locked
WfpSampler stream inject synchronization RRS feed

  • Question

  • I am reviewing the WfpSampler for BasicStreamInjection on FWPM_LAYER_STREAM.

    Outlined in the code is some kind of synchronization of the list of Cloned items, such as:

    VOID BasicStreamInjectionDeferredProcedureCall(_In_ KDPC* pDPC .... 
    ....

          /// Serialize the Stream injection to prevent data corruption
          KeAcquireSpinLock(&(g_bsiSerializationList.spinlock),
                            &irql);
          if(!IsListEmpty(&(g_bsiSerializationList.listHead)))

          {
             pListEntry = RemoveHeadList(&(g_bsiSerializationList.listHead));
          
             g_bsiSerializationList.numEntries--;
          }
          KeReleaseSpinLock(&(g_bsiSerializationList.spinlock),
                            irql);



    However, the actual reinsertion into the stream (here performed inside PerformBasicStreamInjection) is not synced by any means.
    I am not sure if I am not missing some vital point, but is this a correctly synchronised Clone/Block/Reinject sample or not?
    I would say, that there is nothing preventing two or more WorkItems or DPC routines to be executed at the same time on different CPU, 
    obtaining the packets from the list in correct order, but then reinjecting them in a wrong order.

    Thanks for helping me to understand this.
    Lukas

    Sunday, May 26, 2013 11:24 PM

All replies

  • This is not fully serialized. In order to finish serializing, for DPCs, you need to pin the processing to a single CPU (KeSetTargetProcessorDpc).

    For the workitem, you need to ensure only 1 thread is processing on the queue.  This is done by using a wait lock during the WorkItemRoutine, to ensure no other worker thread can process the queue while the current thread is.

    This will be fixed in the next drop of the WFPSampler

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Thursday, October 24, 2013 6:36 PM
    Moderator