How define that I/O was originated via network?

I have legacy filter driver
and I like to block some operations coming via Network

How I may define that operation was originated via network?
I mean blocking server, not client operations…

Regards,
MG.

>How I may define that operation was originated via network?

Check for Network pseudo-group in the caller’s security token.

Do this in MJ_CREATE path, after create, the security is not checked.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Windows 7 adds Extra Create Parameters (ECPs) for opens that originate from SRV or the NFS server. See http://msdn.microsoft.com/en-us/library/ee621976.aspx for details.

Have fun!