I am writing a NDIS filter driver for windows. When I examine NBL flags, say NDIS_NBL_FLAGS_IS_IPV4,it doesn't seem to have set, nor does any other flags of NblFlags field? Which driver in the stack sets these values?
Asked
Active
Viewed 553 times
1 Answers
0
These flags are not guaranteed to be set all the time in all situations. The flags are only needed when running over a native mobile broadband stack (because there is no MAC layer & EtherType to look at).
If you are writing a generic LWF that needs to work in a variety of configurations, you can't rely on this flag, and you'll have to look at the packet payload itself to determine the packet type.
Jeffrey Tippet
- 3,146
- 1
- 14
- 15
-
Thanks. By the way, any idea on how to access the network packet from user space if it matches some criteria at the filter layer level ? I mean how to make the filter communicate with user application ? – Nidhi D Feb 19 '17 at 10:30
-
NDIS itself doesn't offer any integration with usermode. If you want that in a LWF, you have to build it yourself. The "ndisprot" sample driver shows how you could build that into an NDIS driver, although it isn't very high performance. Higher performance requires more complicated code. – Jeffrey Tippet Feb 19 '17 at 23:14