Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Checksum calculating

ArsenArsen Member Posts: 188
edited June 16 in NTDEV

Hi all.
Who can say?
I have an NDIS filter driver installed between the network card driver and the protocol driver in the driver stack.
When I receive the next packet from the network card driver (incoming traffic) and after making some changes to it, do I need to calculate a new checksum of the IP header. Whether it is checked after me in the protocol driver or in user mode programs.
In other words, - where the checksum of the IP header in incoming network traffic is checked.

Second question.
Is it possible any changes in the transport layer header (TCP,UDP,ARP...) when a packet travels between two hosts through routers. (May be because of pseudo checksum)

Post edited by Arsen on


  • ArsenArsen Member Posts: 188

    More general question.
    We have a private network with routers, switches and etc. between our computers.
    I want to make some changes to the traffic, we can call it private encryption. Which headers I can't involve in my encryption.
    For example, the Ethernet and IP headers are used by routers, so I shouldn't change them.
    Are there any rules to know what I can encrypt and which headers I should not touch

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,718

    You're talking about a VPN. There are hundreds of such products available today.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • MBond2MBond2 Member Posts: 629

    Classic VPN encapsulates the entire IP packet with a new IP header, checksum etc. None of the parts of the 'real' packet are modified (besides being encrypted). It works this way precisely because then the code doing the encryption and encapsulation doesn't have to know anything about the higher level protocols - which is entirely consistent with the OSI model

  • ArsenArsen Member Posts: 188

    Thank you very much.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 26 Feb - 1 Mar 2024 Live, Online