I alter Ethernet frames in a tunneling filter driver as they pass through FilterSendNetBufferLists and FilterReceiveNetBufferLists. The changes include, for the sending path, adding new headers between the Ethernet header and the IP header, changing addresses in the original IP header and then recalculating IP and TCP checksums (they fall into the application payload after adding the new headers), etc. For the receiving path I have to make the opposite changes.
There are fewer constraints in the sending path about splitting a packet into several MDLs, so I use NdisAdvanceNetBufferDataStart and NdisAdvanceNetBufferListDataStart to skip the parts I want to change, then NdisAllocateCloneNetBufferList to clone the NET_BUFFER_LIST (reusing the memory pages I won't change) and finally NdisRetreatNetBufferListDataStart to create the buffer for the altered and new parts.
But the receiving path must observe stricter rules.
Supporting Header-Data Split in Protocol Drivers and Filter Drivers says "NDIS 6.0 and later protocol drivers and filter drivers must support receive indications with the header and data in non-contiguous buffers."
Header-data split was introduced in NDIS 6.1, what means that it should be possible to split frames in non header-data split supporting drivers, which is confirmed by Cases Where Header-Data Split Is Not Used when it says "There are cases where a received frame can be split outside of the header-data split provider requirements. That is, the header-data split requirements only apply to header-data split providers. In these cases, never split Ethernet frames in the middle of the IP header, IPv4 options, IPsec headers, IPv6 extension headers, or upper-layer-protocol headers, unless the first MDL contains at least as many bytes as NDIS specified for lookahead size."
But OID_GEN_CURRENT_LOOKAHEAD defines "lookahead" as excluding "the header" when it says "As a query, the OID_GEN_CURRENT_LOOKAHEAD OID returns the number of bytes of received packet data that will be indicated to the protocol driver. This specification does not include the header." So the "unless" part in Cases Where Header-Data Split Is Not Used wouldn't make sense unless the header OID_GEN_CURRENT_LOOKAHEAD refers to is just Ethernet's.
My questions are:
Thank you very much.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|