CientEventReceiveDatagram

OSR_Community_User · August 9, 2002, 9:52am

Hello !
Is it possible to delay Receive through CientEventReceiveDatagram
callback ? If it is, then how can I do it correctly ?
Now I pass
CientEventReceiveDatagram = 0
ReceiveDatagramFlags & ~TDI_RECEIVE_ENTIRE_MESSAGE

into Old CientEventReceiveDatagram to force IRP to return.
Then I can postprocess this IRP later… It works a bit,
but I cannot observe “My Network Places”…
Nevertheless I can find local computers by Ip(or by name)

–
Best regards,
foxgen mailto:xxxxx@yandex.ru

OSR_Community_User · August 10, 2002, 6:27am

What is your intent? Can you describe this more detaily?

Max

----- Original Message -----
From: “xxxxx@yandex”
To: “NT Developers Interest List”
Sent: Friday, August 09, 2002 5:57 PM
Subject: [ntdev] CientEventReceiveDatagram

> Hello !
> Is it possible to delay Receive through CientEventReceiveDatagram
> callback ? If it is, then how can I do it correctly ?
> Now I pass
> CientEventReceiveDatagram = 0
> ReceiveDatagramFlags & ~TDI_RECEIVE_ENTIRE_MESSAGE
>
> into Old CientEventReceiveDatagram to force IRP to return.
> Then I can postprocess this IRP later… It works a bit,
> but I cannot observe “My Network Places”…
> Nevertheless I can find local computers by Ip(or by name)
>
>
> –
> Best regards,
> foxgen mailto:xxxxx@yandex.ru
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · August 10, 2002, 10:35am

I’m writting TDI-driver for a personal firewall.
I want to filter UDP activity at TDI-level.
The restriction is that I can do filtering at PASSIVE_LEVEL only,
thats why I do all these tricks …

MSS> What is your intent? Can you describe this more detaily?

MSS> Max

MSS> ----- Original Message -----
MSS> From: “xxxxx@yandex”
MSS> To: “NT Developers Interest List”
MSS> Sent: Friday, August 09, 2002 5:57 PM
MSS> Subject: [ntdev] CientEventReceiveDatagram

>> Hello !
>> Is it possible to delay Receive through CientEventReceiveDatagram
>> callback ? If it is, then how can I do it correctly ?
>> Now I pass
>> CientEventReceiveDatagram = 0
>> ReceiveDatagramFlags & ~TDI_RECEIVE_ENTIRE_MESSAGE
>>
>> into Old CientEventReceiveDatagram to force IRP to return.
>> Then I can postprocess this IRP later… It works a bit,
>> but I cannot observe “My Network Places”…
>> Nevertheless I can find local computers by Ip(or by name)

–
Best regards,
foxgen mailto:xxxxx@yandex.ru

OSR_Community_User · August 10, 2002, 6:00pm

You cannot show any UI from ClientEventReceive(Datagram) paths.

You can only a) maintain some table, managed by IOCTLs, which will be
used for filtering and b) accumulate a log of connect/receive
operations in memory, and then extract it by IOCTLs.

Max

----- Original Message -----
From: “xxxxx@yandex”
To: “NT Developers Interest List”
Sent: Saturday, August 10, 2002 6:40 PM
Subject: [ntdev] Re: CientEventReceiveDatagram

> I’m writting TDI-driver for a personal firewall.
> I want to filter UDP activity at TDI-level.
> The restriction is that I can do filtering at PASSIVE_LEVEL only,
> thats why I do all these tricks …
>
> MSS> What is your intent? Can you describe this more detaily?
>
> MSS> Max
>
> MSS> ----- Original Message -----
> MSS> From: “xxxxx@yandex”
> MSS> To: “NT Developers Interest List”
> MSS> Sent: Friday, August 09, 2002 5:57 PM
> MSS> Subject: [ntdev] CientEventReceiveDatagram
>
>
> >> Hello !
> >> Is it possible to delay Receive through CientEventReceiveDatagram
> >> callback ? If it is, then how can I do it correctly ?
> >> Now I pass
> >> CientEventReceiveDatagram = 0
> >> ReceiveDatagramFlags & ~TDI_RECEIVE_ENTIRE_MESSAGE
> >>
> >> into Old CientEventReceiveDatagram to force IRP to return.
> >> Then I can postprocess this IRP later… It works a bit,
> >> but I cannot observe “My Network Places”…
> >> Nevertheless I can find local computers by Ip(or by name)
>
>
>
> –
> Best regards,
> foxgen mailto:xxxxx@yandex.ru
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · August 12, 2002, 2:29am

