Page 1 of 2
WinPCap and Bochs?
Posted: Thu Apr 12, 2007 8:02 pm
by pcmattman
I'm trying to test networking in my OS but it doesn't work too well.
ARP requests are picked up without any problems at all. However, any other type of packet addressed directly to my OS does not reach my OS. Any network-wide broadcast (MAC FF:FF:FF:FF:FF:FF) reaches my OS.
Is this a problem with WinPCap or is it a problem with the config?
Posted: Thu Apr 12, 2007 8:11 pm
by mystran
Do you reply to the ARP requests? Do you send out some other packets? If you send packets, can you see those from the other side of the network?
I mean, it could be that if you are simply listening, at some point of the chain some piece of code thinks there's nothing within Bochs to receive the packets. Just speculating though.
The other thing that could theoretically go wrong would be a firewall on your host that blocks your packets.. had this happen to me a few times.
Posted: Thu Apr 12, 2007 8:15 pm
by pcmattman
Firewall is disabled.
The ARP requests are replied to, I check Window's ARP cache afterwards and the MAC and IP are there.
My OS picks up packets that are broadcasted to the whole network (ARP requests are sent to everyone).
Any packets sent from Windows don't work at all. I can point you to code if you need it.
Posted: Thu Apr 12, 2007 8:34 pm
by Brynet-Inc
It might actually be.. worth "testing" your bochs networking setup with another OS just so you know you've configured everything correctly.. instead of.. testing while developing your OS.
Posted: Thu Apr 12, 2007 8:35 pm
by pcmattman
You know, that's actually a really good idea.
Either way, my OS won't receive any packets that are addressed directly to it.
I'll have to find a disk image of an OS that supports networking
Posted: Thu Apr 12, 2007 9:08 pm
by mystran
Pickup some firewall linux or some such. Some of them come on floppies (or on small ISOs at least).
Posted: Thu Apr 12, 2007 9:25 pm
by pcmattman
I'll just test with my Ubuntu live CD.
Fingers crossed
Posted: Thu Apr 12, 2007 9:55 pm
by pcmattman
Just a small note: packets sent from my OS work properly (as long as they are also sent to the entire subnet).
IMHO it's something to do with Bochs and WinPCap or my connection settings. Has anyone else been able to setup WinPCap on their system?
WinDump lines:
Code: Select all
14:12:27.957378 arp who-has 192.168.1.109 tell Matthew
14:12:27.978649 arp reply 192.168.1.109 is-at b0:c4:20:00:00:00 (oui Unknown)
...
14:13:20.888136 IP Matthew > 192.168.1.109: ICMP echo request, id 512, seq 38144, length 40
And then nothing. My OS doesn't receive the ICMP packets (doesn't recieve any).
OS output:
Code: Select all
14:28: 8 13/ 4/ 7 M
NE2K Comapatible NIC, iobase=0xc100, irq 11, [b0:c4:20:0:0:0]
Ethernet: New network adapter, index 0
Becoming 192.168.1.109: OK
NE2000: Packet Recieved
ARP Packet
ARP: who has 192.168.1.109 - tell 192.168.1.110 (0:f:ea:a0:15:af), sending reply
NE2000: Packet Transmitted
NE2000: Packet Recieved
IP Packet
UDP Packet
NE2000: Packet Recieved
NE2000: Packet Recieved
IP Packet
UDP Packet
NE2000: Packet Recieved
IP Packet
UDP Packet
The UDP packets are network-wide broadcasts (hence the reason why they arrive).
Edit: more testing... same thing every time. Although this time something very interesting happened - the IRQ changed from 11 to 0 meaning something overwrote the memory.
Posted: Thu Apr 12, 2007 10:46 pm
by mystran
Did Linux work?
Posted: Thu Apr 12, 2007 10:46 pm
by pcmattman
Couldn't detect the network hardware.
Posted: Thu Apr 12, 2007 10:51 pm
by Brynet-Inc
pcmattman wrote:Couldn't detect the network hardware.
Does Bochs only emulate ne2k ISA? QEMU supports both ISA/PCI models.. and a few other net cards.
Posted: Thu Apr 12, 2007 10:52 pm
by pcmattman
I'm using Bochs, ne2k on PCI. I don't know how to use networking in QEMU, but I'll look into it.
Posted: Thu Apr 12, 2007 10:56 pm
by mystran
Have you tried putting your card into promiscuous mode to let it receive all packets? I mean it could be an issue with the ethernet addresses...
Posted: Thu Apr 12, 2007 11:00 pm
by pcmattman
How do I do that in Windows?
Posted: Thu Apr 12, 2007 11:03 pm
by mystran
Well normally sniffers do that automatically. But I ment the Ne2k inside Bochs. Seems to be bit 4 in RCR..