- This topic has 4 replies, 2 voices, and was last updated 20 years, 4 months ago by
.
-
Posts
-
Please pay attention to the routine below (it is available in PassThru and PacketSniffer samples), which actually stops WinpkFillter operations over the network interface and releases resources:
void ReleaseInterface()
{
// This function releases packets in the adapter queue and stops listening the interface
ADAPTER_MODE Mode;
Mode.dwFlags = 0;
Mode.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];
// Set NULL event to release previously set event object
api.SetPacketEvent(AdList.m_nAdapterHandle[iIndex], NULL);
// Close Event
if (hEvent)
CloseHandle ( hEvent );
// Set default adapter mode
api.SetAdapterMode(&Mode);
// Empty adapter packets queue
api.FlushAdapterPacketQueue (AdList.m_nAdapterHandle[iIndex]);
}Maybe i didnt express my question well.
I do not want to close the filter driver, i just want to effectivly pause the processing of packets. So the are not processed any more, but processing can resume again.
Is the best way to do this to close the driver as in the release interface example?
thanks, K.
The code above do the following:
1) Release event for packet indication.
2) Set adapter into passthru mode (the state it was before you set TUNNEL mode).
3) Flush packet queue associated with the adapter.For temporary stop filtering: 1 – is not necessary, 2 – should be be done, otherwise (if you exited the loop) the network will be forzen after all WinpkFilter internal buffers are used, 3 – should be done because if you have existed packet reading loop, to that moment you can have internal buffer pool exosted and the network frozen.
So, in addition to exiting the loop you should set the default mode over the interface and flush its packet queue. If you want to restore filtering, then set tunnel mode and enter the loop again.
- You must be logged in to reply to this topic.