locked
ethernet information RRS feed

  • Question

  • Hi,

    I have a driver implementing 2 callouts for both FWPM_LAYER_INBOUND and OUTBOUND layers,ipv4. I need information about the underlying prootocol, let say ethernet. Do you know if it is possible without hooking the ndis layer?
    Thanks,

    Fabien.
    Tuesday, August 21, 2007 8:14 AM

Answers

  • Lower headers like ethernet are not supported by wfp. You may still need to implement an NDIS driver for that.

    Tuesday, August 21, 2007 9:26 PM

All replies

  • I don't know about supported, but I did notice during my development of a WFP callout that the ethernet frame header was at the very beginning of the NBL indicated to my callout on the inbound layers.  I think you may be out of luck on outbound, however, as the ethernet headers would not have been constructed yet...

     

    Hope this helps,

    Jeremy

    Tuesday, August 21, 2007 5:01 PM
  • Lower headers like ethernet are not supported by wfp. You may still need to implement an NDIS driver for that.

    Tuesday, August 21, 2007 9:26 PM
  • Thanks for your answers,

    I noticed the presence of the ethernet headers for the inbound layers,
    but your are right about outbound. Anyway, it is not supported by the
    wfp plateform, so will continue to work with ndis for all the underlying
    layer.

    Thanks,

    Fabien
    Wednesday, August 22, 2007 10:09 AM
  • Fabien,

     

    What exactly are you looking for in the ethernet headers, any particular information? also what are the scenarios that you are thinking of targetting by filtering on ethernet headers?

     

    -Jaydeep.

     

    Friday, September 7, 2007 7:10 PM
  • Hi,

    Sorry for my late reply.

    I am porting a firewall under Vista, that is able to filter
    frame according to their phyisical headers contents, such
    as ethernet address...

    Thanks,

    Fabien.
    Tuesday, September 18, 2007 9:48 AM