Hi all, any ideas how - if possible - to send rwa ethernet packets from user mode app? The sample NDISPROT driver was already discussed, but the restriction is - no custom kernel modules in solution. Any info welcome. Thx
AFAIK, there is no way to send raw Ethernet packets without a custom driver under Windows. The maximum that you can do without a driver is sending raw IP packets via raw sockets. If you need something more “unconventional” than that your only bet is a custom NDIS protocol driver…
Anton Bassov
Since you’re at Microsoft, try to convince the core team to add the AF_PACKET/PF_PACKET stuff to WinSock 
which should talk to NDISUIO in the kernel.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> Hi all, any ideas how - if possible - to send rwa ethernet packets from user mode app? The sample NDISPROT driver was already discussed, but the restriction is - no custom kernel modules in solution. Any info welcome. Thx
>
>
I wonder if he really means raw Ethernet packets. If so, then the software design is broken no matter what kind of application he intends
Sent from Mailhttps: for Windows 10
From: Maxim S. Shatskihmailto:xxxxx
Sent: June 22, 2016 3:47 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: Re:[ntdev] Sending raw ethernet packets from UM
Since you’re at Microsoft, try to convince the core team to add the AF_PACKET/PF_PACKET stuff to WinSock which should talk to NDISUIO in the kernel.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> Hi all, any ideas how - if possible - to send rwa ethernet packets from user mode app? The sample NDISPROT driver was already discussed, but the restriction is - no custom kernel modules in solution. Any info welcome. Thx
>
>
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx></https:>
> If so, then the software design is broken no matter what kind of application he intends
Why is that??? It may well have a legitimate use (for example,like designing an experimental
non-IP protocol), and if Windows had an equivalent of NETLINK or UNIX domain sockets tht allowed this kind of experimentation without having to write a ful-blown NDIS protocol driver, it would simplify things quite a lot…
Anton Bassov
Experimentation and research are one thing ? and for those purposes, indeed it could be made easier. But for those purposes, there wouldn?t be any restrictions on what you can do to the systems being used for the test, so his question must pertain to a real application and not an experiment
Sent from Mailhttps: for Windows 10
From: xxxxx@hotmail.commailto:xxxxx
Sent: June 22, 2016 8:01 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: RE:[ntdev] Sending raw ethernet packets from UM
> If so, then the software design is broken no matter what kind of application he intends
Why is that??? It may well have a legitimate use (for example,like designing an experimental
non-IP protocol), and if Windows had an equivalent of NETLINK or UNIX domain sockets tht allowed this kind of experimentation without having to write a ful-blown NDIS protocol driver, it would simplify things quite a lot…
Anton Bassov
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx></https:>
If you don’t want to develop a protocol driver (the only way to do this) then just go get WinPCAP which exposes this capability. It is a protocol driver.
There is a utility named NPG (network packet generator) that uses WinPCAP to send arbitrary Ethernet frames.
Good Luck,
Dave Cattley
> Why is that??? It may well have a legitimate use (for example,like designing an experimental
non-IP protocol),
Totally agree. I once wrote a prototype driver for Ethernet-connected-HDD, without IP being used.
Modern days I think there is a standard on it, but this was very long ago even before SATA.
and if Windows had an equivalent of NETLINK or UNIX domain sockets
UNIX domain sockets have nothing to do with Ethernet.
UNIX feature relevant here: PF_PACKET enum value with sockets API. I don’t know whether it is called NETLINK or no.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
>UNIX domain sockets have nothing to do with Ethernet. UNIX feature relevant
here: PF_PACKET enum value with sockets API. I don’t know whether it is called
NETLINK or no.
WEll, UNIX domain sockets per se are just an IPC mechanism. NETLINK is a Linux implementation of the this concept that provides a more generic mechanism for IPC and kernel-userland communication. Once NETLINK sockets represent an address family they may support
multiple protocols that may be accessed simply as a call to
socket(AF_NETLINK, socket_type, protocol). This approach allows using them, depending on ‘protocol’ parameter, as a mechanism for packet filtering, firewall, routing,etc. I think in this context using them as a network tap, i.e NETLINK_TAPBASE that allows an ethernet driver to be simulated from the useland, may be of interest.
If you need more info I would suggest checking the link below
https://en.wikipedia.org/wiki/Netlink
Anton Bassov