Windows userspace TCP/IP stack - How to suppress the kernel stack for a specified ethernet interface?

1
votes

I have a TCP/IP stack running within a Windows userspace program. The stack is based on a Windows-port of LwIP: https://github.com/yarrick/lwip-contrib/tree/master/ports/win32

The userspace stack interfaces with an ethernet interface at layer 2 using the npcap library/driver: https://nmap.org/npcap/

ncap is used to send and capture raw ethernet packets, which are passed from/to the userspace LwIP stack.

The problem: Let's say I listen on TCP port 5000 within the userspace stack. The Windows kernel does not know anything about the userspace stack and treats 5000 as closed port. This interferes with the userspace stack. For example, the kernel might response to incoming SYN packets with RESET packets (rejecting the TCP connection).

The question: How can I shut down the Windows kernel TCP/IP stack for a specified ethernet interface? I want the userspace stack via ncap to be the only one who is sending out packets.

1
windowstcpnetwork-programmingnpcap
I am thinking about the Windows firewall, but I do not yet know whether this is feasible.Mike76
If you open the Properties dialogue for the network adapter, you'll see a bunch of checkboxes for the various protocols that are active above that adapter, including IPv4 and IPv6. Does unchecking those boxes not give you the behaviour you want?ottomeister
Thanks this solved the issue, I had to uncheck all kinds of protocol in the adapter settings.Mike76

1 Answers

1
votes

Unchecking all protocols in the network adapter settings solved the problem (ipv4, ipv6, others...)