locked
Data position difference between Windows 7 & 8 RRS feed

  • Question

  • According to the Data Offset Positions article, the data position at FWPS_LAYER_INBOUND_TRANSPORT_V4 for ICMP is the start of the ICMP header.

    This is true on Windows 7 however, on Windows 8 it seems to be the start of data (past the header).

    Is this a bug?

    Wednesday, December 7, 2011 1:59 AM

Answers

  • The bug was in the Win7 behavior. The offset should be at the start of the data for all packets @ INBOUND_TRANSPORT (as fixed in Win8). Hope this helps,
    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, December 7, 2011 4:06 AM
    Moderator

All replies

  • The bug was in the Win7 behavior. The offset should be at the start of the data for all packets @ INBOUND_TRANSPORT (as fixed in Win8). Hope this helps,
    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, December 7, 2011 4:06 AM
    Moderator
  • In Win7 you are indicated the IPHeaderSize and a transport HeaderSize of 0 for ICMP.  In Win8, the transportHeaderSize will be updated to be valid.  This means if you are using the recommended computations for retreating / advancing the offset to get to the proper header location, then all will just work out.

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, December 21, 2011 8:10 PM
    Moderator
  • We verified that IPHeaderSize can be used to traverse ICMP packets on both OSes.

    Thanks for your help.

    Wednesday, January 11, 2012 12:46 AM