block in TDI_EVENT_CONNECT

NTDEV
1

Hi, all.
I encountered a critical problem. I want to block in TDI_EVENT_CONNECT handler that was hooked by my
filter driver and wait for the user to choose whether accept the connection.
But, TDI_EVENT_CONNECT handler run at DISPATCH_LEVEL and KeWaitforSingleObject with timeout
nonezero could not be called. And How can I solve this problem?

Please help me.

best regards
yours brucie
brucie@263.net

2

Cannot.

“brucie” wrote in message news:xxxxx@ntdev…
> Hi, all.
> I encountered a critical problem. I want to block in TDI_EVENT_CONNECT
handler that was hooked by my
> filter driver and wait for the user to choose whether accept the
connection.
> But, TDI_EVENT_CONNECT handler run at DISPATCH_LEVEL and
KeWaitforSingleObject with timeout
> nonezero could not be called. And How can I solve this problem?
>
> Please help me.
>
> best regards
> yours brucie
> brucie@263.net
>

3

You cannot.
Maintain a pre-build table of what kinds of connections are allowed, and query it in connect handler.
The table will be updated by IOCTLs from the user app.

Max

----- Original Message -----
From: “brucie”
To: “NT Developers Interest List”
Sent: Tuesday, April 30, 2002 12:51 AM
Subject: [ntdev] block in TDI_EVENT_CONNECT

> Hi, all.
> I encountered a critical problem. I want to block in TDI_EVENT_CONNECT handler that was hooked by my
> filter driver and wait for the user to choose whether accept the connection.
> But, TDI_EVENT_CONNECT handler run at DISPATCH_LEVEL and KeWaitforSingleObject with timeout
> nonezero could not be called. And How can I solve this problem?
>
> Please help me.
>
> best regards
> yours brucie
> brucie@263.net
> b­®¶¹®vµjƶi¢ºn‰zn‘Š•zzز

4

Thanks. I know I cannot block it in the handler. I wonder how atGuard, sygate personal firewall can do.

You cannot.
Maintain a pre-build table of what kinds of connections are allowed, and query it in connect handler.
The table will be updated by IOCTLs from the user app.

Max

----- Original Message -----
From: “brucie”
>To: “NT Developers Interest List”
>Sent: Tuesday, April 30, 2002 12:51 AM
>Subject: [ntdev] block in TDI_EVENT_CONNECT
>
>
>> Hi, all.
>> I encountered a critical problem. I want to block in TDI_EVENT_CONNECT handler that was hooked by my
>> filter driver and wait for the user to choose whether accept the connection.
>> But, TDI_EVENT_CONNECT handler run at DISPATCH_LEVEL and KeWaitforSingleObject with timeout
>> nonezero could not be called. And How can I solve this problem?
>>
>> Please help me.
>>
>> best regards
>> yours brucie
>> brucie@263.net
>> b???v?jƶ?i??n?zn???zzز
>
>
>—
>You are currently subscribed to ntdev as: brucie@263.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com

5

I understand one cannot block in the ClientEventHandler, but is it
possible
to return STATUS_MORE_PROCESSING_REQUIRED? Then a worker thread running
at
passive level can complete the incoming connect request.

“Thomas F. Divine” wrote:

Cannot.

“brucie” wrote in message news:xxxxx@ntdev…
> > Hi, all.
> > I encountered a critical problem. I want to block in TDI_EVENT_CONNECT
> handler that was hooked by my
> > filter driver and wait for the user to choose whether accept the
> connection.
> > But, TDI_EVENT_CONNECT handler run at DISPATCH_LEVEL and
> KeWaitforSingleObject with timeout
> > nonezero could not be called. And How can I solve this problem?
> >
> > Please help me.
> >
> > best regards
> > yours brucie
> > brucie@263.net
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@okena.com
> To unsubscribe send a blank email to %%email.unsub%%

6

IMO If you return STATUS_MORE_PROCESSING_REQUIRED,
from the connect event handler, it means that you have
accepted the request.

Excerpt from the DDK help of ClientEventConnect:

ClientEventConnect can return one of the the following:

STATUS_MORE_PROCESSING_REQUIRED
ClientEventConnect is accepting the offered connection
and has supplied an accept request at AcceptIrp.
Some transports assume the connection offer is being
rejected if ClientEventConnect returns anything other than this value.

STATUS_CONNECTION_REFUSED
ClientEventConnect is rejecting the offered connection.
STATUS_INSUFFICIENT_RESOURCES
ClientEventConnect could not allocate sufficient resources
to accept the offered connection. The transport will send
a rejection to the remote node.

Hope this helps…
Taher

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Dave McCowan
Sent: Thursday, May 02, 2002 4:51 PM
To: NT Developers Interest List
Subject: [ntdev] Re: block in TDI_EVENT_CONNECT

I understand one cannot block in the ClientEventHandler, but is it
possible
to return STATUS_MORE_PROCESSING_REQUIRED? Then a worker thread running
at
passive level can complete the incoming connect request.

“Thomas F. Divine” wrote:

Cannot.

“brucie” wrote in message news:xxxxx@ntdev…
> > Hi, all.
> > I encountered a critical problem. I want to block in TDI_EVENT_CONNECT
> handler that was hooked by my
> > filter driver and wait for the user to choose whether accept the
> connection.
> > But, TDI_EVENT_CONNECT handler run at DISPATCH_LEVEL and
> KeWaitforSingleObject with timeout
> > nonezero could not be called. And How can I solve this problem?
> >
> > Please help me.
> >
> > best regards
> > yours brucie
> > brucie@263.net
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@okena.com
> To unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to ntdev as: xxxxx@veritas.com
To unsubscribe send a blank email to %%email.unsub%%