Writing hook driver over TCP/IP driver

I have to develop a driver which encrypts the TCP data. So what I felt
is write a hook to TCP/IP driver, capture the data ,encrypt it and
pass it to TCP/IP driver. But I don’t know the device name of the
TCP/Ip driver to delegate the calls below. How can I find the device
name of TCP/IP driver for attching to it.

First of all, Am I correct in going for filter driver?

Thanks in advance

Regards,
Gopikrishna

Hi Kannan,

Thanks for your reply.
The only problem with your approach is that, not all applications use sockets (e.g. Neighbourhood network - configured to use NETBIOS over TCP/IP). So what should I do in that case

Regards,

Gopikrishna

----- Original Message -----
From: Kannan. S
To: xxxxx@cswl.com
Sent: Wednesday, April 12, 2000 7:23 AM
Subject: RE: [ntdev] Writing hook driver over TCP/IP driver

Hello Gopikrishna,

While developing a driver may be one way, about which I dont know,
if you intend to encrypt only the data transferred , then you can write
something called winsock layered service provider, which is a user
mode dll. You can hook onto all the socket calls and do encryption.

Look in MSDN library documentation for “layered service provider”
I think there is a knowledge base article on it and a good sample
dll with sources.

Cheers!
/Kans.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of Gopikrishna
Sent: Wednesday, April 12, 2000 4:11 PM
To: NT Developers Interest List
Subject: [ntdev] Writing hook driver over TCP/IP driver

I have to develop a driver which encrypts the TCP data. So what I felt
is write a hook to TCP/IP driver, capture the data ,encrypt it and
pass it to TCP/IP driver. But I don’t know the device name of the
TCP/Ip driver to delegate the calls below. How can I find the device
name of TCP/IP driver for attching to it.

First of all, Am I correct in going for filter driver?

Thanks in advance

Regards,
Gopikrishna

Hi GopiKrishna,

  If only data encryprtion is required, then I think a better
approach would be developing an intermediate driver which will get all
packets transferred from the TCP/IP stack. The Data can be accessed
encrypted at this level using the algorithms.

Regards,

Sameer.

At 12:54 PM 4/12/00 +0100, you wrote:

Hi
Kannan,

 

Thanks for your reply.

The only problem with your approach is that, not all applications use
sockets (e.g. Neighbourhood network configured to use NETBIOS over
TCP/IP). So what should I do in that case



Regards,

Gopikrishna



----- Original Message -----

From: Kannan. S

To: xxxxx@cswl.com

Sent: Wednesday, April 12, 2000 7:23 AM

Subject: RE: [ntdev] Writing hook driver over TCP/IP driver

Hello Gopikrishna,

 

While developing a driver may be one way, about which I dont know,

    if you intend to encrypt only the data transferred , then you can write

    something called winsock layered service provider, which is a user

    mode dll. You can hook onto all the socket calls and do encryption.

   

    Look in MSDN library documentation for “layered service provider”

    I think there is a knowledge base article on it and a good sample

    dll with sources.

 

Cheers!

/Kans.

   




-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of Gopikrishna
Sent: Wednesday, April 12, 2000 4:11 PM
To: NT Developers Interest List
Subject: [ntdev] Writing hook driver over TCP/IP driver

I have to develop a driver which encrypts the TCP data. So what I felt
is write a hook to TCP/IP driver, capture the data ,encrypt it and
pass it to TCP/IP driver. But I don’t know the device name of the
TCP/Ip driver to delegate the calls below. How can I find the device
name of TCP/IP driver for attching to it.

First of all, Am I correct in going for filter driver?

Thanks in advance

Regards,
Gopikrishna

These are the problems in doing encryption below the TCP/IP driver.

On the receive side, I would only need to act on frames with data in (ignoring SYN’s, ACK’s etc).I would have to cater for fragmented packets (because the decryption must be done in the same order the encryption was).I would have to recalculate checksums because I would have modified the data.On the send side, I would have to cater for re-transmits in case a packet was not received by the other end of the conversation. (I could not just encrypt a packet again if it was sent down from MSTCP to be re-transmitted because the encryption would be out of sync)

Once again, I would have to recalculate checksums because I would have modified the data.

Regards,
Gopikrishna.
----- Original Message -----
From: Sameer Kohli
To: NT Developers Interest List
Sent: Wednesday, April 12, 2000 9:44 AM
Subject: [ntdev] Re: Writing hook driver over TCP/IP driver

Hi GopiKrishna,

If only data encryprtion is required, then I think a better approach would be developing an intermediate driver which will get all packets transferred from the TCP/IP stack. The Data can be accessed encrypted at this level using the algorithms.

Regards,
Sameer.

At 12:54 PM 4/12/00 +0100, you wrote:

Hi Kannan,

Thanks for your reply.

The only problem with your approach is that, not all applications use sockets (e.g. Neighbourhood network configured to use NETBIOS over TCP/IP). So what should I do in that case

Regards,

Gopikrishna

----- Original Message -----
From: Kannan. S
To: xxxxx@cswl.com
Sent: Wednesday, April 12, 2000 7:23 AM
Subject: RE: [ntdev] Writing hook driver over TCP/IP driver

Hello Gopikrishna,

While developing a driver may be one way, about which I dont know,
if you intend to encrypt only the data transferred , then you can write
something called winsock layered service provider, which is a user
mode dll. You can hook onto all the socket calls and do encryption.

