WFP Issue

Hi all

I am working on a security product and want to update it for
MS vista by using their WFP concept… For my purpose i have selected two ALE
layer ALE_AUTH_RECV_ACCEPT and ALE_AUTH_CONNECT… Basically i want to pend
that packet and inject back it with appropriate path…

In receive path as document clearly says that *
FwpsInjectTransportReceiveAsync0* function will inject that for
ALE_AUTH_RECV_ACCEPT so life is easy with this layer and receive cycle is
working fine with me…

What about ALE_AUTH_CONNECT which is responsible for
authorizing connect requests for outgoing … document says *FwpsPendOperation0
*will pend and i am able to pend packet at this… but now i am facing the
problem to inject this on send path…Document are not saying that we can use
*FwpsInjectTransportSendAsync0 ,*or i am not finding any way to inject the
packet which i pend in this layer…

When i fail totally to implement this
pending and injection cycle in ALE_AUTH_CONNECT then i decide to process
inside classify… document says classify should call in IRQL <=
DISPATCH_LEVEL … i assume its less than case and play with classify_out …
i was getting success and my code was working fine… I know that whenever
IRQL will be come at “equal to” case my driver will crash…

I am stuck with this ALE_AUTH_CONNECT …
Life is much confused with this layer… Please help me to resolve this
issue… how to inject packet in this layer and, is classify runs in
DISPATCH_LEVEL for this layer ever (because i have not found in any
case)…

Thanks
Niraj Jha

You should use “FwpsCompleteOperation0” in conjunction with
“FwpsPendOperation0”

“Niraj Jha” wrote news:xxxxx@ntdev…
Hi all

I am working on a security product and want to update it for
MS vista by using their WFP concept… For my purpose i have selected two ALE
layer ALE_AUTH_RECV_ACCEPT and ALE_AUTH_CONNECT… Basically i want to pend
that packet and inject back it with appropriate path…

In receive path as document clearly says that
FwpsInjectTransportReceiveAsync0 function will inject that for
ALE_AUTH_RECV_ACCEPT so life is easy with this layer and receive cycle is
working fine with me…

What about ALE_AUTH_CONNECT which is responsible for
authorizing connect requests for outgoing … document says
FwpsPendOperation0 will pend and i am able to pend packet at this… but now
i am facing the problem to inject this on send path…Document are not saying
that we can use FwpsInjectTransportSendAsync0 ,or i am not finding any way
to inject the packet which i pend in this layer…

When i fail totally to implement this
pending and injection cycle in ALE_AUTH_CONNECT then i decide to process
inside classify… document says classify should call in IRQL <=
DISPATCH_LEVEL … i assume its less than case and play with classify_out …
i was getting success and my code was working fine… I know that whenever
IRQL will be come at “equal to” case my driver will crash…

I am stuck with this ALE_AUTH_CONNECT …
Life is much confused with this layer… Please help me to resolve this
issue… how to inject packet in this layer and, is classify runs in
DISPATCH_LEVEL for this layer ever (because i have not found in any
case)…

Thanks
Niraj Jha

Hi frank

Thanks A lot for your response… you are right we can use
FwpsCompleteOperation0 function … but document says Any pended packet data
is flushed from memory when the *FwpsPendOperation0* function completes…
what it means… what happen to the pended data after resuming … is they
lost some where?what about injection function for ale_connect layer? and
what about the irql of any classify function… is it ever comes in distapch
mode ever…

On 3/23/07, frank wrote:
>
> You should use “FwpsCompleteOperation0” in conjunction with
> “FwpsPendOperation0”
>
>
> -----------------------------------------------------
> “Niraj Jha” wrote news:xxxxx@ntdev…
> Hi all
>
> I am working on a security product and want to update it for
>
> MS vista by using their WFP concept… For my purpose i have selected two
> ALE
> layer ALE_AUTH_RECV_ACCEPT and ALE_AUTH_CONNECT… Basically i want to
> pend
> that packet and inject back it with appropriate path…
>
> In receive path as document clearly says that
> FwpsInjectTransportReceiveAsync0 function will inject that for
> ALE_AUTH_RECV_ACCEPT so life is easy with this layer and receive cycle is
> working fine with me…
>
> What about ALE_AUTH_CONNECT which is responsible for
> authorizing connect requests for outgoing … document says
> FwpsPendOperation0 will pend and i am able to pend packet at this… but
> now
> i am facing the problem to inject this on send path…Document are not
> saying
> that we can use FwpsInjectTransportSendAsync0 ,or i am not finding any
> way
> to inject the packet which i pend in this layer…
>
>
> When i fail totally to implement this
> pending and injection cycle in ALE_AUTH_CONNECT then i decide to process
> inside classify… document says classify should call in IRQL <=
> DISPATCH_LEVEL … i assume its less than case and play with classify_out
> …
> i was getting success and my code was working fine… I know that whenever
> IRQL will be come at “equal to” case my driver will crash…
>
> I am stuck with this ALE_AUTH_CONNECT …
> Life is much confused with this layer… Please help me to resolve this
> issue… how to inject packet in this layer and, is classify runs in
> DISPATCH_LEVEL for this layer ever (because i have not found in any
> case)…
>
>
> Thanks
> Niraj Jha
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>

Yes, but you may store the originating packet data before it is flushed by
FwpsPendOperation0. Call FwpsCompleteOperation0 with the stored data
afterwards.

