Yes, surely NDIS uses it.
In incoming packets, Ethernet+IP+TCP or UDP headers are all in the first buffer (or in the lookahead if you use old-style indications).
In outgoing packets, usually it is 1 buffer for Ethernet header + 1 buffer for IP+TCP headers, and then 1 or more buffers for payload. I would not rely on this though, and make the full header reassembly for the outgoing packets.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: CHEN, LIANG -HCHBJ
To: Windows System Software Devs Interest List
Sent: Wednesday, June 08, 2005 4:20 PM
Subject: RE: [ntdev] How to parse a packet in NDIS intermediat driver?
Yeah, I get the data of MAC header. It will not be a big problem to parse the remained packet. Thank you!
By the way, I learned from “TCP/IP Illustrated”, by W.R. Stevens, that the buffer of a packet is chained to reduce the overhead of moving memory. Does NDIS adopt the similar idea? Is it necessary for me to trace the buffer blocks one by one in order to get all data of a packet?
Thanks!
-Liang
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Wednesday, June 08, 2005 12:18 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] How to parse a packet in NDIS intermediat driver?
…and even the MAC header is just a part of the data in NDIS.
Windows TCP/IP only supports SNAP (aka 802.3) and DIX Ethernet frame formats. According to RFC1122, IP over Ethernet must use DIX as a default, and Windows really behaves this way. It can receive both though.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: David R. Cattley
To: Windows System Software Devs Interest List
Sent: Tuesday, June 07, 2005 4:14 PM
Subject: RE: [ntdev] How to parse a packet in NDIS intermediat driver?
Liang,
NDIS does not provide any mechanism for parsing a “Layer 3” protocol header from a packet. NDIS provides the management of “Layer 2” (MAC level) packet exchange in the system. If your IM driver requires access to the L3 (IP, IPX, etc.) header, you will need to parse the packet yourself.
Each packet is organized as a chain of buffers. The NDIS functions NdisGetFirstBufferFromPacketSafe() and NdisGetNextBuffer() can be used to access the data stored in the buffers. I recommend you look at the DDK sample NDISPROT.
The TCPIP protocol generally sets the minimum lookahead size to be large enough to cause the first buffer in the chain of a recieve packet to contain the full MAC header and the entire IP+(TCP/UDP) header.
Some additional details you should be aware of:
-
TCPIP may send packets that have not yet had the checksum calculated and inserted when using the checksum offload capabiltiy of certain NICs. You can assume when checksum offload is specified in a packet that the packet is valid.
-
TCPIP may send very large TCP packets that will be fragmented and sent as separate packets by the NIC when tcp large send offload is specified. Your processing should recognize that this will occur.
-
The MAC header might not always be 14 octets in length, for instance SNAP encoding.
Good Luck,
Dave Cattley
Systems Software Development
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of CHEN, LIANG -HCHBJ
Sent: Tuesday, June 07, 2005 4:52 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to parse a packet in NDIS intermediat driver?
Dear all,
Currently, I am experiencing the ndis driver Passthru in WinDDK Sample. According to the source code, the packet must be passed through MPSend() and PtRecive(), with the packet descriptor, after we install the Passthru driver. NDIS provides a NDIS_OOB_DATA_FROM_PACKET method to access the OOB information associated to the packet. However, it does not provide an available approach to access the context of the packet, such as IP header, TCP/UDP header and data.
Could you please give me a hint to parse the packet in NDIS driver?
Thanks!
-Liang
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com —
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com