Re: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE
I am not receiving email from the mailing list currently, for some reason. Please CC me directly as well... Hello, I use winpcap 2.3 for this, tell me if you need this version to build your bridge to send you the npf.sys modified, I dont know if this winpcap 2.3 works with windows xp but it works fine with windows 2000 the other option: You must alter the npf.sys driver (the pcap driver), in the write.c file of the source. It can be easely copied into the driver folder. In the write.c file, add the function call NdisSetPacketFlags(pPacket, NDIS_FLAGS_SKIP_LOOPBACK); // funtion NTSTATUS PacketWrite(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) function, just before the packet is sent with the NdisSend(Status, Open-AdapterHandle, pPacket); function. My main problem is that I don't have a full MS compiler suite, so I can't recompile the driver. It appears to cost around $800 for the compiler suite, so I'd like to avoid that if possible! How hard would it be to apply the same fix to the latest release and build an installable target? If this is difficult, do you have a packaged version of the 2.3 release? I would be happy to try it out on win2k and win-xp to see how it works for a bridge. I would be willing to pay for a packaged version of winpcap that supported bridging via the changes mentioned above... I would like that Loris Degioanni add this as a function of winpcap, because if you can write a bridge, you can also write a transparent firewall. Me too... Thanks, Ben Regards David Rodriguez -- Ben Greear [EMAIL PROTECTED] Candela Technologies Inc http://www.candelatech.com == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==
Re: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE
Hello, I use winpcap 2.3 for this, tell me if you need this version to build your bridge to send you the npf.sys modified, I dont know if this winpcap 2.3 works with windows xp but it works fine with windows 2000 the other option: You must alter the npf.sys driver (the pcap driver), in the write.c file of the source. It can be easely copied into the driver folder. In the write.c file, add the function call NdisSetPacketFlags(pPacket, NDIS_FLAGS_SKIP_LOOPBACK); // funtion NTSTATUS PacketWrite(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) function, just before the packet is sent with the NdisSend(Status, Open-AdapterHandle, pPacket); function. I would like that Loris Degioanni add this as a function of winpcap, because if you can write a bridge, you can also write a transparent firewall. Regards David Rodriguez - Original Message - From: Ben Greear [EMAIL PROTECTED] To: [EMAIL PROTECTED]; winpcap-users@winpcap.polito.it Sent: Sunday, April 24, 2005 04:41 PM Subject: Re: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE Hello! I also am trying to write a bridge. From your email discussion, it appears you had to modify winpcap to get it to not receive the packet that you just transmitted. I hope to get this working on at least Win2k and WinXP, though WinXP is the highest priority. If so, do you have a packaged version of this winpcap that I could use for my own project? (I am compiling my win32 app using mingw on Linux, so I am thinking it may be difficult for me to build a new winpcap package...) Or, if there is any way to use the standard winpcap to accomplish the same thing, could you let me know the functions involved? From reading your discussion, it sounds like setting a flag on the pcap_t object should be sufficient to get the info to the write() logic, but I do not see anywhere to set such a flag... Thanks, Ben -- Ben Greear [EMAIL PROTECTED] Candela Technologies Inc http://www.candelatech.com == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] == == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==
Re: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE
Hello! I also am trying to write a bridge. From your email discussion, it appears you had to modify winpcap to get it to not receive the packet that you just transmitted. I hope to get this working on at least Win2k and WinXP, though WinXP is the highest priority. If so, do you have a packaged version of this winpcap that I could use for my own project? (I am compiling my win32 app using mingw on Linux, so I am thinking it may be difficult for me to build a new winpcap package...) Or, if there is any way to use the standard winpcap to accomplish the same thing, could you let me know the functions involved? From reading your discussion, it sounds like setting a flag on the pcap_t object should be sufficient to get the info to the write() logic, but I do not see anywhere to set such a flag... Thanks, Ben -- Ben Greear [EMAIL PROTECTED] Candela Technologies Inc http://www.candelatech.com == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==
RE: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE
