TCP multiplexing tdi filter driver to WFP porting RRS feed

  • Question

  • Hi all,
    We have a existing TDI filter driver which multiplexes multiple TCP connections  over single TCP connection. So in our TDI filter driver we complete TDI_SEND IRP after copying the data to our buffer & we don't allow it to flow down the stack. WFP supports only inspect/modify the data & push it back the stack.
    Is it possible to complete ale connect packet in classify callout without allowing it to flow down the stack?
    Wednesday, September 16, 2009 1:04 PM

All replies

  • You may want to research into WFP's stream layer as well as Winsock Kernel (WSK). http://msdn.microsoft.com/en-us/library/aa938501.aspx

    Here are the rough steps --

    1) use WSK to create a TCP connection to aggregate the original TCP flows.
    2) Intercept (block the outgoing data segments) original flows at STREAM layer and inject them to the aggregated channel
    3) de-mux data segments back from the aggregated channel and inject them back to the original flows.


    Saturday, September 19, 2009 5:10 AM