WinPKFilter, performance and user/kernel mode

Home Forums Discussions Support WinPKFilter, performance and user/kernel mode

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #4837
    bk
    Participant

      Hi,

      I’ve written a simple firewall application in user mode with winpkfilter. I’ve tried to optimize it as possible since I need to process a lot of packets on a high bandwidth network, but I think I’ll need to switch to a kernel mode solution.
      The problem is that I don’t know where to start. I’ve understood the IOCTL interface model, but now I need to use it in a kernel mode program. To make it simple I need to write a kernel mode handler that is called when a packet is queued in winpkfilter.
      Do you have any advice?

      #5495
      Vadim Smirnov
      Keymaster

        Using IOCTL interface from kernel is very similar to doing it from user-mode. However, if you really need kernel mode solution, the easiest way would be licensing source code and modifying original driver’s code.

        #5496
        bk
        Participant

          @SerpentFly wrote:

          Using IOCTL interface from kernel is very similar to doing it from user-mode.

          That’s good, in fact this is not my worst pœoblem. 🙂

          @SerpentFly wrote:

          However, if you really need kernel mode solution, the easiest way would be licensing source code and modifying original driver’s code

          Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.
          Perhaps you can help me.

          #5497
          Vadim Smirnov
          Keymaster

            Sadly I cannot afford the price now. I’ve already bought the developer license and I hope I will be able to use it in a kernel mode solution. I just need a start point, an example using winpkfilter in kernel mode or a way to avoid the overhead passing packets to user mode.

            If you have kernel mode expirience then using IOCTL interface from the kernel mode should not be a problem for you. Otherwise, it may appear even more then difficult. You will have to create two drivers (SYS for NT/2000/XP/2003 and VxD for Windows 9x/ME, please refer relative DDKs for the details).

            If it looks too difficult then you should try to optimize user-mode packet processing or upgrade (upgrade fee is 2000USD) to Source Code license(in this case you also won’t avoid kernel mode development, but you will be able to create cross-platform packet processing code using ready WinpkFilter interfaces).

            #5498
            bk
            Participant

              Thank you for your support. I think I’ll try the driver way. I’ve downloaded the DDK and I’m studying the examples. I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?

              #5499
              Vadim Smirnov
              Keymaster

                I’m trying to find the best driver model to use, which kind of driver do you suggest to use as a model?

                This is not hardware driver, so for Windows NT/2000/XP/2003 you should use NT legacy driver, which sceleton can be generated using something like QuickSYS (http://www.ntkernel.com/resources.shtml). For Windows 98/ME you can use VToolsD framework to generate the driver sceleton.

                #5500
                bk
                Participant

                  Thank you very much!

                Viewing 7 posts - 1 through 7 (of 7 total)
                • You must be logged in to reply to this topic.