0

I am getting packets from NDIS filter SendnetBufferList routine . Inside that I am accepting the buffer after filtering that buffer .

In case of NdisMedium802_3 medium , getting packet with Ethernet header (Ethernet frames) . So i can easily analyze ipv4 & ipv6 using Ethernet header . 

PPF_ETHERNET_HEADER pEthHeader = (PPF_ETHERNET_HEADER) pBuffer;

filter.nEthProto = pEthHeader->nProto;

System::MCopyMemory(&filter.aSrcMac, &pEthHeader->aSrcMac, 
sizeof(ETH_MAC_ADDRESS));

System::MCopyMemory(&filter.aDstMac, &pEthHeader->aDstMac, 
sizeof(ETH_MAC_ADDRESS));

if (filter.nEthProto == ETH_PROTO_IPV4) {

PPF_IPV4_HEADER pIpHeader = (PPF_IPV4_HEADER) (pBuffer + 
sizeof(PF_ETHERNET_HEADER));

/* IPV4 operations */

}

else if (filter.nEthProto == ETH_PROTO_IPV6)
{

PPF_IPV6_HEADER pIpHeader = (PPF_IPV6_HEADER) (pBuffer + 
sizeof(PF_ETHERNET_HEADER));

/* IPV6 operations */
}

This is working fine . Next i am attaching NdisMediumWirelessWan / NdisMediumIP medium . This is sending RAW IP frames with out Ethernet header .

My questions is how can i check NDIS buffer contain ipv4 or ipv6 with out Ethernet header ? and also how can i set Mac address ?

user3764213
  • 11
  • 3
  • Ethernet is a layer-2 protocol, and its datagrams are frames. The frame headers contain the source and destination MAC addresses. IP is a layer-3 protocol, its datagrams are called packets, and they are the payload of frames. IP packet headers contain the source and destination IP addresses. Raw IP packets can be carried by any layer-2 protocol, so they know nothing about MAC addresses; you cannot set a MAC address in an IP packet. The first four bits of the IP header contain the IP version number: `4` for IPv4 and `6` for IPv6. Also, Wi-Fi is not ethernet; they use different frame headers. – Ron Maupin Jun 12 '16 at 17:26
  • @Ron Maupin thanks for your suggestions . But we can get the details of IP from Ethernet frames like `pEthHeader->nProto == ETH_PROTO_IPV4` . so how can i set my NDIS buffer to know whether this is ipv4 or ipv6 . i am setting by `PPF_IPV4_HEADER pIpHeader = (PPF_IPV4_HEADER) (pBuffer);` or `PPF_IPV6_HEADER pIpHeader = (PPF_IPV6_HEADER ) (pBuffer);` – user3764213 Jun 13 '16 at 07:06
  • The IP packet is in the ethernet payload. Ethernet can carry any number of layer-3 protocols (IPv4, IPX, IPv6, AppleTalk, etc.), and it doesn't care. At the same time, IP can be the payload of any number of layer-2 protocols (ethernet, PPP, token ring, frame relay, ATM, etc.), and it is oblivious to which is carrying it. You can decode the EtherType field of the ethernet frame header, or you can look at the Version field of the IP packet in the ethernet payload. You should familiarize yourself of the different header fields for frames, packets, and segments. – Ron Maupin Jun 13 '16 at 15:31
  • But i can not get Ethernet header in my packet . This is RAW IP frames (with out Ethernet header) . so how can i check ? or should i add `NDIS_NBL_FLAGS_IS_IPV4` in my NetBufferList ? – user3764213 Jun 14 '16 at 06:30
  • Your network terminology is slightly off. Ethernet datagrams are frames, not packets. You don't have a frame header in a packet - it's the other way around: packets are encapsulated by frames, so they are the payload of frames. At the same time, you don't have raw IP frames, you may have raw IP packets. In any event, you look at the headers. Either the EtherType field of the ethernet frame, or the Version field of the IP packet. – Ron Maupin Jun 14 '16 at 13:54
  • ok got it . thanks – user3764213 Jun 14 '16 at 14:06

1 Answers1

0

You can easily obtain protocol information from the NET_BUFFER_LIST:

filter.nEthProto = (USHORT)NET_BUFFER_LIST_INFO(pNBList, NetBufferListFrameType);
vadim
  • 351
  • 3
  • 6