“Niraj Jha” wrote news:xxxxx@ntdev…
Hi frank

Thanks A lot for your response… you are right we can use
FwpsCompleteOperation0 function … but document says Any pended packet data
is flushed from memory when the FwpsPendOperation0 function completes… what
it means… what happen to the pended data after resuming … is they lost
some where?what about injection function for ale_connect layer? and what
about the irql of any classify function… is it ever comes in distapch mode
ever…

On 3/23/07, frank wrote:
You should use “FwpsCompleteOperation0” in conjunction with
“FwpsPendOperation0”

-----------------------------------------------------
“Niraj Jha” wrote news:xxxxx@ntdev…
Hi all

I am working on a security product and want to update it for
MS vista by using their WFP concept… For my purpose i have selected two ALE
layer ALE_AUTH_RECV_ACCEPT and ALE_AUTH_CONNECT… Basically i want to pend
that packet and inject back it with appropriate path…

In receive path as document clearly says that
FwpsInjectTransportReceiveAsync0 function will inject that for
ALE_AUTH_RECV_ACCEPT so life is easy with this layer and receive cycle is
working fine with me…

What about ALE_AUTH_CONNECT which is responsible for
authorizing connect requests for outgoing … document says
FwpsPendOperation0 will pend and i am able to pend packet at this… but now
i am facing the problem to inject this on send path…Document are not saying
that we can use FwpsInjectTransportSendAsync0 ,or i am not finding any way
to inject the packet which i pend in this layer…

When i fail totally to implement this
pending and injection cycle in ALE_AUTH_CONNECT then i decide to process
inside classify… document says classify should call in IRQL <=
DISPATCH_LEVEL … i assume its less than case and play with classify_out …
i was getting success and my code was working fine… I know that whenever
IRQL will be come at “equal to” case my driver will crash…

I am stuck with this ALE_AUTH_CONNECT …
Life is much confused with this layer… Please help me to resolve this
issue… how to inject packet in this layer and, is classify runs in
DISPATCH_LEVEL for this layer ever (because i have not found in any
case)…

Thanks
Niraj Jha

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Hi frank

Actually i am using this function in other layer and it is working
fine… but in ale_connect when i use this function for UDP packet it seems
that packet disappers… it does`t work with udp in send path on ale layer…
have you ever face this problem or it is due to my code fault…

Niraj

On 3/23/07, frank wrote:
>
> Yes, but you may store the originating packet data before it is flushed by
> FwpsPendOperation0. Call FwpsCompleteOperation0 with the stored data
> afterwards.
>
> ----------------------------------------------------------------------
>
> “Niraj Jha” wrote news:xxxxx@ntdev…
> Hi frank
>
> Thanks A lot for your response… you are right we can use
> FwpsCompleteOperation0 function … but document says Any pended packet
> data
> is flushed from memory when the FwpsPendOperation0 function completes…
> what
> it means… what happen to the pended data after resuming … is they lost
> some where?what about injection function for ale_connect layer? and what
> about the irql of any classify function… is it ever comes in distapch
> mode
> ever…
>
>
> On 3/23/07, frank wrote:
> You should use “FwpsCompleteOperation0” in conjunction with
> “FwpsPendOperation0”
>
>
> -----------------------------------------------------
> “Niraj Jha” wrote news:xxxxx@ntdev…
> Hi all
>
> I am working on a security product and want to update it for
> MS vista by using their WFP concept… For my purpose i have selected two
> ALE
> layer ALE_AUTH_RECV_ACCEPT and ALE_AUTH_CONNECT… Basically i want to
> pend
> that packet and inject back it with appropriate path…
>
> In receive path as document clearly says that
> FwpsInjectTransportReceiveAsync0 function will inject that for
> ALE_AUTH_RECV_ACCEPT so life is easy with this layer and receive cycle is
> working fine with me…
>
> What about ALE_AUTH_CONNECT which is responsible for
> authorizing connect requests for outgoing … document says
> FwpsPendOperation0 will pend and i am able to pend packet at this… but
> now
> i am facing the problem to inject this on send path…Document are not
> saying
> that we can use FwpsInjectTransportSendAsync0 ,or i am not finding any
> way
> to inject the packet which i pend in this layer…
>
>
> When i fail totally to implement this
> pending and injection cycle in ALE_AUTH_CONNECT then i decide to process
> inside classify… document says classify should call in IRQL <=
> DISPATCH_LEVEL … i assume its less than case and play with classify_out
> …
> i was getting success and my code was working fine… I know that whenever
> IRQL will be come at “equal to” case my driver will crash…
>
> I am stuck with this ALE_AUTH_CONNECT …
> Life is much confused with this layer… Please help me to resolve this
> issue… how to inject packet in this layer and, is classify runs in
> DISPATCH_LEVEL for this layer ever (because i have not found in any
> case)…
>
>
> Thanks
> Niraj Jha
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>