We have written a NDIS5.1 miniport for a wireless NIC. The NIC
periodically sends a UDP broadcast packet (with some statistics) to an
application running in the PC(source IP and MAC are NIC’s own). On XP
the application receives the packets but not on Vista. When I captured
the packets and tried some few things as in, changing the IP address on
the packet to a specific IP address (I used the NIC interface address
itself and changed the source to the next IP addr), the application
received the packet. If I change just the MAC address of the broadcast
packet then also it works on vista or if I just change the source MAC
also it works. What is the change in in vista’s network stack wrt MAC
broadcast address ?
But the same thing (broad cast address - IP as well as MAC address being
ff) works fine when its received over the PC’s Ethernet interface. What
is the problem ? Is there anything in the miniport driver to indicate
that it can receive broad cast packets to protocol layer ?
Regards
Esha
Using the interfaces (NIC as you say) IP address and MAC address to send the
host IP stack a packet is in fact ‘forging’ a packet. It is quite
reasonable for the host IP stack to treat that packet as suspect since it
knows under all circumstances that *it* did not send it. Sure, NT5 IP
stacks were much more relaxed about such triffles but NT6 is just displaying
a reasonable level of awareness in this regard.
When you change the source IP address to be some other host (real or
otherwise) it becomes a perfectly reasonable UDP packet to be delivered to
your usermode process.
Ignoring the security issues that your software is introducing (if these
packets are actually relevant to anything, what prevents a sender on the LAN
from overwhelming your UDP receiver process with junk, malformed malicious
packets, etc), have you considered that asking for this statistical
information via WMI would be far more supported scheme and frankly easier to
maintain?
I recommend that you re-consider the mechanism you have chosen to convey
these statistics to the host process. But ignoring that, you will find that
sending a packet that does not get so easily detected as forged will be more
likely accepted by TCPIP.SYS.
Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development
From: “Eshanye.K.P”
Sent: Monday, September 29, 2008 8:14 AM
To: “Windows System Software Devs Interest List”
Subject: [ntdev] UDP Broadcast packets wont be received in Vista machine on
some of the interfaces…
> We have written a NDIS5.1 miniport for a wireless NIC. The NIC
> periodically sends a UDP broadcast packet (with some statistics) to an
> application running in the PC(source IP and MAC are NIC’s own). On XP the
> application receives the packets but not on Vista. When I captured the
> packets and tried some few things as in, changing the IP address on the
> packet to a specific IP address (I used the NIC interface address itself
> and changed the source to the next IP addr), the application received the
> packet. If I change just the MAC address of the broadcast packet then also
> it works on vista or if I just change the source MAC also it works. What
> is the change in in vista’s network stack wrt MAC broadcast address ?
>
> But the same thing (broad cast address - IP as well as MAC address being
> ff) works fine when its received over the PC’s Ethernet interface. What is
> the problem ? Is there anything in the miniport driver to indicate that it
> can receive broad cast packets to protocol layer ?
>
> Regards
> Esha
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Thanks for your suggestions. I need to look into other methods also such
as WMI in this case. The same firmware is being used in another product
of ours which is an external modem where the external modem being
connected to the PC via ehternet would send such packets (where the PC
definitely gets a different MAC/IP address in source) and would work
perfectly fine. When we adapted the same stack into a NIC card inside
the PC, the scenario has changed.
Regards
Esha
xxxxx@msn.com wrote:
Using the interfaces (NIC as you say) IP address and MAC address to send
the host IP stack a packet is in fact ‘forging’ a packet. It is quite
reasonable for the host IP stack to treat that packet as suspect since
it knows under all circumstances that *it* did not send it. Sure, NT5
IP stacks were much more relaxed about such triffles but NT6 is just
displaying a reasonable level of awareness in this regard.
When you change the source IP address to be some other host (real or
otherwise) it becomes a perfectly reasonable UDP packet to be delivered
to your usermode process.
Ignoring the security issues that your software is introducing (if these
packets are actually relevant to anything, what prevents a sender on the
LAN from overwhelming your UDP receiver process with junk, malformed
malicious packets, etc), have you considered that asking for this
statistical information via WMI would be far more supported scheme and
frankly easier to maintain?
I recommend that you re-consider the mechanism you have chosen to convey
these statistics to the host process. But ignoring that, you will find
that sending a packet that does not get so easily detected as forged
will be more likely accepted by TCPIP.SYS.
Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development
From: “Eshanye.K.P”
> Sent: Monday, September 29, 2008 8:14 AM
> To: “Windows System Software Devs Interest List”
> Subject: [ntdev] UDP Broadcast packets wont be received in Vista machine
> on some of the interfaces…
>
>> We have written a NDIS5.1 miniport for a wireless NIC. The NIC
>> periodically sends a UDP broadcast packet (with some statistics) to
>> an application running in the PC(source IP and MAC are NIC’s own). On
>> XP the application receives the packets but not on Vista. When I
>> captured the packets and tried some few things as in, changing the IP
>> address on the packet to a specific IP address (I used the NIC
>> interface address itself and changed the source to the next IP addr),
>> the application received the packet. If I change just the MAC address
>> of the broadcast packet then also it works on vista or if I just
>> change the source MAC also it works. What is the change in in vista’s
>> network stack wrt MAC broadcast address ?
>>
>> But the same thing (broad cast address - IP as well as MAC address
>> being ff) works fine when its received over the PC’s Ethernet
>> interface. What is the problem ? Is there anything in the miniport
>> driver to indicate that it can receive broad cast packets to protocol
>> layer ?
