-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gopikrishna,
Have you investigated IPSEC? I believe that it has modes that are
intended to operate as a “bump-in-the-stack” below the actual TCP
stack.
I agree that it would be easier to encrypt the data before TCP gets
it, but I’m not sure that there is a defined way to intercept
everything that goes to the TCP driver. I believe that it only
understands TDI, so a standard filter driver approach wouln’t work. I
haven’t seen anything in the DDK concerning IM-style drivers for TDI.
The only thing that I’ve seen that would let you get most of the
traffic would be the layered service provider interface.
I know that it’s not optimal, but an NDIS IM driver implementing some
variant of IPSEC may be your best option.
Clark
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Gopikrishna
Sent: Wednesday, April 12, 2000 8:42 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Writing hook driver over TCP/IP driver
These are the problems in doing encryption below the TCP/IP driver.
On the receive side, I would only need to act on frames with data in
(ignoring SYN?s, ACK?s etc).I would have to cater for fragmented
packets (because the decryption must be done in the same order the
encryption was).I would have to recalculate checksums because I would
have modified the data.On the send side, I would have to cater for
re-transmits in case a packet was not received by the other end of the
conversation. (I could not just encrypt a packet again if it was sent
down from MSTCP to be re-transmitted because the encryption would be
out of sync)
Once again, I would have to recalculate checksums because I would
have modified the data.
Regards,
Gopikrishna.
----- Original Message -----
From: Sameer Kohli
To: NT Developers Interest List
Sent: Wednesday, April 12, 2000 9:44 AM
Subject: [ntdev] Re: Writing hook driver over TCP/IP driver
Hi GopiKrishna,
If only data encryprtion is required, then I think a better
approach would be developing an intermediate driver which will get all
packets transferred from the TCP/IP stack. The Data can be accessed
encrypted at this level using the algorithms.
Regards,
Sameer.
At 12:54 PM 4/12/00 +0100, you wrote:
Hi Kannan,
Thanks for your reply.
The only problem with your approach is that, not all
applications use sockets (e.g. Neighbourhood network configured to use
NETBIOS over TCP/IP). So what should I do in that case
Regards,
Gopikrishna
----- Original Message -----
From: Kannan. S
To: xxxxx@cswl.com
Sent: Wednesday, April 12, 2000 7:23 AM
Subject: RE: [ntdev] Writing hook driver over TCP/IP driver
Hello Gopikrishna,
While developing a driver may be one way, about which I
dont know,
if you intend to encrypt only the data transferred , then
you can write
something called winsock layered service provider, which
is a user
mode dll. You can hook onto all the socket calls and do
encryption.
Look in MSDN library documentation for “layered service
provider”
I think there is a knowledge base article on it and a good
sample
dll with sources.
Cheers!
/Kans.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Gopikrishna
Sent: Wednesday, April 12, 2000 4:11 PM
To: NT Developers Interest List
Subject: [ntdev] Writing hook driver over TCP/IP driver
I have to develop a driver which encrypts the TCP data. So
what I felt
is write a hook to TCP/IP driver, capture the data
,encrypt it and
pass it to TCP/IP driver. But I don’t know the device name
of the
TCP/Ip driver to delegate the calls below. How can I find
the device
name of TCP/IP driver for attching to it.
First of all, Am I correct in going for filter driver?
Thanks in advance
Regards,
Gopikrishna
— You are currently subscribed to ntdev as: xxxxx@cswl.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
iQA/AwUBOPSHPOB0WaKgfXz5EQJb6ACfSBPBJitlVy1qUgH8HdZB47JV4H4AoL3i
cX0Bq1NQ9zFfU4uQiWtmIJTC
=OqFq
-----END PGP SIGNATURE-----