IP filter driver

OSR_Community_User · February 20, 2001, 9:22am

hi,
Is it possible to write IP filter driver fro NT4.0? There is concept of
filter hook driver which is available on Windows 2000.The packet driver
sample for available on NT4.0 doesn’t serve my purpose, which is actually a
network driver.

TIA
pash

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · February 20, 2001, 11:37am

Hi,
Have you used TDI?
I think that you must make a ‘\Device\Ip’ filter device.

-Abel.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Pashupati Kumar
Sent: martes, 20 de febrero de 2001 15:23
To: NT Developers Interest List
Subject: [ntdev] IP filter driver

hi,
Is it possible to write IP filter driver fro NT4.0? There is concept of
filter hook driver which is available on Windows 2000.The packet driver
sample for available on NT4.0 doesn’t serve my purpose, which is actually a
network driver.

TIA
pash

You are currently subscribed to ntdev as: xxxxx@trymedia.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Thomas_F_Divine · February 20, 2001, 12:28pm

See the Windows Network Data page at PCAUSA for some thoughts.

http:

Sorry that the page is not yet complete. However, it should help you
organize your thoughts.

Regards,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

----- Original Message -----
From: Pashupati Kumar
To: NT Developers Interest List
Sent: Tuesday, February 20, 2001 9:22 AM
Subject: [ntdev] IP filter driver

> hi,
> Is it possible to write IP filter driver fro NT4.0? There is concept of
> filter hook driver which is available on Windows 2000.The packet driver
> sample for available on NT4.0 doesn’t serve my purpose, which is actually
a
> network driver.
>
> TIA
> pash
>

—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:>

OSR_Community_User · February 21, 2001, 12:13am

If i use \device\ip, i can do preprosessing before it goes to tcpip.sys or
some post processing after lower drivers are done with the packet.My
requirement is that i need to take the packet off the network stack.My
query is in what format i would recieve the packet? I understand i would be
using TDI interface on the upper edge. Are there well documented interface
to talk to tcpip.sys driver?
No i don’t have any experience on using TDI.

thanx
pash

Hi,
Have you used TDI?
I think that you must make a ‘\Device\Ip’ filter device.

-Abel.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Pashupati Kumar
Sent: martes, 20 de febrero de 2001 15:23
To: NT Developers Interest List
Subject: [ntdev] IP filter driver

hi,
Is it possible to write IP filter driver fro NT4.0? There is concept of
filter hook driver which is available on Windows 2000.The packet driver
sample for available on NT4.0 doesn’t serve my purpose, which is actually
a
network driver.

TIA
pash

You are currently subscribed to ntdev as: xxxxx@trymedia.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@Legato.COM
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Thomas_F_Divine · February 21, 2001, 1:15am

----- Original Message -----
From: Pashupati Kumar
To: NT Developers Interest List
Sent: Wednesday, February 21, 2001 12:14 AM
Subject: [ntdev] RE: IP filter driver

> If i use \device\ip, i can do preprosessing before it goes to tcpip.sys or
> some post processing after lower drivers are done with the packet.My
> requirement is that i need to take the packet off the network stack.My
> query is in what format i would recieve the packet? I understand i would
be
> using TDI interface on the upper edge. Are there well documented interface
> to talk to tcpip.sys driver?
> No i don’t have any experience on using TDI.
>

TDI Filter
=======
Writing a TDI Filter is somewhat difficult for the following reasons:

1.) Writing filter drivers is, in general, one of the more difficult device
driver development tasks.
2.) Writing filter drivers requires a clear understanding of the API to be
filtered. In the case of TDI, the API is (almost) completely documented.
Even so, it is difficult to comprehend.

I believe that a past issue of the OSR “NT Insider” included some discussion
of TDI and a sample of a TDI UDP client. See http:. In
addition, I believe that OSR offers a kernel-sockets product (KSOCKS) that
may be useful to you in understanding TDI.

In addition, PCAUSA offers Advanced TDI Samples for Windows NT. This product
does not pretend to provide “sockets-like” API. Rather, it minimally
illustrates how to use the native TDI client API. Included are TCP and UDP
Echo server and client implemented using TDI. Also “Test TCP” (TTCP) TCP and
UDP client and server. (TTCP is a Unix TCP/IP test tool, normally
implemented using sockets).

The PCAUSA samples also include simple PassThru TDI Filter samples. See:

http:

NDIS Intermediate (IM) Driver
=======================
Here you would be filtering individual network packets, including the MAC
header.

The NDIS IM FAQ includes a link to a Microsoft-provided PassThru NDIS IM
driver sample for Windows NT. See:

http:

In addition (naturally), PCAUSA offers NDIS IM sample for Windows NT. See
the “PCASIM” product at:

http:

PCASIM includes two NDIS IM driver samples of interest:

IPDelay - Delays packets sent/received by programmable amounts.
IPBlock - The driver is provided with a list of IP addresses to block on
sending and receiving.

The IPDelay sample is intended to illustrate “active passthru”. It actually
“clones” each packet to be delayed and discards the original packet data.
This is intended to illustrate an essential step that would be necessary if
packets were to be modified (e.g., encryption/compression, etc.).

Finally, the Network Data Filtering page provides an overview of things.
See:

http:

Good luck,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:></http:></http:></http:></http:>