Hi,
Earlier we had a TDI driver, where we were doing the deep packet inspection synchronously and based on the inspection response we used to allow or discard that data packet. In the event when we were discarding that data packet we were returning error code to the application and which was giving appropriate message to the user.
But since TDI model is deprecated, I have written a new WFP network driver which filter at Stream layer and do deep packet inspection. Since we are doing packet inspection out of the bound we are not able to tell user mode application about the error, so is there any way to notify the user mode application about an error?
Another issue I am facing with new WFP driver is, earlier with TDI model when application used to send one packet we used to hold the application thread unless we are not done with inspection, but with WFP since application thread is not blocked from execution, so in case of large file transfer where inspection takes longer time, application starts giving “timeout error”.
Any help or pointers are most welcome.
Thanks,
Bishnu
Thanks,
Bishnu
Since you cannot alter the apps, you cannot alter the ways they react to network errors.
And, the apps are agnostic on your firewall, so, they possibly do not have the facility to display firewall-related errors.
So, the best you can do is:
a) mimic std Windows Firewall as much a possible
b) for TCP, just emulate ECONNRESET
c) for non-stream protocols, just lose the packet forever, so the app will time out
d) (also connected to item a) look at WFP/ALE APIs as much as you can.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> Hi,
>
> Earlier we had a TDI driver, where we were doing the deep packet inspection synchronously and based on the inspection response we used to allow or discard that data packet. In the event when we were discarding that data packet we were returning error code to the application and which was giving appropriate message to the user.
>
> But since TDI model is deprecated, I have written a new WFP network driver which filter at Stream layer and do deep packet inspection. Since we are doing packet inspection out of the bound we are not able to tell user mode application about the error, so is there any way to notify the user mode application about an error?
>
> Another issue I am facing with new WFP driver is, earlier with TDI model when application used to send one packet we used to hold the application thread unless we are not done with inspection, but with WFP since application thread is not blocked from execution, so in case of large file transfer where inspection takes longer time, application starts giving “timeout error”.
> Any help or pointers are most welcome.
>
> Thanks,
> Bishnu
>
> Thanks,
>
> Bishnu
>
Thanks Maxim for your reply.
Actually I am not writing exactly a firewall kind of application, my application is very simple application used for conventional TCP packet scanning.
My problem is that with when my product block some packet data and we can’t send error message to user mode application from WFP. User mode application keeps retrying and resending same data again and again, which causes unnecessary processing by my application as well as hamper the user experience.
I couldn’t find anything which I can use, in ALE and WFP APIs for my purpose 