Prev: Need the top secret list of device setup classes included in Logo
Next: Multiple VIDs in the same INF file
From: gIV on 2 Feb 2010 02:25
Hello,

I'm working on NDIS filter driver which sometimes has to send TCP
packets arriving from the protocol level back to the protocol. Such
packets should finally arrive to some service listening on a known
port. This means that the filter driver must change the destination IP
and port in the incoming packet, recalculate IP and TCP checksums and
somehow send the packet back to the protocol.
I'm now able to examine IP and TCP headers, but lacking some essential
knowledge to proceed further. Here are my questions:
1. Is it possible to perform the manipulations described above without
making copies of the net buffer lists and net buffers as I do not
intend to modify the actual TCP data and its size?
2. It is easy to calculate the IP header checksum, but I have to also
update the TCP checksum and for this purpose there is a need to walk
through the TCP data. As far as I understand the data may be
fragmented between different MDLs inside one NET_BUFFER as well as
between different NET_BUFFERs in the NET_BUFFER_LIST. How to walk
through the data efficiently?
3. And eventually, how to send the packet back to the protocol? Is it
enough to just set NDIS_SEND_FLAGS_CHECK_FOR_LOOPBACK bit in flags and
call NdisFSendNetBufferLists or should I explicitly "indicate" the
packet?
Thank you in advance!
From: Maxim S. Shatskih on 2 Feb 2010 15:55
> 1. Is it possible to perform the manipulations described above without
> making copies of the net buffer lists and net buffers as I do not
> intend to modify the actual TCP data and its size?

You must make your own descriptors for the parts you have updated, and the new packet descriptor.

Only the descriptors for the parts _not_ updated can be retained.

Yes, you end with the list of both your and retained descriptors.

--
Maxim S. Shatskih
Windows DDK MVP
maxim(a)storagecraft.com
http://www.storagecraft.com

From: gIV on 11 Feb 2010 06:28
I still have an issue of NDIS6 LWF driver returning packets coming
from protocol back to the protocol.
In the FilterSendNetBufferLists the incoming lists are parsed, source
and destination addresses are switched and destination ports modified,
then they get cloned with NDIS_CLONE_FLAGS_USE_ORIGINAL_MDLS. The
originals then reported as sent while the cloned lists are passed to
NdisFIndicateReceiveNetBufferLists. I expect NDIS to call
FilterReturnNetBufferLists which does not happen and the returned
packets seem to get nowhere.
Should this approach work? Any ideas?
Thank you!

 | 
Pages: 1
Prev: Need the top secret list of device setup classes included in Logo
Next: Multiple VIDs in the same INF file