You are correct. If you are using promiscuous mode, you will get all packets, even the packets you send out. The way to deal with this is to throw away those packets you know that are being sent out by your thread. You could do this at the user level by identifying the packets that the thread just sent out and not resend it. You could parse the packet and look for the NDIS_FLAGS_IS_LOOPBACK_PACKET setting in the packet and ignore these. Perhaps you can set a filter so you don't see those outgoing packets at all. If you know what port you are sending packets out of for each thread, you could set a filter that excludes those packets whose source IP address and port match the one used by the thread. This assumes Ethernet of course. The other thread would use a similar filter string but with a different port. Refer to the BPF man page for information on filter strings. Thank you, God does not play dice! -- Albert Einstein Not only does God play dice with the Universe - he sometimes casts them where they can't be seen. -- Stephen Hawking -Original Message- From: Bowers, Rick [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 22, 2005 5:50 PM To: winpcap-users@winpcap.polito.it Subject: RE: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE Thanks for the suggestion. I see pcap_open_live(), that is called by pcap_open(), calls PacketSetHwFilter() with either NDIS_PACKET_TYPE_PROMISCUOUS or NDIS_PACKET_TYPE_ALL_LOCAL depending on whether it was asked to run in promiscuous mode. From ntddndis.h the only NDIS_PACKET* defines are: // // Ndis Packet Filter Bits (OID_GEN_CURRENT_PACKET_FILTER). // #define NDIS_PACKET_TYPE_DIRECTED 0x0001 #define NDIS_PACKET_TYPE_MULTICAST 0x0002 #define NDIS_PACKET_TYPE_ALL_MULTICAST 0x0004 #define NDIS_PACKET_TYPE_BROADCAST 0x0008 #define NDIS_PACKET_TYPE_SOURCE_ROUTING 0x0010 #define NDIS_PACKET_TYPE_PROMISCUOUS0x0020 #define NDIS_PACKET_TYPE_SMT0x0040 #define NDIS_PACKET_TYPE_ALL_LOCAL 0x0080 #define NDIS_PACKET_TYPE_GROUP 0x1000 #define NDIS_PACKET_TYPE_ALL_FUNCTIONAL 0x2000 #define NDIS_PACKET_TYPE_FUNCTIONAL 0x4000 #define NDIS_PACKET_TYPE_MAC_FRAME 0x8000 -- none of which seems to be related to loopback. An interesting discussion at http://www.ndis.com/papers/loopback.htm says that the NDIS_FLAGS_IS_LOOPBACK_PACKET is set on received packets (obviously if it's a loopback packet). However, I don't see where I have access to the flag in WinPcap (especially running on Windows/XP). This same document says packets are always looped back when in promiscuous mode (which is how I am forced to be running). Rick == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] == = This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] =
Re: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE
I used the following: NdisSetPacketFlags(pPacket, NDIS_FLAGS_SKIP_LOOPBACK); // for avoid reading packets writing in one interface were read it again. I recompiled winpcap also. see details in: http://www.mail-archive.com/winpcap-users@winpcap.polito.it/msg00360.html I works fine under windows 2000 and xp, I built several nice applications with this. David Rodriguez - Original Message - From: Bowers, Rick [EMAIL PROTECTED] To: winpcap-users@winpcap.polito.it Sent: Tuesday, February 22, 2005 06:50 PM Subject: RE: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE Thanks for the suggestion. I see pcap_open_live(), that is called by pcap_open(), calls PacketSetHwFilter() with either NDIS_PACKET_TYPE_PROMISCUOUS or NDIS_PACKET_TYPE_ALL_LOCAL depending on whether it was asked to run in promiscuous mode. From ntddndis.h the only NDIS_PACKET* defines are: // // Ndis Packet Filter Bits (OID_GEN_CURRENT_PACKET_FILTER). // #define NDIS_PACKET_TYPE_DIRECTED 0x0001 #define NDIS_PACKET_TYPE_MULTICAST 0x0002 #define NDIS_PACKET_TYPE_ALL_MULTICAST 0x0004 #define NDIS_PACKET_TYPE_BROADCAST 0x0008 #define NDIS_PACKET_TYPE_SOURCE_ROUTING 0x0010 #define NDIS_PACKET_TYPE_PROMISCUOUS0x0020 #define NDIS_PACKET_TYPE_SMT0x0040 #define NDIS_PACKET_TYPE_ALL_LOCAL 0x0080 #define NDIS_PACKET_TYPE_GROUP 0x1000 #define NDIS_PACKET_TYPE_ALL_FUNCTIONAL 0x2000 #define NDIS_PACKET_TYPE_FUNCTIONAL 0x4000 #define NDIS_PACKET_TYPE_MAC_FRAME 0x8000 -- none of which seems to be related to loopback. An interesting discussion at http://www.ndis.com/papers/loopback.htm says that the NDIS_FLAGS_IS_LOOPBACK_PACKET is set on received packets (obviously if it's a loopback packet). However, I don't see where I have access to the flag in WinPcap (especially running on Windows/XP). This same document says packets are always looped back when in promiscuous mode (which is how I am forced to be running). Rick == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] == == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==
RE: [WinPcap-users] PROBLEM WITH BUILDING A BRIDGE
Thanks for the suggestion. I see pcap_open_live(), that is called by pcap_open(), calls PacketSetHwFilter() with either NDIS_PACKET_TYPE_PROMISCUOUS or NDIS_PACKET_TYPE_ALL_LOCAL depending on whether it was asked to run in promiscuous mode. From ntddndis.h the only NDIS_PACKET* defines are: // // Ndis Packet Filter Bits (OID_GEN_CURRENT_PACKET_FILTER). // #define NDIS_PACKET_TYPE_DIRECTED 0x0001 #define NDIS_PACKET_TYPE_MULTICAST 0x0002 #define NDIS_PACKET_TYPE_ALL_MULTICAST 0x0004 #define NDIS_PACKET_TYPE_BROADCAST 0x0008 #define NDIS_PACKET_TYPE_SOURCE_ROUTING 0x0010 #define NDIS_PACKET_TYPE_PROMISCUOUS0x0020 #define NDIS_PACKET_TYPE_SMT0x0040 #define NDIS_PACKET_TYPE_ALL_LOCAL 0x0080 #define NDIS_PACKET_TYPE_GROUP 0x1000 #define NDIS_PACKET_TYPE_ALL_FUNCTIONAL 0x2000 #define NDIS_PACKET_TYPE_FUNCTIONAL 0x4000 #define NDIS_PACKET_TYPE_MAC_FRAME 0x8000 -- none of which seems to be related to loopback. An interesting discussion at http://www.ndis.com/papers/loopback.htm says that the NDIS_FLAGS_IS_LOOPBACK_PACKET is set on received packets (obviously if it's a loopback packet). However, I don't see where I have access to the flag in WinPcap (especially running on Windows/XP). This same document says packets are always looped back when in promiscuous mode (which is how I am forced to be running). Rick = This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] =
