hi,
could anyone help me? i have modified the passthru sample driver to
intercept all traffic coming from the protocol driver and encrypt the
payload and then send it to the miniport driver. Now i want to further
modify it such that it would encrpyt all the packet (including the IP header
and payload) and then pass it to the top of the IP stack so that the IP
stack attaches another IP header to it. How can do this (i.e pass the data
to the top of the ip stack)
Any comments would be much appreciated.
Thanks in advance
yasser
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
What you are describing here is a tunnel driver.
If you need to add another IP header, then just do it yourself. There
really isn’t any reason to try to send it back through the IP stack.
This is the way most tunnel drivers that I am aware of work. Check out
RFC 1853 for a description of IP in IP tunneling for a start. You can
either copy the existing IP header, or you can create an entirely new
one. If you want to use a different IP address it is possible to use the
IP Helper API (iphlpapi.dll) functions from a user-mode app to add an IP
address to an existing interface.
Hope this helps.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yasser Toor
Sent: Tuesday, December 17, 2002 1:03 AM
To: NT Developers Interest List
Subject: [ntdev] IM NDIS problem (calling the top of the IP stack)
hi,
could anyone help me? i have modified the passthru sample driver to
intercept all traffic coming from the protocol driver and encrypt the
payload and then send it to the miniport driver. Now i want to further
modify it such that it would encrpyt all the packet (including the IP
header
and payload) and then pass it to the top of the IP stack so that the IP
stack attaches another IP header to it. How can do this (i.e pass the
data
to the top of the ip stack)
Any comments would be much appreciated.
Thanks in advance
yasser
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
You are currently subscribed to ntdev as: xxxxx@transat-tech.com To
unsubscribe send a blank email to %%email.unsub%%
Yes. In addition, he should read RFCs 1825 - 1827 which describe standards
for IP encryption (IPSEC) and maybe 1828 - 9 and 1851 - 2 for concrete
encryption and authentication examples.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From: xxxxx@transat-tech.com[SMTP:xxxxx@transat-tech.com]
Reply To: xxxxx@lists.osr.com
Sent: Tuesday, December 17, 2002 4:38 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: IM NDIS problem (calling the top of the IP
stack)
What you are describing here is a tunnel driver.
If you need to add another IP header, then just do it yourself. There
really isn’t any reason to try to send it back through the IP stack.
This is the way most tunnel drivers that I am aware of work. Check out
RFC 1853 for a description of IP in IP tunneling for a start. You can
either copy the existing IP header, or you can create an entirely new
one. If you want to use a different IP address it is possible to use the
IP Helper API (iphlpapi.dll) functions from a user-mode app to add an IP
address to an existing interface.
Hope this helps.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yasser Toor
Sent: Tuesday, December 17, 2002 1:03 AM
To: NT Developers Interest List
Subject: [ntdev] IM NDIS problem (calling the top of the IP stack)
hi,
could anyone help me? i have modified the passthru sample driver to
intercept all traffic coming from the protocol driver and encrypt the
payload and then send it to the miniport driver. Now i want to further
modify it such that it would encrpyt all the packet (including the IP
header
and payload) and then pass it to the top of the IP stack so that the IP
stack attaches another IP header to it. How can do this (i.e pass the
data
to the top of the ip stack)
Any comments would be much appreciated.
Thanks in advance
yasser
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
You are currently subscribed to ntdev as: xxxxx@transat-tech.com To
unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to %%email.unsub%%
Use the raw socket functionality provided by TDI or purchase the
StorageCraft’s socket library to hide the TDI details for you.
BTW - such a driver is no more IM, it is a virtual miniport on top of
TDI, a VPN miniport.
Max
----- Original Message -----
From: “Yasser Toor”
To: “NT Developers Interest List”
Sent: Tuesday, December 17, 2002 10:02 AM
Subject: [ntdev] IM NDIS problem (calling the top of the IP stack)
> hi,
> could anyone help me? i have modified the passthru sample driver to
> intercept all traffic coming from the protocol driver and encrypt
the
> payload and then send it to the miniport driver. Now i want to
further
> modify it such that it would encrpyt all the packet (including the
IP header
> and payload) and then pass it to the top of the IP stack so that the
IP
> stack attaches another IP header to it. How can do this (i.e pass
the data
> to the top of the ip stack)
> Any comments would be much appreciated.
> Thanks in advance
> yasser
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>
> If you need to add another IP header, then just do it yourself.
There
really isn’t any reason to try to send it back through the IP stack.
This is the way most tunnel drivers that I am aware of work.
Both PPTP and L2TP lift the packet back to TDI and pass it to TCPIP
once more.
Max
> ----------
From: xxxxx@storagecraft.com[SMTP:xxxxx@storagecraft.com]
Reply To: xxxxx@lists.osr.com
Sent: Wednesday, December 18, 2002 7:19 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: IM NDIS problem (calling the top of the IP
stack)
> If you need to add another IP header, then just do it yourself.
There
> really isn’t any reason to try to send it back through the IP stack.
> This is the way most tunnel drivers that I am aware of work.
Both PPTP and L2TP lift the packet back to TDI and pass it to TCPIP
once more.
Which is both inefficient and complicated. In mentioned cases it makes sense
because it tunnels frames handled by NdisWan through TCP/IP networks. For IP
in IP tunneling it is an overkill. Implemeting it in IM driver is IMHO
easier (have it done). There were already mentioned RFCs for IP in IP
tunelling and I’m not sure if standard can be correctly implemented with
passing back to TPCIP. There are some fields in new IP header which should
be copied from inner one.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]