Look in MSDN library documentation for “layered service provider”
I think there is a knowledge base article on it and a good sample
dll with sources.

Cheers!
/Kans.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of Gopikrishna
Sent: Wednesday, April 12, 2000 4:11 PM
To: NT Developers Interest List
Subject: [ntdev] Writing hook driver over TCP/IP driver

I have to develop a driver which encrypts the TCP data. So what I felt
is write a hook to TCP/IP driver, capture the data ,encrypt it and
pass it to TCP/IP driver. But I don’t know the device name of the
TCP/Ip driver to delegate the calls below. How can I find the device
name of TCP/IP driver for attching to it.

First of all, Am I correct in going for filter driver?

Thanks in advance

Regards,
Gopikrishna

— You are currently subscribed to ntdev as: xxxxx@cswl.com To unsubscribe send a blank email to $subst(‘Email.Unsub’)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gopikrishna,

Have you investigated IPSEC? I believe that it has modes that are
intended to operate as a “bump-in-the-stack” below the actual TCP
stack.

I agree that it would be easier to encrypt the data before TCP gets
it, but I’m not sure that there is a defined way to intercept
everything that goes to the TCP driver. I believe that it only
understands TDI, so a standard filter driver approach wouln’t work. I
haven’t seen anything in the DDK concerning IM-style drivers for TDI.
The only thing that I’ve seen that would let you get most of the
traffic would be the layered service provider interface.

I know that it’s not optimal, but an NDIS IM driver implementing some
variant of IPSEC may be your best option.

Clark
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Gopikrishna
Sent: Wednesday, April 12, 2000 8:42 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Writing hook driver over TCP/IP driver

These are the problems in doing encryption below the TCP/IP driver.

On the receive side, I would only need to act on frames with data in
(ignoring SYN?s, ACK?s etc).I would have to cater for fragmented
packets (because the decryption must be done in the same order the
encryption was).I would have to recalculate checksums because I would
have modified the data.On the send side, I would have to cater for
re-transmits in case a packet was not received by the other end of the
conversation. (I could not just encrypt a packet again if it was sent
down from MSTCP to be re-transmitted because the encryption would be
out of sync)

Once again, I would have to recalculate checksums because I would
have modified the data.

Regards,
Gopikrishna.
----- Original Message -----
From: Sameer Kohli
To: NT Developers Interest List
Sent: Wednesday, April 12, 2000 9:44 AM
Subject: [ntdev] Re: Writing hook driver over TCP/IP driver

Hi GopiKrishna,

If only data encryprtion is required, then I think a better
approach would be developing an intermediate driver which will get all
packets transferred from the TCP/IP stack. The Data can be accessed
encrypted at this level using the algorithms.

Regards,
Sameer.

At 12:54 PM 4/12/00 +0100, you wrote:

Hi Kannan,

Thanks for your reply.

The only problem with your approach is that, not all
applications use sockets (e.g. Neighbourhood network configured to use
NETBIOS over TCP/IP). So what should I do in that case

Regards,

Gopikrishna

----- Original Message -----
From: Kannan. S
To: xxxxx@cswl.com
Sent: Wednesday, April 12, 2000 7:23 AM
Subject: RE: [ntdev] Writing hook driver over TCP/IP driver

Hello Gopikrishna,

While developing a driver may be one way, about which I
dont know,
if you intend to encrypt only the data transferred , then
you can write
something called winsock layered service provider, which
is a user
mode dll. You can hook onto all the socket calls and do
encryption.

Look in MSDN library documentation for “layered service
provider”
I think there is a knowledge base article on it and a good
sample
dll with sources.

Cheers!
/Kans.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Gopikrishna
Sent: Wednesday, April 12, 2000 4:11 PM
To: NT Developers Interest List
Subject: [ntdev] Writing hook driver over TCP/IP driver

I have to develop a driver which encrypts the TCP data. So
what I felt
is write a hook to TCP/IP driver, capture the data
,encrypt it and
pass it to TCP/IP driver. But I don’t know the device name
of the
TCP/Ip driver to delegate the calls below. How can I find
the device
name of TCP/IP driver for attching to it.

First of all, Am I correct in going for filter driver?

Thanks in advance

Regards,
Gopikrishna

— You are currently subscribed to ntdev as: xxxxx@cswl.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA/AwUBOPSHPOB0WaKgfXz5EQJb6ACfSBPBJitlVy1qUgH8HdZB47JV4H4AoL3i
cX0Bq1NQ9zFfU4uQiWtmIJTC
=OqFq
-----END PGP SIGNATURE-----

You should go in for a Network TDI Client Driver. If you are communicating
through a socket, then I feel that encryption should be done before the TCP
connection is opened.

At 11:40 AM 4/12/00 +0100, you wrote:

I have to develop a driver which encrypts the TCP data. So what I felt
is write a hook to TCP/IP driver, capture the data ,encrypt it and
pass it to TCP/IP driver. But I don’t know the device name of the
TCP/Ip driver to delegate the calls below. How can I find the device
name of TCP/IP driver for attching to it.

First of all, Am I correct in going for filter driver?

Thanks in advance

Regards,
Gopikrishna