Intermediate Driver -vs- Filter Hook Driver

TheMSsForum.com: The Microsoft Software Forum

First, thank you all for getting me started in the right
direction. The links for info have been excellent.

As I have begun to learn the technology and vocabulary I
can now communicate somewhat better.

I have pushed back to management that we do not need to
develope a true vNic.

The requirements are thus:
Watch all network packets and redirect some of them to a
different address. The the redirected packet will become a
piece of data in a new stream of data sent by a socket to
the different address. The "packet watcher" doesn't need
to send the packet to a new address,it can call to "up" to
an appliation layer to send it.

Forgive me if this is not making sense, I am still getting
the terms down.

So, I think it can be done with:
NDIS Intermediate Driver
OR
Filter Hook Driver

Filter Hook Drivers seem to have the contsraint of only
one hook. Some kind of entry point table for the hook and
whover installs the address of their entry point gets the
call.

From my description, which do you think is the approach I
should continue to research? Maybe there is an approach I
have missed?

Thank you for your help.

Gil
Top

RE: Intermediate Driver -vs- Filter Hook Driver by bburgin

bburgin
Fri Oct 24 17:44:41 CDT 2003

------=_NextPart_0001_146BDB0E
Content-Type: text/plain
Content-Transfer-Encoding: 7bit



Use a Filter IM driver per the PASSTHRU sample in the DDK. Also see Thomas
Divine's article at http://www.wd-3.com/archive/ExtendingPassthru.htm.

Bryan S. Burgin
bburgin@microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.
------=_NextPart_0001_146BDB0E
Content-Type: text/x-rtf
Content-Transfer-Encoding: 7bit

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\f0\fs20
\par
\par Use a Filter IM driver per the PASSTHRU sample in the DDK. Also see Thomas Divine's article at http://www.wd-3.com/archive/ExtendingPassthru.htm.
\par
\par Bryan S. Burgin
\par bburgin@microsoft.com
\par
\par This posting is provided "AS IS" with no warranties, and confers no rights.
\par
\par }
------=_NextPart_0001_146BDB0E--

Top

Re: Intermediate Driver -vs- Filter Hook Driver by James

James
Sat Oct 25 11:04:45 CDT 2003

You can accomplish this via an NDIS IM driver. I would not, however, use
an application (user-space, I presume) layer as an intermediary, simply
for performance reasons. Rather I would send the new packets directly
from whatever part of the IM driver it is that sees the old packets.

For constructing altered packets, you may get some information from
http://www.pcausa-corp.com/code_snippets/default.htm (to which
http://home.mindspring.com/~antognini points for that sample).

Gilligan wrote:

> Watch all network packets and redirect some of them to a
> different address. The the redirected packet will become a
> piece of data in a new stream of data sent by a socket to
> the different address. The "packet watcher" doesn't need
> to send the packet to a new address,it can call to "up" to
> an appliation layer to send it.

--
If replying by e-mail, please remove "nospam." from the address.

James Antognini
Windows DDK MVP


Top

Re: Intermediate Driver -vs- Filter Hook Driver by Maxim

Maxim
Sun Oct 26 11:23:32 CST 2003

> NDIS Intermediate Driver
> OR
> Filter Hook Driver
>
> Filter Hook Drivers seem to have the contsraint of only

They are also IP-only. NDIS IMs will support all protocols.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com


Top

Re: Intermediate Driver -vs- Filter Hook Driver by Thomas

Thomas
Mon Oct 27 00:14:59 CST 2003

Hooks can support protocols besides IP if crafted correctly. Instead of
watching for bindings of Tcp and Udp, watch for all.

OTOH, NDIS IM is certainly prefered on W2K and higher. Installation of NDIS
IM on Windows platforms other than W2K and higher is impractical and more
difficult to achieve then development of the driver itself.

Regards,

Thomas F. Divine
www.pcausa.com

"Maxim S. Shatskih" <maxim@storagecraft.com> wrote in message
news:unGnRg%23mDHA.360@TK2MSFTNGP12.phx.gbl...
> > NDIS Intermediate Driver
> > OR
> > Filter Hook Driver
> >
> > Filter Hook Drivers seem to have the contsraint of only
>
> They are also IP-only. NDIS IMs will support all protocols.
>
> --
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> maxim@storagecraft.com
> http://www.storagecraft.com
>
>


Top