- This topic has 6 replies, 2 voices, and was last updated 20 years, 7 months ago by
.
-
Posts
-
Hi,
I’ve written a simple firewall application in user mode with winpkfilter. I’ve tried to optimize it as possible since I need to process a lot of packets on a high bandwidth network, but I think I’ll need to switch to a kernel mode solution.
The problem is that I don’t know where to start. I’ve understood the IOCTL interface model, but now I need to use it in a kernel mode program. To make it simple I need to write a kernel mode handler that is called when a packet is queued in winpkfilter.
Do you have any advice?Using IOCTL interface from kernel is very similar to doing it from user-mode. However, if you really need kernel mode solution, the easiest way would be licensing source code and modifying original driver’s code.
@SerpentFly wrote:
Using IOCTL interface from kernel is very similar to doing it from user-mode.
That’s good, in fact this is not my worst pœoblem. 🙂
@SerpentFly wrote:
However, if you really need kernel mode solution, the easiest way would be licensing source code and modifying original driver’s code
Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.
Perhaps you can help me.Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.
If you have kernel mode expirience then using IOCTL interface from the kernel mode should not be a problem for you. Otherwise, it may appear even more then difficult. You will have to create two drivers (SYS for NT/2000/XP/2003 and VxD for Windows 9x/ME, please refer relative DDKs for the details).
If it looks too difficult then you should try to optimize user-mode packet processing or upgrade (upgrade fee is 2000USD) to Source Code license(in this case you also won’t avoid kernel mode development, but you will be able to create cross-platform packet processing code using ready WinpkFilter interfaces).
Thank you for your support. I think I’ll try the driver way. I’ve downloaded the DDK and I’m studying the examples. I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?
I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?
This is not hardware driver, so for Windows NT/2000/XP/2003 you should use NT legacy driver, which sceleton can be generated using something like QuickSYS (http://www.ntkernel.com/resources.shtml). For Windows 98/ME you can use VToolsD framework to generate the driver sceleton.
- You must be logged in to reply to this topic.