[Winpcap-users] Generic packet questions
alimjankuramshin at gmail.com
Fri Jan 18 05:07:10 PST 2013
Questoin to the nowere.. Project is dead. Pay your attention at
2013/1/18 Patrick Malka <malka.patrick at gmail.com>
> *Hello, I have some generic IP related questions that I thought some of
> the people on this list might be able to answer since this product is very
> similar in functionality to what we are doing.*
> In Windows, we are using the fwps* family of driver functions to filter IP
> packets. The filter mechanism is not important, but rather what happens
> during the callback functions for packets that match the filter.
> In these callbacks, we wish to alter the data, and have the reverse
> operation performed on the receiving end. Our goal is to perform encryption
> and tamper detection.
> Encryption is fairly easy to do as it does not alter the size of the (IP)
> packet, but tamper detection is proving to be harder due to the need to
> send extra data in addition to the payload in order to be able to detect
> In this light, my questions are:
> - If I reinject (FwpsInjectNetwork*Async0) an IP packet that is larger
> than the ethernet MTU, what will happen? Will it be rejected or fragmented?
> Does the answer depend on the specific environment?
> - If I fragment an IP packet explicitly before reinjecting it, will
> the fragments then be filtered again?
> - If I want to send a packet larger than the ethernet MTU, must I
> fragment it myself or will Windows do it for me after reinjection.
> - If I fragment an IP packet during a send, will my receiving IP
> filter see the fragment packets or the assembled packet? Where does
> reassembly occur, before or after the various Windows driver filters.
> - Is there a way to safely process a maximum size IP packet (one that
> will just fit into an ethernet frame) such that tamper detection can be
> performed on the receiving end without having to expand and fragment the
> - If I take an IP packet and add an IP option to the header, does that
> count as increasing the packet size? (I think the answer is yes, I just
> thought I would get confirmation).
> Thanks for any help anyone can provide.
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Winpcap-users