Hi,
Below are some remarks :
- At which layer your encryption takes place is totally dependent on your
design choices; and since you are aiming to write an IM driver for
encryption, I assume you do not want to use application layer (Since it
would be easier for you to use SSL for that purpose), - Also in Transport Layer, you can use TLS with its application level
programming interface to achieve end-to-end encryption. - Encryption at Network Layer(IP) is not as easy as you imagine.VPN
technology is based on encrypting data at this layer. You can not just
encrypt the data after the IP header and then expect the TCPIP protocol to
transport it over heteregenous environments( e.g. Internet having hundreds
of routers). You may consult IPSec specification for why this is not so
trivial. - At layer 2, encryption is again not trivial to achieve over heteregenous
environments. Link based encryption is popular for wireless communication.
Remember that if you dont preserve the end-to-end semantics of
encryption/decryption process, you have to handle operations at each
level/component of the network to make it compatible with current standards.
NDIS_PACKET stuff:
You can find some information about IM drivers and NDIS_PACKET handling at
http://www.pcausa.com/resources/ndisimfaq.htm .
Each NDIS_PACKET has one or more associated NDIS_BUFFERs. At the above link,
you can find explanation about this stuff…
Assuming you are strongly familiar with TCPIP protocol architecture, I will
provide a sample function to decode an NDIS_PACKET into a character array
for futher processing. You may use it under Receive or ReceivePackets
handler of your protocol part of IM. Here is an experimental code
snippet(May be too bugggy for commercial use…Just understand it. For
advanced samples, www.pcausa.com ).
char* DecodeNDISPACKET(PNDIS_PACKET NdisPacket)
{
PNDIS_BUFFER NdisBuffer;
ULONG PacketLength, BufferLength;
char *p,*PacketDump = NULL;// A global list of PacketDumps or if
possible a callback to application space memory would
// be better. But the speed mismatch bw generation of packets and handling
them must // be handled
void *Offset;
ULONG size = 0;
NdisQueryPacket(NdisPacket, NULL, NULL, &NdisBuffer, &PacketLength);
NdisQueryBuffer(NdisBuffer, &Offset, &BufferLength);
PacketDump = (char*)ExAllocatePool(NonPagedPool,PacketLength); // On
fast/loaded networks, this may cause problems!
p = PacketDump; // Assign a temporary offset to walkthrough
do
{
if(PacketLength == BufferLength) //If packet is fed into one buffer
{
KdPrint((“We got whole packet in one buffer %lu =
%lu”,BufferLength,PacketLength));
NdisMoveMemory(PacketDump,Offset,PacketLength);
size = PacketLength;
break;
}else // The packet is divided into buffers.This is the first one
possibly MAC Header
{
NdisMoveMemory(p,Offset,BufferLength);
p = (char*)p + BufferLength;
size += BufferLength;
}
do // Loop through the buffer to get Headers.Note the sequence of
buffers is the same as the sequence of Headers // added by TCPIP
stack(Actually TCPIP adds reverse but not confused e.g MAC + IP + TCP/UDP +
APPDATA)
{
NdisGetNextBuffer(NdisBuffer, &NdisBuffer);
if(NdisBuffer)
{
NdisQueryBuffer(NdisBuffer, &Offset, &BufferLength);
if(PacketLength - size >= BufferLength)
{
NdisMoveMemory(p,Offset,BufferLength);
p = (char*)p + BufferLength;
size += BufferLength;
}else
{
KdPrint((“PANIC! Code is buggy…More sanity check must
be added”));
break;
}
}else
break;
}while(TRUE);
}while(FALSE);
return PacketDump;// Remember to free this later
}
Regards,
Egemen Tas
InfoNet Information Technologies
“Your Trusted Partner for e-Security”
http://www.infonet.com.tr
----- Original Message -----
From: wwd
To: Windows System Software Devs Interest List
Sent: Monday, September 22, 2003 8:54 PM
Subject: [ntdev] Re: How To access the Data in NDIS_PACKET
Hi all,
I am realy a newbie to Kernal mode device drivers.At present i am
developing a packet filter ndis intermediate driver ,which will
encrypt/decrypt the data comming from perticular application to our driver
and decript it accordingly.
Now i have few questions.
1)When i recive the packet what headers this packet will contain ?(i.e
IP,TCP MAC , UDP) in whaich formate they r organised in the packet ? i.e
how many bits each header will take ?..and where actaly is my data will be
stored ?..i mean can i get the starting and ending address of each
header/packet?..
please read ddk document, you will find all details about the NDIS_PACKET
struct.
-
When i am encripting the packet should i encript both header and data
or only data ?..if so how to do it ?..
the Buffer include MAC head and whole IP packet. You needn’t modify MAC head
if you don’t change IP dest addr. -
Please give me the links where i can find realy good technical
information about NDIS Intermediate Filter Drivers.
just read ddk!
Thanks in advance,
With Best Regards,
Nayak Vinay,