1

I'm using the Windows Filter Platform to implement a simple firewall application. Actually my driver is a callout driver and it can intercept 2 kinds of event: FWPM_LAYER_ALE_AUTH_CONNECT_V4 and FWPM_LAYER_ALE_AUTH_LISTEN_V4.

The driver can communicate with usermode app using inverted call model: the usermode app performs some IOCTLs, the driver save them on a queue and return a buffer when an event is triggered.

I have only a problem. I need receive a response from usermode app to the driver, so that the driver can block or permit the connection.

In past i have worked on a minifilter driver and i have used FltCreateCommunicationPort to send an event to usermode and wait a response from it ( with FltSendMessage from minifilter).

So the question: Is there something like this with WPF?

Masamune
  • 11
  • 4

2 Answers2

0

not sure if WFP provides such mechanism. But if your requirement is to share some notification events between user and kernel mode then you can use something similar as described in http://www.osronline.com/article.cfm?id=108.

K Singh
  • 1,710
  • 1
  • 17
  • 32
0

WFP framework does not have any api like FltCreateCommunicationPort, you need to implement IOCTL and FwpsPendOperation0 and FwpsCompleteOperation0 WFP apis, check WDK WFP inspect sample.

Andy
  • 338
  • 3
  • 10