WFP Callout Driver and User-mode app

Hello!
I’m writing WFP Callout Driver. Now it’s successfully monitors traffic on the stream level and blocks particular web-resources. But I need some data to be processed by user-mode application. I want the driver to send this application some data for inspection and wait untill this application retur the answer. And then to permit or to block.
If It is possible, what is the best way to realize this communication? Thank you!

Amalthea_UA wrote:

I’m writing WFP Callout Driver. Now it’s successfully monitors traffic on the stream level and blocks particular web-resources. But I need some data to be processed by user-mode application. I want the driver to send this application some data for inspection and wait untill this application retur the answer. And then to permit or to block.

It is possible? Thank you!

Of course.  Just like any driver, you can create a device object so that
user-mode app can send you ioctl requests.  You would use the “inverted
call” model, where the app submits a series of requests that remain
pending in the driver until there is something to return.

However, your network performance is going to die a horrible flaming
death if you require every network packet to wait for a process switch
and a kernel-to-user-to-kernel transition.

@Tim_Roberts said:
Amalthea_UA wrote:

I’m writing WFP Callout Driver. Now it’s successfully monitors traffic on the stream level and blocks particular web-resources. But I need some data to be processed by user-mode application. I want the driver to send this application some data for inspection and wait untill this application retur the answer. And then to permit or to block.

It is possible? Thank you!

Of course. Just like any driver, you can create a device object so that
user-mode app can send you ioctl requests. You would use the “inverted
call” model, where the app submits a series of requests that remain
pending in the driver until there is something to return.

However, your network performance is going to die a horrible flaming
death if you require every network packet to wait for a process switch
and a kernel-to-user-to-kernel transition.

Thank you for reply!
Yes, I know about “inverted call” model. I just thought, maybe there are some other methods that are more effective. I understand that performance can fall. But I don’t need to forward all packages to the user-mode application. Therefore, I will try to implement “inverted call” model and see how the network performance drops. The result may not be so bad.