Tony,
That’s what I planned on doing, but I didn’t know if this was
feasible without introducing some kind of deadlock problem by acquiring the
resources in the FCB that the “Caching in Network File Systems” talks about.
Anyway, I’ll give it a try (I guess without support for the persistent
caching feature).
Thanks,
Matt
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Tuesday, January 27, 2004 12:04 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] Redirector encryption w/caching?
Matt,
Why not just monitor the state of caching in the redirector? The data
structures are all in the IFS Kit and you can read the cache state directly
from the RDBSS FCB header.
Disabling caching for redirector is a particular horror.
Just wait until you find out what happens when someone enables
*persistent* caching - the redirector stores the data directly to the local
file system, so you won’t get a chance to decrypt it at all before it is
presented to the user. I’ve been talking to someone about this issue and
they indicated that the responsible Microsoft developers advised him that
encryption filters are not supported over redirector with persistent client
side caching. (Note that I have not finished researching this, so this is
based upon 3rd party information, albeit from a reliable 3rd party.)
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Matthew N. White
Sent: Tuesday, January 27, 2004 11:34 AM
To: ntfsd redirect
Subject: [ntfsd] Redirector encryption w/caching?
Hi all,
I am working on an encryption filter driver that needs to be able to
do encryption/decryption at the client (filtered redirector) for files.
After reading through the archives on this topic, it seems that there is a
problem with gracefully doing this because the redirectors frequently have
their own caching state for their files, and can change this state at will
without regard to informing any filter drivers that would be filtering them
at the time. Therefore the filter may not always see paging or noncached
I/O so that it can encrypt/decrypt correctly. I have read the OSR Online
article “Caching in Network File Systems” and understand that this state is
contained within the FCB structure for the file, and access to it must be
synchronized, but that this behavior will be specific to the redirector.
My question is this; is it even possible to achieve my goal of
encrypting/decrypting at the SMB redirector filter (or any other redirector
for that matter) without hurting performance by disabling caching? I
realize this may mean having special case code for each kind of redirector
that will be filtered and studying/reverse engineering it’s behavior, but
this is a requirement for what I am doing. Any comments are greatly
appreciated…
Matt
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe send
a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@bitarmor.com To unsubscribe
send a blank email to xxxxx@lists.osr.com