Yes, I cannot wait in ClientEventReceive(Datagram) …
But if there were a way, when IRP would return on every call of this
function, It would be possible to process UDP-activity at
PASSIVE_LEVEL… Dont you think so ?
That’s why I’m looking for such a method…

MSS> You cannot show any UI from ClientEventReceive(Datagram) paths.

MSS> You can only a) maintain some table, managed by IOCTLs, which will be
MSS> used for filtering and b) accumulate a log of connect/receive
MSS> operations in memory, and then extract it by IOCTLs.

–
Best regards,
foxgen mailto:xxxxx@yandex.ru

OSR_Community_User · August 12, 2002, 6:58am

No. You can write a TDI client this way, but not a filter, such a
filter will nearly inevitably ruin AFD.
BTW - why filter receives? Maybe filter port creations only?

Max

----- Original Message -----
From: “xxxxx@yandex”
To: “NT Developers Interest List”
Sent: Monday, August 12, 2002 10:34 AM
Subject: [ntdev] Re: CientEventReceiveDatagram

> Yes, I cannot wait in ClientEventReceive(Datagram) …
> But if there were a way, when IRP would return on every call of this
> function, It would be possible to process UDP-activity at
> PASSIVE_LEVEL… Dont you think so ?
> That’s why I’m looking for such a method…
>
> MSS> You cannot show any UI from ClientEventReceive(Datagram) paths.
>
> MSS> You can only a) maintain some table, managed by IOCTLs, which
will be
> MSS> used for filtering and b) accumulate a log of connect/receive
> MSS> operations in memory, and then extract it by IOCTLs.
>
>
>
> –
> Best regards,
> foxgen mailto:xxxxx@yandex.ru
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · August 12, 2002, 11:22am

Well, It doesnt ruin …
the only thing that disappoint me is that I cannot see network
neighbourhood.
why filter receive ? - because this is nesessary for filtering…
Port creation is not enough …

MSS> No. You can write a TDI client this way, but not a filter, such a
MSS> filter will nearly inevitably ruin AFD.
MSS> BTW - why filter receives? Maybe filter port creations only?

MSS> Max

–
Best regards,
foxgen mailto:xxxxx@yandex.ru

OSR_Community_User · August 12, 2002, 12:57pm

Well, It doesnt ruin …
the only thing that disappoint me is that I cannot see network
neighbourhood.
why filter receive ? - because this is nesessary for filtering…
Port creation is not enough …

Foxgen

MSS> No. You can write a TDI client this way, but not a filter, such a
MSS> filter will nearly inevitably ruin AFD.
MSS> BTW - why filter receives? Maybe filter port creations only?

MSS> Max

Thomas_F_Divine · August 12, 2002, 4:46pm

The “not being able to see network neighborhood” behavior may be related to
the load order of your filter. If NetBT open Tcp before you install your
filter, then you may miss some requests (or ignore them because of
insufficient IRP stack locations).

Good luck,

Thomas F. Divine

PCAUSA - Tools & Resources For Network Software Developers
NDIS Protocol/Intermediate/Hooking - TDI Client/Filter
http: - http:

“xxxxx@yandex” wrote in message news:xxxxx@ntdev…
>
> Well, It doesnt ruin …
> the only thing that disappoint me is that I cannot see network
> neighbourhood.
> why filter receive ? - because this is nesessary for filtering…
> Port creation is not enough …
>
> Foxgen
>
> MSS> No. You can write a TDI client this way, but not a filter, such a
> MSS> filter will nearly inevitably ruin AFD.
> MSS> BTW - why filter receives? Maybe filter port creations only?
>
> MSS> Max
>
>
>
>
>
></http:></http:>

OSR_Community_User · August 13, 2002, 2:44pm

Looks like UDP receive path is defunct with your filter. Computer
Browser service which builds the NetHood list uses NetBIOS broadcasts,
which are mapped to UDP.

Write a filter on top of AFD and intercepd AFD’s internal IOCTL, which
corresponds to recv(). At least it will be called on PASSIVE_LEVEL,
and you will be able to do things like UI operations from it.

Max

----- Original Message -----
From: “xxxxx@yandex”
To: “NT Developers Interest List”
Sent: Monday, August 12, 2002 7:27 PM
Subject: [ntdev] Re: CientEventReceiveDatagram

> Well, It doesnt ruin …
> the only thing that disappoint me is that I cannot see network
> neighbourhood.
> why filter receive ? - because this is nesessary for filtering…
> Port creation is not enough …
>
> MSS> No. You can write a TDI client this way, but not a filter,
such a
> MSS> filter will nearly inevitably ruin AFD.
> MSS> BTW - why filter receives? Maybe filter port creations
only?
>
> MSS> Max
>
>
> –
> Best regards,
> foxgen mailto:xxxxx@yandex.ru
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · August 14, 2002, 2:37am

Well, where can I find these IOCTL-s ?

MSS> Looks like UDP receive path is defunct with your filter. Computer
MSS> Browser service which builds the NetHood list uses NetBIOS broadcasts,
MSS> which are mapped to UDP.

MSS> Write a filter on top of AFD and intercepd AFD’s internal IOCTL, which
MSS> corresponds to recv(). At least it will be called on PASSIVE_LEVEL,
MSS> and you will be able to do things like UI operations from it.

MSS> Max

MSS> ----- Original Message -----
MSS> From: “xxxxx@yandex”
MSS> To: “NT Developers Interest List”
MSS> Sent: Monday, August 12, 2002 7:27 PM
MSS> Subject: [ntdev] Re: CientEventReceiveDatagram

>> Well, It doesnt ruin …
>> the only thing that disappoint me is that I cannot see network
>> neighbourhood.
>> why filter receive ? - because this is nesessary for filtering…
>> Port creation is not enough …
>>
>> MSS> No. You can write a TDI client this way, but not a filter,
MSS> such a
>> MSS> filter will nearly inevitably ruin AFD.
>> MSS> BTW - why filter receives? Maybe filter port creations
MSS> only?
>>
>> MSS> Max
>>
>>

–
Best regards,
foxgen mailto:xxxxx@yandex.ru

OSR_Community_User · August 14, 2002, 6:17am

By reverse engineering only. Step into msafd.dll on recv() path and
see what NtDeviceIoControlFile it calls.

Max

----- Original Message -----
From: “xxxxx@yandex”
To: “NT Developers Interest List”
Sent: Wednesday, August 14, 2002 10:43 AM
Subject: [ntdev] Re: CientEventReceiveDatagram

> Well, where can I find these IOCTL-s ?
>
> MSS> Looks like UDP receive path is defunct with your filter.
Computer
> MSS> Browser service which builds the NetHood list uses NetBIOS
broadcasts,
> MSS> which are mapped to UDP.
>
> MSS> Write a filter on top of AFD and intercepd AFD’s internal
IOCTL, which
> MSS> corresponds to recv(). At least it will be called on
PASSIVE_LEVEL,
> MSS> and you will be able to do things like UI operations from it.
>
> MSS> Max
>
> MSS> ----- Original Message -----
> MSS> From: “xxxxx@yandex”
> MSS> To: “NT Developers Interest List”
> MSS> Sent: Monday, August 12, 2002 7:27 PM
> MSS> Subject: [ntdev] Re: CientEventReceiveDatagram
>
>
> >> Well, It doesnt ruin …
> >> the only thing that disappoint me is that I cannot see network
> >> neighbourhood.
> >> why filter receive ? - because this is nesessary for filtering…
> >> Port creation is not enough …
> >>
> >> MSS> No. You can write a TDI client this way, but not a
filter,
> MSS> such a
> >> MSS> filter will nearly inevitably ruin AFD.
> >> MSS> BTW - why filter receives? Maybe filter port creations
> MSS> only?
> >>
> >> MSS> Max
> >>
> >>
>
>
> –
> Best regards,
> foxgen mailto:xxxxx@yandex.ru
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>