世界粮食计划署-在PASSIVE_LEVEL上执行代码 [英] WFP - Executing code on PASSIVE_LEVEL
问题描述
大家好,
我正在实现过滤器驱动程序.实际上,我的驱动程序中有两个标注.
I am implementing a filter driver . Actually, I have two callouts in my driver.
1. FWPS_LAYER_ALE_FLOW_ESTABLISHED_Vx层
1. FWPS_LAYER_ALE_FLOW_ESTABLISHED_Vx layer
2. FWPM_LAYER_STREAM_V4
2. FWPM_LAYER_STREAM_V4
在FWPS_LAYER_ALE_FLOW_ESTABLISHED_Vx层中,我将获取地址,port,flowHandle和processId值,并填充连接信息数据结构.另外,我需要为连接创建一个GUID.为此,我正在使用 ExUuidCreate 方法.我还需要获取连接的用户信息.因此,我得到了当前流程并确定了主要令牌.由此,令牌组也将被识别.我使用的这些方法是 PsReferencePrimaryToken(PsGetCurrentProcess()),ZwQueryInformationToken(),RtlLengthSid(),RtlCopyMemory() 等.一旦在连接信息结构中获得了所有这些信息,就可以将标注驱动程序定义的上下文与数据流相关联,并将分类动作类型设置为继续(classifyOut-> actionType = FWP_ACTION_CONTINUE; )
In FWPS_LAYER_ALE_FLOW_ESTABLISHED_Vx layer, I would get the address, port , flowHandle and processId values and fills a connection information data structure. Also I need to create a GUID for the connection. For that I am using ExUuidCreate method. I need to get the user information for the connection as well. So I get the current process and identify the primary token. From that, the token groups will also be identified. The methods I use for these are PsReferencePrimaryToken(PsGetCurrentProcess()), ZwQueryInformationToken(), RtlLengthSid(),RtlCopyMemory() etc. Once I got all these information in the connection information structure, I would associate the callout driver-defined context with a data flow and set the classify out action type to continue ( classifyOut->actionType = FWP_ACTION_CONTINUE; )
基本上我不会在此层阻止任何内容.
Basically I am not blocking anything at this layer.
在FWPM_LAYER_STREAM_V4层中,将根据特定条件检索和阻止已分配的数据流.
In FWPM_LAYER_STREAM_V4 layer, the asscoicated data flow will be retreived and blocked based on certain conditions.
因为 ExUuidCreate,ZwQueryInformationToken(),RtlLengthSid 等必须在PASSIVE_LEVEL上调用,并且< DISPATCH_LEVEL,我要么需要等待操作(这并不擅长FLOW_ESTABLISHED层),然后 需要将所有内容移至FWPS_LAYER_ALE_AUTH_CONNECT_Vx和FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_Vx层)或将调用ZwQueryInformationToken(...)移至异步工作程序,而无需等待WFP请求.
Since ExUuidCreate, ZwQueryInformationToken(), RtlLengthSid etc. must be called on PASSIVE_LEVEL and < DISPATCH_LEVEL, I need to either go for pending the operation (which is not good at the FLOW_ESTABLISHED layer) and need to move everything to FWPS_LAYER_ALE_AUTH_CONNECT_Vx and FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_Vx layers) or to move calling ZwQueryInformationToken(...) to asynchronous worker without pending of WFP requests.
1.根据我的业务要求,您能告诉我什么是最好的选择吗?
1. Could you please advise me what would be the best option according to the business requirements here ?
2.还请您告知我们是否可以多次调用异步工作程序(以获取连接GUID和用户信息),或者如果我在工作程序内进行多次操作是否还可以呢?
2. Also please could you advise whether we can call asynchronous worker multiple times (for getting the connection GUID and user information) or is it fine if I do multiple operations inside the worker ?.
3.了解我的过滤器要求后,能否请您告诉我我是否遵循正确的方法?
3. Understanding my filter requirements, could you please advise me whether I am following the right approach?
我们非常感谢您的帮助.谢谢.
Any help is greatly appreciated .Thanks in advance.
此致
克里希南(Krishnanand)
Krishnanand
推荐答案
您应该垂询ALE_AUTH_CONNECT& ALE_RECV_ACCEPT图层.进行您的PASSIVE_LEVEL通话.取消挂起时,您将在ALE_FLOW_ESTABLISHED中进行流量关联.
You should pend at the ALE_AUTH_CONNECT & ALE_RECV_ACCEPT layers. Do your PASSIVE_LEVEL calls. When you unpend, you would then do your flow association @ ALE_FLOW_ESTABLISHED.
您可以根据需要排队任意数量的工作项目.也可以在单个工作项中进行所有处理.对多个工作项进行排队只是意味着您需要等待所有工作完成.
You can queue as many work items as you need. It is also fine to do all of your processing in a single work item. Queueing multiple work items just means you need to wait until all are finished.
希望这会有所帮助,
这篇关于世界粮食计划署-在PASSIVE_LEVEL上执行代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
