I have a modifying NDIS LWF driver. It’s like linux’s libpcap by providing API for software to capture and send packets. I know changing FilterClass to something like ms_medium_converter_128 can bind my filter between the NIC and Native Wifi Filter. So my filter can get 802.11 traffic instead of Ethernet traffic.
But as you know, libpcap provides 802.11 packets in monitor mode and Ethernet traffic in other conditions on Linux. I want to follow this behavior. So I need a way to “switch” between “below NWifi” and “above NWifi” without changing INF’s FilterClass and reinstalling the driver. So I can do this “switch” when the wifi adapter’s operation mode changes immediately.
So the problem is how to do this. I can think of several ways.
-
Bind my filter below NWifi and do the Wifi-Lan emulation all by myself. However, this is just re-implementing what NWifi does, and it seems to be too complicated after searching so many posts. (I even think there’s still nobody ever managed to do this)
-
Make two filters, one is below NWifi and the other is above NWifi, then let user-mode DLLs choose which driver to use based on the operation mode. This seems to work but I don’t like it. Because it requires me to maintain two drivers. And two drivers will also prolong the installation time on the end-user side.
So I’m waiting for a better solution. Like: is there a way for my filter to bind both “below NWifi” and “above NWifi”? Or change the FilterClass without driver re-installation? Thanks!
I think the two driver solution is the simplest. Install time for another driver is marginal, it should not be a concern. You can probably share most of the code between the two drivers and any additional code in the second driver woild be in the first if it were combined into one instance
Get Outlook for Androidhttps:
On Wed, Aug 10, 2016 at 7:34 AM -0700, “xxxxx@sohu.com” > wrote:
I have a modifying NDIS LWF driver. It’s like linux’s libpcap by providing API for software to capture and send packets. I know changing FilterClass to something like ms_medium_converter_128 can bind my filter between the NIC and Native Wifi Filter. So my filter can get 802.11 traffic instead of Ethernet traffic.
But as you know, libpcap provides 802.11 packets in monitor mode and Ethernet traffic in other conditions on Linux. I want to follow this behavior. So I need a way to “switch” between “below NWifi” and “above NWifi” without changing INF’s FilterClass and reinstalling the driver. So I can do this “switch” when the wifi adapter’s operation mode changes immediately.
So the problem is how to do this. I can think of several ways.
1. Bind my filter below NWifi and do the Wifi-Lan emulation all by myself. However, this is just re-implementing what NWifi does, and it seems to be too complicated after searching so many posts. (I even think there’s still nobody ever managed to do this)
2. Make two filters, one is below NWifi and the other is above NWifi, then let user-mode DLLs choose which driver to use based on the operation mode. This seems to work but I don’t like it. Because it requires me to maintain two drivers. And two drivers will also prolong the installation time on the end-user side.
So I’m waiting for a better solution. Like: is there a way for my filter to bind both “below NWifi” and “above NWifi”? Or change the FilterClass without driver re-installation? Thanks!
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></https:>