Persisting state in a WFP callout


I am developing a WFP callout driver and I have successfully implemented a FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 connection redirection. I have also implemented the inverted call model to be able to send notifications from my driver to a user-land application.

Now I would like to make my classify function using the asynchronous model with the FwpsPendClassify method.

So here’s the flow I would like to implement:

  1. The classifyOut function is invoked and I notify the user-land application about the new connection using the inverted call model (I already have this working)
  2. I would like to delay the classification process using FwpsPendClassify until the user-land application responds back

My question is what would be the best place to persist the context while waiting for the user-land application to respond?

Since I am a beginner in kernel mode development, the most obvious way for me would be to generate some unique identifier, persist the context in some global variable using this identifier, then send the identifier to the user-land application. When the user-land application responds back it can return the identifier allowing me to retrieve back the state and complete the classification process. Of course if there’s some better way, for example pushing the state in some I/O queue and later be able to retrieve my message from the queue using the unique identifier, that would be perfect. It’s just that I am having hard time finding the proper concepts and API to use in kernel mode.

Also it would be nice if there was some way those messages to expire after some time (to handle the case if the user-land application crashes before returning any response).