This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Client Firewall and 3G NDIS

Hi,

What is the meaning of the following statement (from the release notes):

- Sophos Client Firewall does not support the “mobile broadband” driver

Does it mean Sophos Client Firewall does not support the NDIS driver?

What exactly happens when a computer is using that kind of driver? Will the firewall allow all the traffic? Can the client fallback to the Windows Firewall? Exactly how can we overcome this limitation?

Thanks.

This thread was automatically locked due to age.

Parents

0 ricdgr over 12 years ago

Hi Darren,
I do not know the details of your implementation, but it looks like the problem is that the Firewall driver was not changed to support the "new" NDIS 6.20 driver model.
Microsoft provides clear guidelines on what to change to make it work (of course I don't know the extension of the changes required on your code):
According to Microsoft [1]:
"Network applications that were written for NDIS 6.0 or earlier and perform packet capture, filtering, or injection at the media access control (MAC) layer—such as firewalls, antivirus filters, and virtual private network (VPN) clients— might require updates to work with mobile broadband devices. "
[1] Mobile Broadband Changes for Windows 7, http://msdn.microsoft.com/en-s/library/windows/hardware/gg454521.aspx
The document seems to describe the changes that must be done to the SOPHOS Firewall Filter Driver:

Changes in the mobile broadband driver stack can affect applications that use the WFP, NDIS LWF, and NDIS 6.x IM MUX drivers in the following ways:
· Binding to the mobile broadband device.
NDIS LWF or NDIS6.x IM MUX drivers require changes to their INF files so that they can bind to mobile broadband devices.
The LowerRange and MediaType that are specified in the network miniport driver’’’’s INF file are important changes for an NDIS LWF driver. To bind to a Windows 7 mobile broadband driver, the filter driver must add “ppip” in the FilterMediaTypes section of the filter driver’’’’s INF file. The filter driver should also accept miniport drivers that specify NdisMediumWirelessWan in the FilterAttach function.
For NDIS 6.x IM MUX drivers, the protocol edge of the driver must specify “flpp4” or “flpp6” in the LowerRange in the driver’’’’s INF file to bind to the mobile broadband driver.
WFP-based solutions do not require these changes because they do not bind to a specific network medium.

This seems to be the reason for the SOPHOS NDIS Filter Driver to not bind to the Broadband Network Interface, and not show up on the network interface properties page

· Parsing network packets.
Applications that are based on NDIS6.x IM MUX, NDIS LWF, or WFP might require changes to parsing functions.
If the application parses network frames that are passed between NDIS and the miniport driver, the parsing function must expect raw IP frames instead of Ethernet frames for mobile broadband adapters.

Because the frames are raw Layer 3 IP (vs L2 MAC + L3 IP), the SOPHOS Firewall NDIS Filter Driver will probably need to be changed to start processing the IP header information at a different offset

Regards
:42462
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ricdgr over 12 years ago

Hi Darren,
I do not know the details of your implementation, but it looks like the problem is that the Firewall driver was not changed to support the "new" NDIS 6.20 driver model.
Microsoft provides clear guidelines on what to change to make it work (of course I don't know the extension of the changes required on your code):
According to Microsoft [1]:
"Network applications that were written for NDIS 6.0 or earlier and perform packet capture, filtering, or injection at the media access control (MAC) layer—such as firewalls, antivirus filters, and virtual private network (VPN) clients— might require updates to work with mobile broadband devices. "
[1] Mobile Broadband Changes for Windows 7, http://msdn.microsoft.com/en-s/library/windows/hardware/gg454521.aspx
The document seems to describe the changes that must be done to the SOPHOS Firewall Filter Driver:

Changes in the mobile broadband driver stack can affect applications that use the WFP, NDIS LWF, and NDIS 6.x IM MUX drivers in the following ways:
· Binding to the mobile broadband device.
NDIS LWF or NDIS6.x IM MUX drivers require changes to their INF files so that they can bind to mobile broadband devices.
The LowerRange and MediaType that are specified in the network miniport driver’’’’s INF file are important changes for an NDIS LWF driver. To bind to a Windows 7 mobile broadband driver, the filter driver must add “ppip” in the FilterMediaTypes section of the filter driver’’’’s INF file. The filter driver should also accept miniport drivers that specify NdisMediumWirelessWan in the FilterAttach function.
For NDIS 6.x IM MUX drivers, the protocol edge of the driver must specify “flpp4” or “flpp6” in the LowerRange in the driver’’’’s INF file to bind to the mobile broadband driver.
WFP-based solutions do not require these changes because they do not bind to a specific network medium.

This seems to be the reason for the SOPHOS NDIS Filter Driver to not bind to the Broadband Network Interface, and not show up on the network interface properties page

· Parsing network packets.
Applications that are based on NDIS6.x IM MUX, NDIS LWF, or WFP might require changes to parsing functions.
If the application parses network frames that are passed between NDIS and the miniport driver, the parsing function must expect raw IP frames instead of Ethernet frames for mobile broadband adapters.

Because the frames are raw Layer 3 IP (vs L2 MAC + L3 IP), the SOPHOS Firewall NDIS Filter Driver will probably need to be changed to start processing the IP header information at a different offset

Regards
:42462
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data