network connections status in kernel mode from non-network driver?

I’ve a need to determine if the system is connected to internet (wifi or lan) from a custom kernel mode driver (not an network driver). Any pointers how this could
be done?

That’s not the right place to do that. A helper user-mode service could do this trivially and salt away a status somewhere that your driver could query.

However, step back a moment. Why do you think you need this in the first place? What decisions can you possibly make based on this information? If you need to reach a server somewhere, then you just go connect to the server. Having internet access does not guarantee you access to your server.
Specifically, this sequence:

    if( attached to the internet )
        try to contact our server
        if( failure )
            handle fallback
    else
        handle fallback

offers you absolutely no additional benefits over this sequence:

    try to contact our server
    if( failure )
        handle fallback

Hello Tim, Just need a way to check if Internet is available. The driver will not be pinging or attempting to connect to a server. The driver will perform specific device configuration if internet is not available. The UWP app (HSA) might not be running all the time to tell the driver (via ioctl) to config the device if network is disconnected

I don’t buy it. If you’re not a network device, then why would you care about a network? And your last sentence says “if network is disconnected”. Are you just asking about a network in general, or do you really need Internet? The two are quite different.

I’m not sure what you mean don’t buy it. I’m not trying to convince you here… No offense. I’ve a need to check if the system is connected to internet. WiFi/LAN or even broadband. I could get away if I can just enumerate list of network adapters and check if connected or not.

Looks like WMI might be the way to go. https://community.osr.com/discussion/195111

Just because a network adapter is lit up doesn’t mean it can reach the internet.

True. Got somewhere by handling MSNdis_StatusOperationalStatus_GUID notification and seems to work for WiFi not wired network. I’d have to just assume if connected, internet is avilable

This is a bizarre and probably impossible requirement.

Tim says that it is easy in UM, but I dispute that too. Knowing when you are connected to the Internet - the real actual Internet is a very hard thing to know.

There is probably no valid use case where you should change the behaviour of your code based in apparent internet access, but even if there is how can you possibly know? There is a little widgit in Windows that attempts to tell the user his internet connected status, but it is trivial to provide either false positive or false negative data to it. Even basic firewalls can do both

This seems like one of those situations where none of us can help much without knowing more about what you are trying to achieve at a higher level

Unfortunately I can’t provide more details on the use case. There is a use case even for a bizarre requirement. Anyway, I was able to handle MSNdis_StatusMediaConnectGuid and MSNdis_StatusMediaDisconnectGuid notifications and sufficient for my need now. Looks like I could go even further and check if address (IP) has been assigned etc.

This is a bizarre and probably impossible requirement.

…unless you happen to be writing some malware that tries its best to avoid the detection, and.hence, spends most of its time “in a stealth mode”, going up to the “operational one” only once in a while. If its"functionality" includes sending out data, such a requirement becomes perfectly understandable from its “theory of operations” standpoint, although technically still not really a feasible one…

Anton Bassov

handling these callbacks will tell you when you are connected to some network. That network might be something that is connected to the internet, or it might be anything else. If that is good enough for your purposes, than sure. But that’s a long way from knowing if you are truly connected to the internet.

but as Anton says, a valid requirement for malware or a most bizarre one for anything else. Consider what use this information could be. determining that you are connected to the internet does not imply that any particular connection attempt will succeed. or that the data obtained over a private network won’t be just as untrustworthy as data from a public one. The golden rule of network programming (or any kind of programming across a boundary of trust) is never to try to know in advance if something is going to work or not, but to try it and handle the failure. and if against all odds it succeeds, validate the data as if you know it came from a hacker and has purposeful mal intent.

handling these callbacks will tell you when you are connected to some network.

… and even this part is “a subject to change”, because you may get (dis)connected at any moment. Therefore, the very suggestion that your driver’s operations may somehow depend on something as fickle and volatile as a network connection status is plainly ridiculous…unless you are writing malware. A “legitimate” driver would simply try to connect to the server of interest in this situation - this is what kernel sockets are for, in the first place. However, for this or that reason the OP finds this approach unsuitable for his purposes.Taking into consideration his unwillingness to provide any additional info about his goals and purposes, I’ve got a weird feeling that they may be “rather nefarious”…

Anton Bassov

I wouldn’t go so far as to say “ridiculous”, but Anton’s fundamental point is correct. You can’t make any decisions based on the “am I connected” state, because you might not be connected 2 seconds from now. If you need a resource, then you go fetch the resource and handle whatever errors that might occur. You don’t base your “should I fetch the resource?” question on whether you were connected one second ago.

Folks, I’m not writing any malware.

I believe you - in so far as that goes. but either you have discovered a new programming paradigm unknow to me in my 25 years or so of experience, you are creating malware of some kind, or you are falling into some kind of error. I don’t mean to make it so stark - there is always a chance that you have hit on some useful scheme that requires this kind of information and I just don’t understand it and you can’t divulge it. The purpose of these comments from me is to help you identify if you are in that third case and falling into some kind of error. This seems most likely, but again you know more about it than any of us

1 Like