I’ve seen mention that a driver that modifies the destination IP address of an outbound packet can redirect the packet to the TCP/IP stack so that routing on the new address can be performed and the packet sent out to the new destination. Can this be done in a NDIS IM? Can the SendPacketsHandler modify and then indicate a packet back to the protocol side instead of calling NdisSend? Thanks…
Well, no, not ‘typically’. It requires that the TCPIP stack be willing to
‘forward’ packets from one interface to another, and that it have at least
two interfaces. Neither of those are given and most machines will not have
forwarding enabled.
This sort of behavior typically requires that the IM driver duplicate the
facilities of the IP stack forwarder, fragmentation, and ARP layer.
In NT6 with WFP this became significantly easier since now ‘raw’ injection
of IP packets is possible.
In NT5, well, it is a royal PITA to achieve this type of functionality.
Good Luck,
Dave Cattley
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@socket.net
Sent: Tuesday, February 02, 2010 11:39 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Redirecting outbound packets back to the TCP/IP stack in
NDIS IM
I’ve seen mention that a driver that modifies the destination IP address of
an outbound packet can redirect the packet to the TCP/IP stack so that
routing on the new address can be performed and the packet sent out to the
new destination. Can this be done in a NDIS IM? Can the SendPacketsHandler
modify and then indicate a packet back to the protocol side instead of
calling NdisSend? Thanks…
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Answered in reverse order of the questions:
1.) Yes, an IM driver can call NdisEthIndicateReceivePacket or
NdisMIndicateReceivePacket after re-working the packet. A new NDIS_PACKET
allocated from the receive packet pool would be needed and then the original
send packets contents glued into it. It gets a little messy unless you
simply allocate entirely new packet, buffer and memory for the receive
indication. Of course, addresses must be manipulated and the original send
packet must be completed to satisfy the original send caller.
2.) On Windows I do NOT think that bouncing the packet back up the stack
this way will result in the packet being re-routed and sent to a new
destination. At least, not in a NDIS IM driver. Perhaps the Windows
Filtering Platform (WFP) callout (not NDIS…) provides a mechanism to
re-route a packet.
Thomas F. Divine
http://www.pcausa.com
From:
Sent: Tuesday, February 02, 2010 11:38 AM
To: “Windows System Software Devs Interest List”
Subject: [ntdev] Redirecting outbound packets back to the TCP/IP stack in
NDIS IM
> I’ve seen mention that a driver that modifies the destination IP address
> of an outbound packet can redirect the packet to the TCP/IP stack so that
> routing on the new address can be performed and the packet sent out to the
> new destination. Can this be done in a NDIS IM? Can the
> SendPacketsHandler modify and then indicate a packet back to the protocol
> side instead of calling NdisSend? Thanks…
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
Having written a 2:2 NDIS 5 IM driver and a 1:2 NDIS 6 Mux IM driver that redirects packets to different receive MAC address and can send out either NIC, or both, all depending on the network health, PITA is an understatement. As David states you will need to keep your own ARP table and do your own IP stack.
Larry C
Thanks for the great feedback…