Getting TCP Data in the Filter driver over TCP/IP.sys

OSR_Community_User · May 3, 2000, 2:37am

Hi All,

The follwoing method will be called when I receive TDI_SET_EVENT IRP in my filter driver. I will be associating my ReceiveHandler Address to addressFile->ReceiveHandler. But my Receive handler was never called. Please can anybody tell me why?.

Should I have to do something more for my Receive handler to be called.

ULONG
TdiSetEventHandler(
IN PIRP Irp
)

{
NTSTATUS rc=STATUS_SUCCESS;
ULONG nRet=0;
KIRQL oldirql;
PTDI_REQUEST_KERNEL_SET_EVENT parameters;
PIO_STACK_LOCATION irpSp;
PTP_ADDRESS address;
PTP_ADDRESS_FILE addressFile;
NTSTATUS status;
irpSp = IoGetCurrentIrpStackLocation (Irp);
addressFile = irpSp->FileObject->FsContext;
address = addressFile->Address;
ACQUIRE_SPIN_LOCK (&address->SpinLock, &oldirql);
parameters = (PTDI_REQUEST_KERNEL_SET_EVENT)&irpSp->Parameters;

switch (parameters->EventType)
{

case TDI_EVENT_RECEIVE:
KdPrint((“TDI_EVENT_RECEIVE\n”));
if (parameters->EventHandler == NULL)
{
KdPrint((“Event Handler is Null”));
}
else
{
KdPrint((“Event Handler is not Null”));
DefaultHandler=parameters->EventHandler;
addressFile->ReceiveHandler = (PTDI_IND_RECEIVE)MyReceiveHandler;
addressFile->ReceiveHandlerContext = parameters->EventContext;
addressFile->RegisteredReceiveHandler = TRUE;
}
nRet=0;
break;
default:
nRet=1;
break;
} /* switch */

RELEASE_SPIN_LOCK (&address->SpinLock, oldirql);
return nRet;
} /* TdiSetEventHandler */

Regards
Gopikrishna.B.

Thomas_F_Divine · May 3, 2000, 10:29am

There are several problems.

The most significant is that you seem to be altering values in the FsContext
field of the FileObject.

The FsContext field is generally defined and “owned” by the LOWEST level
device driver in a chain. It is usually “opaque” to higher level filter
drivers unless there is additional documentation that specifically describes
how to interpret it.

So, in your filter you should NOT (and actually don’t need to…) modify
values in the FsContext files.

Your action of overwriting the FsContext field with your own information
almost certainly alters the FsContext field enough so that the lower
driver(s) cannot even recognize that the IRP is valid. Hence, you never get
called.

Regards,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - TDI Client - Windows 95 Redirector
http:

----- Original Message -----
From: Gopikrishna
To: NT Developers Interest List
Sent: Wednesday, May 03, 2000 7:05 AM
Subject: [ntdev] Getting TCP Data in the Filter driver over TCP/IP.sys

Hi All,

The follwoing method will be called when I receive TDI_SET_EVENT IRP in my
filter driver. I will be associating my ReceiveHandler Address to
addressFile->ReceiveHandler. But my Receive handler was never called. Please
can anybody tell me why?.

Should I have to do something more for my Receive handler to be called.

ULONG
TdiSetEventHandler(
IN PIRP Irp
)

{
NTSTATUS rc=STATUS_SUCCESS;
ULONG nRet=0;
KIRQL oldirql;
PTDI_REQUEST_KERNEL_SET_EVENT parameters;
PIO_STACK_LOCATION irpSp;
PTP_ADDRESS address;
PTP_ADDRESS_FILE addressFile;
NTSTATUS status;
irpSp = IoGetCurrentIrpStackLocation (Irp);
addressFile = irpSp->FileObject->FsContext;
address = addressFile->Address;
ACQUIRE_SPIN_LOCK (&address->SpinLock, &oldirql);
parameters = (PTDI_REQUEST_KERNEL_SET_EVENT)&irpSp->Parameters;

switch (parameters->EventType)
{

case TDI_EVENT_RECEIVE:
KdPrint((“TDI_EVENT_RECEIVE\n”));
if (parameters->EventHandler == NULL)
{
KdPrint((“Event Handler is Null”));
}
else
{
KdPrint((“Event Handler is not Null”));
DefaultHandler=parameters->EventHandler;
addressFile->ReceiveHandler =
(PTDI_IND_RECEIVE)MyReceiveHandler;
addressFile->ReceiveHandlerContext =
parameters->EventContext;
addressFile->RegisteredReceiveHandler = TRUE;
}
nRet=0;
break;
default:
nRet=1;
break;
} /* switch /

RELEASE_SPIN_LOCK (&address->SpinLock, oldirql);
return nRet;
} / TdiSetEventHandler */

Regards
Gopikrishna.B.</http:>

OSR_Community_User · May 3, 2000, 3:15pm

When you grab the “Default handler” from parameters->EventHandler, why not
try setting that value to your function?? That routine is the default
handler, and *NOT* the one in FsContext.

parameters->EventHandler = YourFunction.

That will do it.

Shweta.

There are several problems.

The most significant is that you seem to be altering values in the FsContext
field of the FileObject.

The FsContext field is generally defined and “owned” by the LOWEST level
device driver in a chain. It is usually “opaque” to higher level filter
drivers unless there is additional documentation that specifically describes
how to interpret it.

So, in your filter you should NOT (and actually don’t need to…) modify
values in the FsContext files.

Your action of overwriting the FsContext field with your own information
almost certainly alters the FsContext field enough so that the lower
driver(s) cannot even recognize that the IRP is valid. Hence, you never get
called.

Regards,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - TDI Client - Windows 95 Redirector
http:

----- Original Message -----
From: Gopikrishna
To: NT Developers Interest List
Sent: Wednesday, May 03, 2000 7:05 AM
Subject: [ntdev] Getting TCP Data in the Filter driver over TCP/IP.sys

Hi All,

The follwoing method will be called when I receive TDI_SET_EVENT IRP in my
filter driver. I will be associating my ReceiveHandler Address to
addressFile->ReceiveHandler. But my Receive handler was never called. Please
can anybody tell me why?.

Should I have to do something more for my Receive handler to be called.

ULONG
TdiSetEventHandler(
IN PIRP Irp
)

{
NTSTATUS rc=STATUS_SUCCESS;
ULONG nRet=0;
KIRQL oldirql;
PTDI_REQUEST_KERNEL_SET_EVENT parameters;
PIO_STACK_LOCATION irpSp;
PTP_ADDRESS address;
PTP_ADDRESS_FILE addressFile;
NTSTATUS status;
irpSp = IoGetCurrentIrpStackLocation (Irp);
addressFile = irpSp->FileObject->FsContext;
address = addressFile->Address;
ACQUIRE_SPIN_LOCK (&address->SpinLock, &oldirql);
parameters = (PTDI_REQUEST_KERNEL_SET_EVENT)&irpSp->Parameters;

switch (parameters->EventType)
{

case TDI_EVENT_RECEIVE:
KdPrint((“TDI_EVENT_RECEIVE\n”));
if (parameters->EventHandler == NULL)
{
KdPrint((“Event Handler is Null”));
}
else
{
KdPrint((“Event Handler is not Null”));
DefaultHandler=parameters->EventHandler;
addressFile->ReceiveHandler =
(PTDI_IND_RECEIVE)MyReceiveHandler;
addressFile->ReceiveHandlerContext =
parameters->EventContext;
addressFile->RegisteredReceiveHandler = TRUE;
}
nRet=0;
break;
default:
nRet=1;
break;
} /* switch /

RELEASE_SPIN_LOCK (&address->SpinLock, oldirql);
return nRet;
} / TdiSetEventHandler */

Regards
Gopikrishna.B.

—
You are currently subscribed to ntdev as: xxxxx@techie.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup</http:>

OSR_Community_User · May 4, 2000, 7:49am

Thanks all for sending me the Reply. Now My ReceiveHandler is getting called. Since My driver is a hook driver I need to call the ReceiveHandler registered be the TDI client. I am storing the default ReceiveHandler address when TDI_EVENT_RECEIVE arrives in a global function pointer. In my receive handler I am calling that Default Receive handler( which is registered by the TDI client). But it looks like TDI client is not getting the data (My browser didn’t show any web page content) and MyRecieveHandler is getting called only once.

I am attaching the code. Can anybody tell me what’s the error in my code.

file://This rountine will be called when TDI_SET_EVENT irp comes
ULONG
TdiSetEventHandler(
IN PIRP Irp
)

{
NTSTATUS rc=STATUS_SUCCESS;
ULONG nRet=0;
PTDI_REQUEST_KERNEL_SET_EVENT parameters;
PIO_STACK_LOCATION irpSp;
NTSTATUS status;

irpSp = IoGetCurrentIrpStackLocation (Irp);
parameters = (PTDI_REQUEST_KERNEL_SET_EVENT)&irpSp->Parameters;
switch (parameters->EventType)
{
case TDI_EVENT_RECEIVE:
KdPrint((“TDI_EVENT_RECEIVE\n”));
if (parameters->EventHandler == NULL)
{
KdPrint((“Event Handler is Null”));
}
else
{
KdPrint((“Event Handler is not Null”));
DefaultHandler=parameters->EventHandler;
parameters->EventHandler=MyReceiveHandler;
}
nRet=0;
break;
case TDI_EVENT_RECEIVE_EXPEDITED:
KdPrint((“TDI_EVENT_RECEIVE_EXPEDITED\n”));
if (parameters->EventHandler == NULL)
{
KdPrint((“Exp Event Handler is Null”));
}
else
{
KdPrint((“Exp Event Handler is Not Null”));
DefaultExpHandler=parameters->EventHandler;
parameters->EventHandler=MyExpReceiveHandler;
}
nRet=0;
break;
}
}

NTSTATUS ReceiveEventHandler(IN PVOID EventContext,
IN CONNECTION_CONTEXT ConnectionContext,
IN ULONG Flags,
IN ULONG BytesIndicated,
IN ULONG BytesAvailable,
OUT ULONG *BytesTaken,
IN PVOID Tsdu, // a lump of bytes
OUT PIRP *IoRequestPacket // only if more
// PROCESSING REQUIRED.
)
{ NTSTATUS status;

KdPrint((“Receive Event Handler\n”));
DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_ERR,
(“Flags = 0x%x BytesIndicated = %i BytesAvailable = %i\n”,
Flags, BytesIndicated, BytesAvailable));

file://Call the client registered Event call back

status=DefaultHandler(EventContext,
ConnectionContext,
Flags,
BytesIndicated,
BytesAvailable,
BytesTaken,
Tsdu, // a lump of bytes
IoRequestPacket // only if more
);
if( !NT_SUCCESS( status ) )
{
DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_ERR, (“Calling default handler is unsuccesful status= 0x%x\n”, status) );
}
return status;