>>
>> Regards
>> Esha
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
–
Regards
Esha
-----------------------------------
Eshanye.K.P
Processor Systems (India) Pvt. Ltd
#24, Richmond Road
Bangalore-560025
India
Ph: +91-80-22273090
e-mail: xxxxx@procsys.com
Confidentiality notice and disclaimer: This email, including any
attachments, is meant for the sole use of the intended recipient or
recipients, and may contain confidential material. Unauthorized use,
disclosure, copying, alteration or distribution of the contents is
strictly forbidden. If you are not the intended recipient, please delete
all the copies and contact the sender by email; your cooperation in this
regard is appreciated.
Although this email and its attachments are believed to be free from
viruses and other malicious content, it is the responsibility of the
recipient or recipients to ensure that the contents are safe. The sender
of this mail or Processor Systems (ProcSys) cannot accept any
responsibility or liability in this regard.
Perhaps the strong/weak host facility is causing this. See:
http://technet.microsoft.com/en-us/magazine/cc137807.aspx
Thomas F. Divine
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-338591-
xxxxx@lists.osr.com] On Behalf Of Eshanye.K.P
Sent: Tuesday, September 30, 2008 12:41 AM
To: Windows System Software Devs Interest List
Cc: Windows System Software Devs Interest List
Subject: Re:[ntdev] UDP Broadcast packets wont be received in Vista
machine on some of the interfaces…
Thanks for your suggestions. I need to look into other methods also
such
as WMI in this case. The same firmware is being used in another product
of ours which is an external modem where the external modem being
connected to the PC via ehternet would send such packets (where the PC
definitely gets a different MAC/IP address in source) and would work
perfectly fine. When we adapted the same stack into a NIC card inside
the PC, the scenario has changed.
Regards
Esha
xxxxx@msn.com wrote:
> Using the interfaces (NIC as you say) IP address and MAC address to
send
> the host IP stack a packet is in fact ‘forging’ a packet. It is
quite
> reasonable for the host IP stack to treat that packet as suspect
since
> it knows under all circumstances that *it* did not send it. Sure,
NT5
> IP stacks were much more relaxed about such triffles but NT6 is just
> displaying a reasonable level of awareness in this regard.
>
> When you change the source IP address to be some other host (real or
> otherwise) it becomes a perfectly reasonable UDP packet to be
delivered
> to your usermode process.
>
> Ignoring the security issues that your software is introducing (if
these
> packets are actually relevant to anything, what prevents a sender on
the
> LAN from overwhelming your UDP receiver process with junk, malformed
> malicious packets, etc), have you considered that asking for this
> statistical information via WMI would be far more supported scheme
and
> frankly easier to maintain?
>
> I recommend that you re-consider the mechanism you have chosen to
convey
> these statistics to the host process. But ignoring that, you will
find
> that sending a packet that does not get so easily detected as forged
> will be more likely accepted by TCPIP.SYS.
>
> Good Luck,
> Dave Cattley
> Consulting Engineer
> Systems Software Development
>
> --------------------------------------------------
> From: “Eshanye.K.P”
> > Sent: Monday, September 29, 2008 8:14 AM
> > To: “Windows System Software Devs Interest List”
>
> > Subject: [ntdev] UDP Broadcast packets wont be received in Vista
> machine
> > on some of the interfaces…
> >
> >> We have written a NDIS5.1 miniport for a wireless NIC. The NIC
> >> periodically sends a UDP broadcast packet (with some statistics) to
> >> an application running in the PC(source IP and MAC are NIC’s own).
> On
> >> XP the application receives the packets but not on Vista. When I
> >> captured the packets and tried some few things as in, changing the
> IP
> >> address on the packet to a specific IP address (I used the NIC
> >> interface address itself and changed the source to the next IP
> addr),
> >> the application received the packet. If I change just the MAC
> address
> >> of the broadcast packet then also it works on vista or if I just
> >> change the source MAC also it works. What is the change in in
> vista’s
> >> network stack wrt MAC broadcast address ?
> >>
> >> But the same thing (broad cast address - IP as well as MAC address
> >> being ff) works fine when its received over the PC’s Ethernet
> >> interface. What is the problem ? Is there anything in the miniport
> >> driver to indicate that it can receive broad cast packets to
> protocol
> >> layer ?
> >>
> >> Regards
> >> Esha
> >>
> >>
> >> —
> >> NTDEV is sponsored by OSR
> >>
> >> For our schedule of WDF, WDM, debugging and other seminars visit:
> >> http://www.osr.com/seminars
> >>
> >> To unsubscribe, visit the List Server section of OSR Online at
> >> http://www.osronline.com/page.cfm?name=ListServer
> >>
> >
>
>
> –
> Regards
> Esha
>
>
> -----------------------------------
> Eshanye.K.P
> Processor Systems (India) Pvt. Ltd
> #24, Richmond Road
> Bangalore-560025
> India
> Ph: +91-80-22273090
> e-mail: xxxxx@procsys.com
>
> Confidentiality notice and disclaimer: This email, including any
> attachments, is meant for the sole use of the intended recipient or
> recipients, and may contain confidential material. Unauthorized use,
> disclosure, copying, alteration or distribution of the contents is
> strictly forbidden. If you are not the intended recipient, please
> delete
> all the copies and contact the sender by email; your cooperation in
> this
> regard is appreciated.
>
> Although this email and its attachments are believed to be free from
> viruses and other malicious content, it is the responsibility of the
> recipient or recipients to ensure that the contents are safe. The
> sender
> of this mail or Processor Systems (ProcSys) cannot accept any
> responsibility or liability in this regard.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer