stackoom
  简体   繁体   中英

NDIS LWF driver causing issues for WFP drivers in the network stack?

 原文  2021-10-13 10:44:09       windows-kernel/ ndis/ kmdf/ wfp

Question

I have written a NDIS LWF driver, that gathers send/recv packets, and sends them to the user service, and the user service marks those that are OK, and then we indicate/send those packets that were marked as OK. Note that we first use NdisFSendNetBufferListComplete (in case of send) and NdisFIndicateREceiveNetBufferLists (in case of receive) in our LWF callbacks, and then we send the packets to the user afterwards, and we finally send/indicate those that are marked as OK.

But i have noticed that this is causing the windows 10's task manager to show 0% in every process for their network usage in the processes tab, even tho they are not 0%. And when i turn off the driver it get fixed.

But the weird thing is that his doesn't happen in the performance->ethernet tab and in the resource monitor program, and both of them show the actual network usage.

So what is causing this, and why can the resource monitor and the network tab still see the network usage? I think this has to do with the fact that probably resource monitor uses an NDIS filter and the network usage in the processes tab is using a WFP, but I'm not sure.

1 answers

solution1
 0  2021-10-14 19:49:03

Does your driver call NdisCopySendNetBufferListInfo and NdisCopyRecieveNetBufferListInfo ?

The per-app accounting is indeed tracked using WFP callouts. There is a WFP callout at the top of the network stack that attaches app identity to each NET_BUFFER_LIST. There is another WFP callout at the bottom of the network stack (closest to the hardware) that does the actual byte-counting and bills each app for its network consumption.

If you simply clone the NET_BUFFER_LIST, that doesn't by default copy the app identity that is attached to the NET_BUFFER_LIST. You need to also call one of NdisCopySendNetBufferListInfo or NdisCopyRecieveNetBufferListInfo to copy that metadata.

Coincidentally there was another NDIS question yesterday for which I am writing the same answer ;) . So rather than write it all out again, you can refer to what I wrote here: Send doesn't work properly in my NDIS modifying filter driver

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Attach NDIS LWF driver to a Virtual Network Adapter? (Kerio) Is it possible to change our NDIS LWF's altitude on the LWF stack? User mode driver with NDIS Send doesn't work properly in my NDIS modifying filter driver How can I read the received packets with a NDIS filter driver? How can I send arbitrary packets with a NDIS filter driver? WFP kernel-mode driver's DriverEntry getting called differently on some machines? Windows Kernel Driver: ZwAllocateVirtualMemory causing thread to terminate NdisChainBufferAtBack substitution in NDIS 6 Get variables datatypes in kernel mode drivers windows
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM