Hey, guys. I have posted this one on the ntfsd and got no answer, so maybe
you can help me.
I am trying to implement some network filtering within a FS minifilter
driver.
The minifilter attaches itself to both \Device\LanmanRedirector and
\Device\WebDavRedirector
and I see only requests going to the LAN but not to the outside world.
My question is:
What is the best and the simpliest way to incorporate some
filtering/blocking of netowrk traffic within the minifilter?
Suppose I only want to block an outgoing SYN packets. Should I register the
minifilter with NDIS? I reviewed the NDIS samples and all look rather
complicated. I am not an NDIS specialist so I am afraid to tamper with the
“monster”.
In all my driver dev career I’ve never considered the possibility of combining a FS driver with an NDIS driver. Admittedly, I’m not certain it can’t be done, but I strongly suspect that attempting such a feat would be akin to shooting myself in both feet, i.e. don’t go there, write a separate NDIS driver instead. Assuming that you are able to use NDIS 6.x (Vista and beyond), take a look at the NDIS “filter” sample within WDK.
I have to wonder if you might be better served by giving us a brief description of what your product needs to do in a general sense, that way we can provide you with advice on how best to proceed. I’m a bit curious as to why a FS filter would be concerned about the comings and goings of network traffic…
Bob, thanks for your answer.
The problem I am trying to solve (while being ms-compliant and a good guy in
general) is monitoring of heterogenous
events like “user opens or creates a file and then emails this file to
someone”. That’s it. NDIS filter is a great solution for
vista and beyond but I still have to support some old code on XP which is
now based on heavy hooking.
I successfully ported 90% of the code to the mini-filter model but the
problem with networking persists…
Thanks again,
Dmitry.
wrote in message news:xxxxx@ntdev… > Dmitry, > > In all my driver dev career I’ve never considered the possibility of > combining a FS driver with an NDIS driver. Admittedly, I’m not certain it > can’t be done, but I strongly suspect that attempting such a feat would be > akin to shooting myself in both feet, i.e. don’t go there, write a > separate NDIS driver instead. Assuming that you are able to use NDIS 6.x > (Vista and beyond), take a look at the NDIS “filter” sample within WDK. > > I have to wonder if you might be better served by giving us a brief > description of what your product needs to do in a general sense, that way > we can provide you with advice on how best to proceed. I’m a bit curious > as to why a FS filter would be concerned about the comings and goings of > network traffic… > > Bob >
So split the design into three pieces: the mini filter, the ndis driver, and
the TBD communication channel between them. The third piece might simply be
a service that communicates with both drivers.
Mark Roddy
On Sun, Jun 20, 2010 at 4:49 AM, Dmitry Geskin wrote:
> Bob, thanks for your answer. > The problem I am trying to solve (while being ms-compliant and a good guy > in > general) is monitoring of heterogenous > events like “user opens or creates a file and then emails this file to > someone”. That’s it. NDIS filter is a great solution for > vista and beyond but I still have to support some old code on XP which is > now based on heavy hooking. > I successfully ported 90% of the code to the mini-filter model but the > problem with networking persists… > > Thanks again, > Dmitry. > > > > wrote in message news:xxxxx@ntdev… > > Dmitry, > > > > In all my driver dev career I’ve never considered the possibility of > > combining a FS driver with an NDIS driver. Admittedly, I’m not certain > it > > can’t be done, but I strongly suspect that attempting such a feat would > be > > akin to shooting myself in both feet, i.e. don’t go there, write a > > separate NDIS driver instead. Assuming that you are able to use NDIS 6.x > > (Vista and beyond), take a look at the NDIS “filter” sample within WDK. > > > > I have to wonder if you might be better served by giving us a brief > > description of what your product needs to do in a general sense, that way > > we can provide you with advice on how best to proceed. I’m a bit curious > > as to why a FS filter would be concerned about the comings and goings of > > network traffic… > > > > Bob > > > > > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at > http://www.osronline.com/page.cfm?name=ListServer >