finds problems like the one you describe.
>
> Stephan
> ---
> Jess Howe wrote:
> > Hi,
> > I am writing a deserialized NDIS virtual miniport driver that indicates
> > packets up to protocols with NdisMIndicateReceivePacket, one at a time. Under
> > normal operation, packets are indicated up just fine. However, when I run a
> > packet sniffer like wireshark on winpcap, the sniffer sees all the packets,
> > but the app that was using the packets doesn't see the receive packets. For
> > example, I'll ping a remote computer and it'll receive the ping replies just
> > fine until I start capturing the packets with wireshark. Then it just times
> > out. I can see the reply packets getting indicated up just like always in the
> > windows windbg, but somehow they're not getting copied to tcpip and the
> > packet capturer. I can't understand why it works fine with the
> > ndiswdm/ndisprot sample setup and not with mine, when my stuff is based on
> > netvmini, the same base as ndiswdm.
>
>
From: Jess Howe on 30 Oct 2006 08:34
Gianluca,

Yes, NICSetPacketFilter is called in ndiswdm setting it to PROMISCUOUS, just
like what happens in my driver. It is interesting to note, however, that when
I'm running wireshark on top of ndiswdm, a ping request shows up twice, and
the reply once. And when wireshark is running on my driver, I only see the
request once and the reply once, but the ping app doesn't see the reply.

Regards,
Jess

"Gianluca Varenni" wrote:

> Are you sure that ndisprot sets the HW filter to PROMISCUOUS or ALL_LOCAL?
> The problem arises when the HW filter is set to either these values (WinPcap
> uses these two filters).
>
> Have a nice day
> Gianluca Varenni
> WinPcap Team
>
>
> "Jess Howe" <Jess Howe(a)discussions.microsoft.com> wrote in message
> news:57A60130-4F27-40E3-86A0-FB1D18C4C107(a)microsoft.com...
> > Hi,
> > I am writing a deserialized NDIS virtual miniport driver that indicates
> > packets up to protocols with NdisMIndicateReceivePacket, one at a time.
> > Under
> > normal operation, packets are indicated up just fine. However, when I run
> > a
> > packet sniffer like wireshark on winpcap, the sniffer sees all the
> > packets,
> > but the app that was using the packets doesn't see the receive packets.
> > For
> > example, I'll ping a remote computer and it'll receive the ping replies
> > just
> > fine until I start capturing the packets with wireshark. Then it just
> > times
> > out. I can see the reply packets getting indicated up just like always in
> > the
> > windows windbg, but somehow they're not getting copied to tcpip and the
> > packet capturer. I can't understand why it works fine with the
> > ndiswdm/ndisprot sample setup and not with mine, when my stuff is based on
> > netvmini, the same base as ndiswdm.
>
>
>
 |  Next  |  Last
Pages: 1 2
Prev: ZwWriteFile return 0xC0000002.. why??
Next: How to open two USB pipes (0x81 - 0x02) in USB - vendor HID devi