1. What happen to the packets, which are received while I am reading from the queue? And if they are added to the queue, what happens to them when I purge the queue?
These packets are added to the queue until free intermediate buffers are avalaible, after this new packets are dropped. If you call FlushAdapterPacketQueue then all queued packets for the given adapter are deleted from the queue and associated resources are released.
2. I have posted my code also. Can somebody point out if there is anything I am doing wrong. I required I can post the fill source code?
Hmm, I would advise to remove all “printf” output from the packet processing code because it has a serious perfomance impact. Also, if your system is loadad with something else during packet processing I would recommend to increase packet processing code priority. If all above won’t improve the situation then I recommend to profile whole your application with one of the profilers available on the market (COmpuware TrueTime an example). If achieved perfomance is not enough yet, then the only thing to do is moving all your code into the kernel (direct integration into the WinpkFilter drivers).
3. Is it possible to achive what I mentioned in the scenario using winpkfilter at all? Or is there some other way I can achive this using winpkfilter or some other tool/library ?
Yes, everything described can be realized using WinpkFilter. Your scenario is not unique. I’ve been working about similar solutions before. Btw, since you process only outgoing packet in the code you have provided, then what flooding do you mean? Do you run some sort of local traffic generator (UDP sender or something)? If yes, then please take into account that this application also decrease overall perfomance of your filter, because it also neeeds processor time.
4. Am I doing too much processing while reading from the queue? I tested it on a pc which was doing lot of netbios flooding. It was stopping that, but it was not sending the valid packets to my gateway (ping to gateway).
I don’t think the code below does too much processing.
Hope it helps…