none
unction to modify data of packet without modify header RRS feed

  • Question

  • in the ddproxy example the developer use this function

    DDProxyCloneModifyReinjectOutbound(
       IN DD_PROXY_PENDED_PACKET* packet
       )

     

     

    to modify the header of packet how i can reuse the same function to modify data of packet without modify header

     

    The best regards

    Sunday, September 26, 2010 6:21 PM

Answers

  • In that sample this call:

       udpHeader = NdisGetDataBuffer(
                      netBuffer,
                      sizeof(UDP_HEADER),
                      NULL,
                      sizeof(UINT16),
                      0
                      );


    returns a pointer to the UDP header. The author of the sample has conveniently included a structure defining UDP_HEADER.

    typedef
    struct UDP_HEADER_ {
        UINT16 srcPort;
        UINT16 destPort;
        UINT16 length;
        UINT16 checksum;
    } UDP_HEADER;


    Examine UDP header length field to find the total length that includes the UDP header and the UDP payload. Be sure to swap the byte order of length from network byte order to host byte order using ntohs or RtlUshortByteSwap.

    As a sanity check the length value should equal the length returned from NET_BUFFER_DATA_LENGTH( netBuffer ).

    Ok, you have the length. Now what? It is time to study the details of Memory Descriptor List (MDL).

    ABOUT THE FIRST MDL TO USE

    Using NET_BUFFER_CURRENT_MDL( netBuffer ) will fetch a pointer to the current MDL in netBuffer. Then use NdisQueryMdl to fetch the virtual address (VA) described by a MDL and the MDL length of this first MDL.

    Intuition would say that the VA returned when calling NdisQueryMdl on the first current MDL should equal the virtual address returned by NdisGetDataBuffer. But that's not necessarily true. There may be some unused space in the current MDL, and the NET_BUFFER_CURRENT_MDL_OFFFSET( netBuffer ) specifies the offset to the to the first byte of the UDP header. So VA + NET_BUFFER_CURRENT_MDL_OFFFSET( netBuffer ) should actually equal the pointer returned by NdisGetDataBuffer.

    Since we know that the size of a UDP header is always 8 bytes the length returned from NdisQueryMdl on the FIRST MDL must be >= 8 + NET_BUFFER_CURRENT_MDL_OFFFSET( netBuffer ).

    So, we now know the number of bytes described by the first MDL. And we have the virtual address of these first bytes.

    ABOUT THE REST OF THE MDLS

    Now you must do some studying and write an algorithm that "walks the MDL chain" finding the VA and length of the data described by each MDL and using the MDL data as you see fit.

    To find the next MDL in the chain you can call NdisGetNextMdl. Use NdisQueryMdl on it, and carry on until NdisGetNextMdl returns a NULL pointer.

    For example, the length of the first MDL could be as mall as 8 bytes and contain only the UDP header, it could be that there is only one MDL with length total length that describes the entire UDP header plus the UDP payload. OR, it could be a chain of a bunch of MDLs.

    You can re-read the WDK documentation about MDLs and NET_BUFFERs now and perhaps they will make more sense.

    Good luck,

    Thomas F. Divine

    (Too much time on my hands. Need work...)

    http://www.pcausa.com

     


    Thomas F. Divine http://www.pcausa.com
    Monday, September 27, 2010 12:30 AM