Scripting in kernel-mode ?!?!?

NTDEV
1

Hi,

I think this must be sound strange to some/most of you… Does anybody have
any experience using a (small) script language in a kernel mode driver, to
support high flexibility in functions performed by the driver ?

For example, if you write a packet driver to intercept TCP/IP packages, you
might want to use a script language to define wether or not to block or
reroute incoming/outgoing the packets.

Any hints, tips, URLs, comments greatly appreciated!

best,

Bartjan Wattel.

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

I think I’ve heard it all now. I think there is beginning to be a
disconnect here with what should and should not be in a kernel mode device
driver. Remember, kernel mode code should be small, compact, fast, stable
and minimal. Get in, get out, don’t damage anything else while you’re
there. I get very nervous at the alarmingly high rate of inquiries on this
list about things such as this and using C runtime routines like sscanf.
Could it be we’re trying to do things in the driver that should best be left
to application-layer code? Windows in general has a very bad reputation for
its lack of stability, and deservedly so. Let’s think about what we are
doing here and make sure we don’t add to that instability.

This response is in the form of a reply, but is not directed at any one
individual. I’ve seen this trend too much lately. The only thing that
scares me more are those willing to ignore all conventions and sacrifice
overall system stability for a few percentage points gain in the performance
of their own hardware. There must be a balance somewhere that doesn’t
sacrifice the system.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Bartjan Wattel
Sent: Wednesday, September 26, 2001 4:08 AM
To: NT Developers Interest List
Subject: [ntdev] Scripting in kernel-mode ?!?!?

Hi,

I think this must be sound strange to some/most of you… Does anybody have
any experience using a (small) script language in a kernel mode driver, to
support high flexibility in functions performed by the driver ?

For example, if you write a packet driver to intercept TCP/IP packages, you
might want to use a script language to define wether or not to block or
reroute incoming/outgoing the packets.

Any hints, tips, URLs, comments greatly appreciated!

best,

Bartjan Wattel.

You are currently subscribed to ntdev as: xxxxx@pdq.net
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

There is nothing wrong (other than the lack of documentation,) with using
the kernel C runtime routines. The DDK should document which routines are
available and what their limitations are.

I’ve worked on projects that needed to support dynamic runtime
characteristic modifications, such that a scripting capability was the
answer. Of course the solution put the scripting up in user space where it
belongs, I don’t disagree with that point. Perhaps the poster hadn’t thought
of front ending the scripting part ‘upstairs’ and downloading the output of
the scripting process into the driver. Actually, come to think of it, I
worked on a system a long time ago that had a pretty nifty terminal device
subsystem that included a scripting language for dynamically defining
terminal device character processing characteristics.

-----Original Message-----
From: Gregory G. Dyess [mailto:xxxxx@pdq.net]
Sent: Wednesday, September 26, 2001 8:31 AM
To: NT Developers Interest List
Subject: [ntdev] RE: Scripting in kernel-mode ?!?!?

I think I’ve heard it all now. I think there is beginning to be a
disconnect here with what should and should not be in a kernel mode device
driver. Remember, kernel mode code should be small, compact, fast, stable
and minimal. Get in, get out, don’t damage anything else while you’re
there. I get very nervous at the alarmingly high rate of inquiries on this
list about things such as this and using C runtime routines like sscanf.
Could it be we’re trying to do things in the driver that should best be left
to application-layer code? Windows in general has a very bad reputation for
its lack of stability, and deservedly so. Let’s think about what we are
doing here and make sure we don’t add to that instability.

This response is in the form of a reply, but is not directed at any one
individual. I’ve seen this trend too much lately. The only thing that
scares me more are those willing to ignore all conventions and sacrifice
overall system stability for a few percentage points gain in the performance
of their own hardware. There must be a balance somewhere that doesn’t
sacrifice the system.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Bartjan Wattel
Sent: Wednesday, September 26, 2001 4:08 AM
To: NT Developers Interest List
Subject: [ntdev] Scripting in kernel-mode ?!?!?

Hi,

I think this must be sound strange to some/most of you… Does anybody have
any experience using a (small) script language in a kernel mode driver, to
support high flexibility in functions performed by the driver ?

For example, if you write a packet driver to intercept TCP/IP packages, you
might want to use a script language to define wether or not to block or
reroute incoming/outgoing the packets.

Any hints, tips, URLs, comments greatly appreciated!

best,

Bartjan Wattel.

You are currently subscribed to ntdev as: xxxxx@pdq.net
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

4

Bartjan,

Look for references to the Berkeley Packet Filter (BPF) component of the
Unix packet capture library (libpcap). BPF uses a *very* low level
“scripting” language to decide whether or not a particular packet should be
captured. There’s an NT port of libpcap called WinPCAP that’s easy to find
on the net. And PCAUSA’s fine RawEther product (from this list’s very own
Thomas F. Devine) also uses the BPF engine.

Depending on what you’re trying to do, you might also check out the Win2K
User-mode packet-filtering functions (PfXxx). (Look in the Platform SDK docs
under “Routing and Remote Access Service”.) Unfortunately, the
packet-filtering functions aren’t too well documented. With a little
persistence, you can use them to set up a simple firewall filter.

As a general comment, any approach you take to processing packets on the fly
needs to be pretty quick. If you drag your feet by running elaborate scripts
for each packet, you’re going to introduce unacceptable network delays,
dropped packets, timeouts, etc.

Regards,
Art Baker

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Bartjan Wattel
Sent: Wednesday, September 26, 2001 5:08 AM
To: NT Developers Interest List
Subject: [ntdev] Scripting in kernel-mode ?!?!?

Hi,

I think this must be sound strange to some/most of you… Does anybody have
any experience using a (small) script language in a kernel mode driver, to
support high flexibility in functions performed by the driver ?

For example, if you write a packet driver to intercept TCP/IP packages, you
might want to use a script language to define wether or not to block or
reroute incoming/outgoing the packets.

Any hints, tips, URLs, comments greatly appreciated!

best,

Bartjan Wattel.

You are currently subscribed to ntdev as: xxxxx@nfr.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com