FltCreateCommunicationPort causes a blue

Thank you. Mr. Dejan_Maximovic. And help me please. How can I communicate an NDIS filter driver to a user mode application. It is required to send to the user program all outgoing and incoming packets captured by the filter driver. Those. how can i pass all network traffic to a program running in user mode to make some changes

If I need to answer that question, you’re in trouble :slight_smile:
Not because the implementation would be easy and you should figure it in
minutes, but because sending that much data will kill your OS.

Kind regards, Dejan Maksimovic.
FS Lead: http://www.alfasp.com

Thank you, Mister. But I will only send the shared addresses of these packets, and I think that in this way I can change the outgoing and incoming Ethernet packets (or not?). Tell me please. What mechanism to use. Possibly an IRP. (inverted call). For one month, I tried some mechanisms, but nothing worked.
I will copy that packets and pass to user program the copy, and return original packets to kernel from inside FilterSend and FilterReceive procedures of my NDIS filter driver. Thank You

Do you have a sense how many packets per second you would send and wait for
UM to process?

No, because this driver will be installed on all hosts in the private network and users will communicate with each other․
They will do whatever they want.
I have already done driver and encryption. But now they want to make the encryption process in user mode, so I have to send all outgoing and incoming packets to the user program.
Thank You Mr. Dejan_Maksimovic.
Thank You Mr.Don_Burn.

Hello everybody.Who can help me. How can I send outgoing Net Buffer Lists (outgoing traffic from NDIS filter driver (FilterSendNetBufferLists)) to user mode program for some modifications. I am doing it with IRPs, but I think it is not a best case. Because initiator of IRP is user, but I need the driver to be an initiator of communication between NDIS driver and user program.
Thank You.

How is this not a big security flaw anyway? OP wants to modify packets captured in kernel from usermode… Meaning anyone who attacks the usermode application can basically alter every single packets sent or received by the computer. I understand that this is on a private network but still, this project of yours and its use case doesn’t make any sense to me.

@Arsen said:
Hello everybody.Who can help me. How can I send outgoing Net Buffer Lists (outgoing traffic from NDIS filter driver (FilterSendNetBufferLists)) to user mode program for some modifications. I am doing it with IRPs, but I think it is not a best case. Because initiator of IRP is user, but I need the driver to be an initiator of communication between NDIS driver and user program.
Thank You.

You might want to ask new question s in a new thread.

Thanks for the answer. My goal is to encrypt packets in user mode. Because the encryption algorithm is in a dll, it runs in user mode. This algorithm is safe and cannot be inside a driver. The driver images are on the hard drive, which is a security breach

Driver developed by me. NDIS filter driver. I think if the driver wants to, it should be able to communicate with the user mode. There is a communication mechanism (FtlCreateCommunicationPort) for non NDIS drivers, it does not work for NDIS drivers.

>

Thanks for the answer. My goal is to encrypt packets in user mode. Because
the encryption algorithm is in a dll, it runs in user mode. This algorithm
is safe and cannot be inside a driver. The driver images are on the hard
drive, which is a security breach

Could you translate this for me, please?
User mode is not on a hard drive, but drivers are?

Again, how much data and how often do you need to send to user mode? 10 per
second, millisecond, microsecond, nanosecond?

Mr. Deyan_Maximovich. I wrote an NDIS filter driver. It will be installed on some isolated networks. How much data will be transmitted over the network there, I do not know. They will send documents, hold teleconferences and much more. I dont know. I think this is not very important, because. at first, customers suggested me to send outgoing packets back to user mode using a loop, i.e. to send packets back through sockets.
This means that all packets will be circulated 3 times. From the application to the network driver, from the driver to the user-mode encryption program, and finally from that program to the network.

Try sending a million packets between kernel and user mode per second, and
check the latency difference. (Any packet, no need to test NDIS packets for
this test)

If you do that, I suspect you will find the performanxece to be
unacceptable.

I don’t have a good sense of how many NDIS packets go per second, so maybe
I am off by an order of 1000x.

Dejan.

Could you translate this for me, please?
User mode is not on a hard drive, but drivers are?

The driver image is on the hard drive. We cannot call the driver from flash. But we can’t put the algorithm in the driver code, because someone can copy this driver from //Windows//system//drivers. Therefore, we decided to transfer the source packets to a user program on a removable disk, which should receive all packets from the driver, perform encryption and transfer back to the driver.

well, thank You Mr.

That… will be awesome, perf wise, when paging kicks in :slight_smile:
Ok, you can use the AvScan example to send data. But test the performance,
I think you will run into unacceptable bottlenecks

OT: how da heck did the message get translated into… Russian, but only via
email?? When I go to the forum, it is in English :slight_smile:

well

@Dejan_Maksimovic Messages can be edited for an hour after you enter them. Only the initial version gets sent in the email.

Well. ThakYou.

Ah, right! I knew it wasn’t AI translation, grammar was good in both
languages :slight_smile: