Questions about Passthru driver

NTDEV
1

Question 1: I have a Passthru driver installed on a computer having 2
network adapters. One adapter on my organisation side, the second on
the outside world. After installing passthru, both adapters are binded
but I would wnat to filter only incoming packets from my organization
and eventually drop them based on some criteria. The problem is that
incoming packet from te outside world are also filtered, and my
question is: how is it possiblke from inside teh driver, to know if the
packet came from a specific network adapter and act accordingly.

Question 2: During the filtering process, I may decide to modify a
packet before forwarding it. For this purpose I would make a copy of
the original packet, proceed with the required modifications, and
forward my own packet instead of the original one. In this case, what
do I do with the original packet? Do I have to release any ressource,
or do I just drop it and send mine instead?

Thanks for the comments

2

A1: The bindings are distinct. The Adapter GUID or (MAC address) of the
adapter is typically a good way of identifying the ‘binding’. The protocol
edge of the IM driver gets packets indicated to it on a specific binding.
Alternatively, don’t bind the IM NetService to the adapter you don’t care
about.

A2: You can either drop it immediately or hold onto it until the modified
packet is returned to your miniport edge. This assumes, of course, that the
protocol edge is permitted to reference the packet for longer than the
indication (which is not the case for ProtocolReceive() or for
ProtocolRecievePacket() with NDIS_STATUS_RESOURCES indicated as the packet
status.)

In my (arguably irrelivent) opinion, if an IM driver does ‘modification’
operations, it is more correct to preserve the timing and semantics of
receive operations even when a packet is ‘modified’ so I generally try to
delay returning the packet indicated at the protocol edge until the miniport
packet is returned. If the protocol edge packet had NDIS_STATUS_RESOURCES
set, I would generally *also* indicate NDIS_STATUS_RESOURCES at the miniport
edge to force the entire operation to be syncronous. However, guidelines
are just that and there is no particular reason to behave this way. For
instance, some modifications might best be done out of the DPC path of
packet reception and so preserving NDIS_STATUS_RESOURCES (syncronous)
indications is impossible.

Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@enativ.com
Sent: Friday, August 31, 2007 10:47 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Questions about Passthru driver

Question 1: I have a Passthru driver installed on a computer having 2
network adapters. One adapter on my organisation side, the second on the
outside world. After installing passthru, both adapters are binded but I
would wnat to filter only incoming packets from my organization and
eventually drop them based on some criteria. The problem is that incoming
packet from te outside world are also filtered, and my question is: how is
it possiblke from inside teh driver, to know if the packet came from a
specific network adapter and act accordingly.

Question 2: During the filtering process, I may decide to modify a packet
before forwarding it. For this purpose I would make a copy of the original
packet, proceed with the required modifications, and forward my own packet
instead of the original one. In this case, what do I do with the original
packet? Do I have to release any ressource, or do I just drop it and send
mine instead?

Thanks for the comments

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

Thanks for the detailed answers. Regarding your first answer, if I use snetcfg or Bindview to install the driver, is there a way to install it for a particular adapter only?

4

I don’t recall if SNETCFG has command line options to manipulate bindings or
not. BindView surely does have the capability to enable/disable bindings.

However, I think you are asking if you can do this in conjunction with the
install process and probably before the bindings are updated so that only
the adapter(s) you choose will be bound - I think the answer with both tools
is no.

If you want to prune bindings for a NetService component during
installation, a notify object for the NetService will allow you to do that.

It may also be possible to review and update bindings from within a custom
application (installer) like SNETCFG or BindView before they are comitted by
the binding engine. I don’t know and perhaps someone else who has gone down
that path will respond.

Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@enativ.com
Sent: Saturday, September 01, 2007 3:40 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Questions about Passthru driver

Thanks for the detailed answers. Regarding your first answer, if I use
snetcfg or Bindview to install the driver, is there a way to install it for
a particular adapter only?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer