none
Pend Packets in Classify of callout Classify ? RRS feed

  • Question

  • In ALEConnectClassify Of Classify of callout why I need to Pend packets ? As it's describe as comment in the windows Driver sample processing of classify routine. 

    //
          // If the classify is the initial authorization for a connection, we 
          // queue it to the pended connection list and notify the worker thread
          // for out-of-band processing.
          //
    // If we reach here it means this is a policy change triggered re-auth
    // for an pre-existing connection. For such a packet (inbound or
    // outbound) we queue it to the packet queue and inspect it just like
    // other regular data packets from TRANSPORT layers.
    //


    • Edited by RightsTobe Sunday, December 25, 2016 9:34 AM
    Sunday, December 25, 2016 9:33 AM

Answers

  • You only need to pend packets if you want to do out of band processing.  For example, Connect lets you get at the Token that authorized the caller.  There are calls that allow you to determine the user and other things from the Token, but they require PASSIVE_LEVEL, and it is possible to be called in Connect at DISPATCH_LEVEL.   Another example would be that you have a user space application that needs to approve the connection, then you need to pend the packet so the application can do its work.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by RightsTobe Sunday, December 25, 2016 1:09 PM
    • Unmarked as answer by RightsTobe Thursday, December 29, 2016 10:57 AM
    • Marked as answer by RightsTobe Thursday, December 29, 2016 11:30 AM
    Sunday, December 25, 2016 12:41 PM

All replies

  • You only need to pend packets if you want to do out of band processing.  For example, Connect lets you get at the Token that authorized the caller.  There are calls that allow you to determine the user and other things from the Token, but they require PASSIVE_LEVEL, and it is possible to be called in Connect at DISPATCH_LEVEL.   Another example would be that you have a user space application that needs to approve the connection, then you need to pend the packet so the application can do its work.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    • Marked as answer by RightsTobe Sunday, December 25, 2016 1:09 PM
    • Unmarked as answer by RightsTobe Thursday, December 29, 2016 10:57 AM
    • Marked as answer by RightsTobe Thursday, December 29, 2016 11:30 AM
    Sunday, December 25, 2016 12:41 PM

  • TLInspectWorker(
       _In_ void* StartContext
       )
    /* ++
       This worker thread waits for the connect and packet queue event when the 
       queues are empty; and it will be woken up when there are connects/packets 
       queued needing to be inspected. Once awaking, It will run in a loop to 
       complete the pended ALE classifies and/or clone-reinject packets back 
       until both queues are exhausted (and it will go to sleep waiting for more 
       work).
    

    How this routine Get's call when the ALE Connect packets need  to Auth or ReAuth ? 

    Using KeEvent and waitForSingalObject( ) ? 

    Link

    Thursday, December 29, 2016 10:57 AM

  • TLInspectWorker(
       _In_ void* StartContext
       )
    /* ++
       This worker thread waits for the connect and packet queue event when the 
       queues are empty; and it will be woken up when there are connects/packets 
       queued needing to be inspected. Once awaking, It will run in a loop to 
       complete the pended ALE classifies and/or clone-reinject packets back 
       until both queues are exhausted (and it will go to sleep waiting for more 
       work).

    How this routine Get's call when the ALE Connect packets need  to Auth or ReAuth ? 

    Using KeEvent and waitForSingalObject( ) ? 

    Link

    I assume it's done using Link List. Thanks

    Thursday, December 29, 2016 11:16 AM