Re: OID_xxx_PERMANENT_ADDRESS does NOT work!! - Network Adpaters and Cisco VPN

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Graem,

I think that Pavel's suggestion about "hijacked NIC" is perfectly
reasonable (although the very term "hijacked" does not seem to be
appropriate under these circumstances. More on this below).

First of all, by sending some certain OIDs to the target NIC a caller
may change its configuration, and, if NICs configuration changes while
VPN adapter is around, this change may simply break its operations.
Therefore, VPN adapter wants to know what's going on, so that it
monitors (and, apparently, tampers with) IOCTLs that get send to
stand-alone device that miniport driver has registered.

Second, VPN may block access to physical NICs simply for security
reasons - it may want
to make sure that *ABSOLUTELY* all Internet traffic from/to the target
machine goes via VPN. Therefore, it makes sure that, from the client's
perspective, VPN adapter is the only
adapter that is installed on the target machine. If VPN is used for
accessing a corporate network, such approach is more than reasonable


In other words, you should not be surprized at all


Anton Bassov

Graem Rucker wrote:
From the previous thread: "PCI Network Adpaters & PnpInstanceID", I was told
that I should enumerate my network adapters (which I am doing fine now) and
DeviceIoControl each for its permanent address.

Sounds good in theory - BUT - here is the problem.:

For a given network adapter on a machine - I CreateFile using its GUID, then
gets its supported OID_xxx_PERMANENT_ADDRESS, and call DeviceIoControl for
that.

When a Cisco VPN is not connected - it seems to return the correct MAC
address (of the card). However - when the VPN is connected - it returns the
MAC address of the VPN! This doesnt make sense (to me) because - I have
carefully triple checked that in fact the GUID used for the CrateFile
operation is the exact same in both cases and is the GUID for the physical
network card.

What the hell is happening here?

Here is the code that sends the IO Control calls:



{
AnsiString nicFile = Format("\\\\.\\%s",
ARRAYOFCONST((pNICNames->Strings[i])));

// Open the device for reading
HANDLE hDevice = CreateFile(nicFile.c_str(), 0, FILE_SHARE_READ,
NULL, OPEN_EXISTING, 0,
INVALID_HANDLE_VALUE);

if (hDevice != INVALID_HANDLE_VALUE)
{
try
{
NDIS_OID OidCode = OID_GEN_SUPPORTED_LIST;
DWORD OidData[4096];
ZeroMemory(OidData, sizeof(OidData));

ULONG ulBytesReturned = 0;

bool bResult = (bool) DeviceIoControl(
hDevice,
IOCTL_NDIS_QUERY_GLOBAL_STATS,
&OidCode,
sizeof(NDIS_OID),
OidData,
sizeof(OidData),
&ulBytesReturned,
NULL );

if (!bResult)
{
#ifdef _DEBUG
FormatOutputMessage();
#endif
}
else
{
// we got the supported list - lets find which
protocol it supports for OID_xxx_PERMANENT_ADDRESS
OidCode = 0;
for (int n = 0; n < ulBytesReturned/4; ++n)
{
if(OidData[n] == OID_802_3_PERMANENT_ADDRESS) //
ethernet
{
OidCode = OID_802_3_PERMANENT_ADDRESS;
break;
}
else if (OidData[n] ==
OID_802_5_PERMANENT_ADDRESS) // token ring
{
OidCode = OID_802_5_PERMANENT_ADDRESS;
break;
}
else if (OidData[n] ==
OID_WAN_PERMANENT_ADDRESS) //wan
{
OidCode = OID_WAN_PERMANENT_ADDRESS;
break;
}
else if (OidData[n] ==
OID_ARCNET_PERMANENT_ADDRESS) // arcnet
{
OidCode = OID_ARCNET_PERMANENT_ADDRESS;
break;
}
}


if (0 != OidCode)
{
// we got a protocol - get the perm address now.
ZeroMemory(OidData, sizeof(OidData));
ulBytesReturned = 0;

bResult = (bool) DeviceIoControl(
hDevice,
IOCTL_NDIS_QUERY_GLOBAL_STATS,
&OidCode,
sizeof(NDIS_OID),
OidData,
sizeof(OidData),
&ulBytesReturned,
NULL );


if (!bResult)
{
#ifdef _DEBUG
FormatOutputMessage();
#endif
}
else
{
#ifdef _DEBUG
AnsiString test87645 = "Got MAC address
for: " + pNICNames->Strings[i];
OutputDebugString(test87645.c_str());
#endif


// we think we got the address.
if (6 == ulBytesReturned)
{
// we got it
AMacAddress.SetLength((ulBytesReturned *
3) - 1);
char *ptr = AMacAddress.c_str();

LPBYTE MACData = (LPBYTE)OidData;

sprintf(ptr, "%02X", MACData[0]);
ptr += 2;

for(DWORD i = 1; i < 6; ++i)
{
sprintf(ptr, ":%02X", MACData[i]);
ptr += 3;
}
}
break;
}
}
}
}
__finally
{
// Close the device
CloseHandle(hDevice);
}
}
}

.

Relevant Pages

  • Re: Internal Nic goes down??
    ... Without the VPN appliance are you using one or two nics??? ... I'm not familiar of any way to "isolate" SBS from that DHCP server if your ... Cris Hanna [SBS - MVP] ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: one or two NIC cards
    ... VPN configuration if you have 1 NIC or 2 NICs on SBS. ... server on the Web Server Certificate page. ...
    (microsoft.public.windows.server.sbs)
  • RE: 1 NIC or 2 Security
    ... I understand that you want to know 1 NIC SBS ... we can not make sure which is more security between hardware VPN ... If you want to set VPN server on SBS, we recommend to use 2 NICs. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Connection Issues
    ... VPN Network is 192.168.0.x ... and the server was installed and working fine ... nics - integrated Motherboard nic, ... the VPN connection fails at registering computer on the network. ...
    (microsoft.public.backoffice.smallbiz)
  • Re: W2003 VPN Setup
    ... The server will only ping itself. ... connection to the Internet. ... Remote users trying to connect to your LAN by VPN will need to connect to ... I have a clean W2003 box with 2 nics. ...
    (microsoft.public.windows.server.networking)