Mini filter for network volume

Hi All,

We are developing a mini filter driver for network volume for encryption and decryption.
We need to encrypt the writes going to the disk and decrypt the reads from the disk.
We dont need to touch the reads and writes from/to the cache.
So we are skipping the cache io, when we register our mini filter.
But with this configuration we are not able to intercept all the reads and writes from/to the disk.
we are missing some reads and writes from/to the disk.

Also we have an another question.
Mini filter is not residing between cache manager and application.
But the mini filter intercept the cache io.

Please somebody explain the behavior.

Thanks in advance.

S Ramakrishnan

The Windows network redirector has a habit of changing cached IO to
non-cached IO on the fly. This is tied to the cache state of the file on
the client and OpLock breaking, there is a lot of information on this
forum about it. There is a bit you can check within the private data of
the FsContext for a network file but since you have no way to ensure
this bit won’t change after you check it, there are still windows of
potential corruption. This is one of the problems trying to implement a
data modification design within a filter driver. To see if you are
hitting this, run something like filespy on the filter and note IOs
coming into your filter, both cached and non-cached, on the client.
You’ll see cached IOs which you are not processing get sent to the
server, just like a non-cached IO.

I suggest you get some reading material on the Windows file system
filter architecture, it will help you immensely. The WDK documentation
or Russinovich’s book are both good places to start.

Pete


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

------ Original Message ------
From: xxxxx@gmail.com
To: “Windows File Systems Devs Interest List”
Sent: 6/17/2017 8:51:24 AM
Subject: [ntfsd] Mini filter for network volume

>Hi All,
>
>We are developing a mini filter driver for network volume for
>encryption and decryption.
>We need to encrypt the writes going to the disk and decrypt the reads
>from the disk.
>We dont need to touch the reads and writes from/to the cache.
>So we are skipping the cache io, when we register our mini filter.
>But with this configuration we are not able to intercept all the reads
>and writes from/to the disk.
>we are missing some reads and writes from/to the disk.
>
>Also we have an another question.
>Mini filter is not residing between cache manager and application.
>But the mini filter intercept the cache io.
>
>Please somebody explain the behavior.
>
>
>Thanks in advance.
>
>S Ramakrishnan
>
>—
>NTFSD is sponsored by OSR
>
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:>