[Winpcap-users] Generic packet questions

Алимжан Курамшин alimjankuramshin at gmail.com
Fri Jan 18 05:07:10 PST 2013 

Questoin to the nowere.. Project is dead. Pay your attention at
http://www.rawether.net/ Bye.

2013/1/18 Patrick Malka <malka.patrick at gmail.com>

> *Hello, I have some generic IP related questions that I thought some of
> the people on this list might be able to answer since this product is very
> similar in functionality to what we are doing.*
> *
>
> In Windows, we are using the fwps* family of driver functions to filter IP
> packets. The filter mechanism is not important, but rather what happens
> during the callback functions for packets that match the filter.
>
> In these callbacks, we wish to alter the data, and have the reverse
> operation performed on the receiving end. Our goal is to perform encryption
> and tamper detection.
>
> Encryption is fairly easy to do as it does not alter the size of the (IP)
> packet, but tamper detection is proving to be harder due to the need to
> send extra data in addition to the payload in order to be able to detect
> tampering.
>
> In this light, my questions are:
>
>    - If I reinject (FwpsInjectNetwork*Async0) an IP packet that is larger
>    than the ethernet MTU, what will happen? Will it be rejected or fragmented?
>    Does the answer depend on the specific environment?
>    - If I fragment an IP packet explicitly before reinjecting it, will
>    the fragments then be filtered again?
>    - If I want to send a packet larger than the ethernet MTU, must I
>    fragment it myself or will Windows do it for me after reinjection.
>    - If I fragment an IP packet during a send, will my receiving IP
>    filter see the fragment packets or the assembled packet? Where does
>    reassembly occur, before or after the various Windows driver filters.
>    - Is there a way to safely process a maximum size IP packet (one that
>    will just fit into an ethernet frame) such that tamper detection can be
>    performed on the receiving end without having to expand and fragment the
>    packet?
>    - If I take an IP packet and add an IP option to the header, does that
>    count as increasing the packet size? (I think the answer is yes, I just
>    thought I would get confirmation).
>
>
> Thanks for any help anyone can provide.
> *
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130118/9123293e/attachment.html>

More information about the Winpcap-users mailing list