Prior to Oracle Grid Infrastructure GI release 12.1.0.2, ASM Library ASMLIB was the only method to access storage devices by means of ASM Disks and Diskgroups.

Fun With Filters - Win2K/WDM Device Filter Drivers The NT Insider, Vol 7, Issue 1, Jan-Feb 2000 Published: 15-Feb-00 Modified: 05-Aug-02. The Windows NT.

The NT Insider:Fun With Filters - Win2K/WDM Device Filter Drivers

Filter Driver for Hitachi Microdrive Flash Drives. To make a USB flash drive or an SD card to be recognized as a hard drive in the system, you need a special filter.

The format of an HDF5 file on disk encompasses several key ideas of the HDF4 and AIO file formats as well as addressing some shortcomings therein.

Prior to Oracle Grid Infrastructure GI release 12.1.0.2, ASM Library ASMLIB was the only method to access storage devices by means of ASM Disks and Diskgroups. There were serious limitations to this method. The ASM disks were owned by GI home owner and both the owner and any users belonging to an operating system group designated as the OSASM group could read from and write to ASM disks using OS commands like strings, echo, dd etc. This led to compromising the security of data as well as accidental corruption of the data in the ASM disks and ASM disks themselves.

With Oracle Grid Infrastructure release 12.1.0.2, Oracle has introduced a new component called Oracle Automatic Storage Management Filter Driver Oracle ASMFD which is installed with an Oracle Grid Infrastructure installation. It is intended to overcome the limitations mentioned earlier and replace traditional ASMLIB. ASMFD is currently available only on the Linux operating system and can be completely managed by the ASMCMD command Line interface.

Oracle ASMFD is a kernel module that resides in the I/O path of the Oracle ASM disks. ASMFD uses the filter driver to validate write I/O requests to Oracle ASM disks. Any write I/O requests that are not issued by Oracle software e.g. using dd command are not committed to ASM disks. Thus it helps to prevent users, including those with administrative privileges, from inadvertently overwriting Oracle ASM disks, thereby preventing corruption of the data stored on ASM disk s within the disk group s. In case ASM disks have been configured on disk partitions, the filter protects the area on the disk managed by Oracle ASMFD, assuming the partition table is left untouched by the user.

Besides, Oracle ASMFD eliminates the need to rebind disk devices used with Oracle ASM each time the system is restarted.

If you have an existing Oracle ASM library driver Oracle ASMLIB configuration, and you want to employ ASMFD, you would need to configure Oracle ASMFD. This will remove Oracle ASMLIB and Oracle ASM devices will be configured to use Oracle ASMFD. In this article, I will demonstrate configuration of Oracle ASMFD in a standalone environment.

Currently, I have Oracle ASMLIB configured on my standalone system. OS user oracle is the owner of both GI home and Database home.

Verify that currently ASMLIB has been configured and ASMFD is not configured yet

We can verify that Oracle ASMLIB is configured and driver for oracleasm is currently loaded.

root host01 oracleasm scandisks

root host01 oracleasm listdisks

Let s check the permissions and location of ASM Disks.

The ASM Disks are block devices in /dev/oracleasm/disks owned by the GI owner oracle user. OS user oracle and anyone belonging to OS group dba which maps to OSASM privilege can read from and write to ASM disks. Thus the ASM disks are vulnerable to accidental Disk and or Data corruption.

root host01 disks ls -lrt /dev/oracleasm/disks

brw-rw---- 1 oracle dba 8, 6 Apr 20 ASMDISK01

brw-rw---- 1 oracle dba 8, 7 Apr 20 ASMDISK02

brw-rw---- 1 oracle dba 8, 8 Apr 20 ASMDISK03

brw-rw---- 1 oracle dba 8, 9 Apr 20 ASMDISK04

brw-rw---- 1 oracle dba 8, 10 Apr 20 ASMDISK05

brw-rw---- 1 oracle dba 8, 11 Apr 20 ASMDISK06

brw-rw---- 1 oracle dba 8, 12 Apr 20 ASMDISK07

brw-rw---- 1 oracle dba 8, 13 Apr 20 ASMDISK08

brw-rw---- 1 oracle dba 8, 14 Apr 20 ASMDISK09

brw-rw---- 1 oracle dba 8, 15 Apr 20 ASMDISK10

We can verify that ASMFD is not configured.

oracle host01 asmcmd afd_lsdsk

oracle host01 disks asmcmd afd_state

ASMCMD-9526: The AFD state is NOT INSTALLED and filtering is DEFAULT on host

ASM SELECT SYS_CONTEXT SYS_ASMFD_PROPERTIES, AFD_STATE FROM DUAL;

SYS_CONTEXT SYS_ASMFD_PROPERTIES, AFD_STATE

--------------------------------------------------------------------------------

Create a table in an ASM tablespace

Let s find out candidate disks which are not part of any disk group yet.

oracle host01 asmcmd lsdsk --candidate

ASM create diskgroup test external redundancy disk ORCL:ASMDISK10 ;

ORCL create tablespace ASMTBS datafile TEST ;

ORCL create table hr.asm_tab tablespace ASMTBS as select from hr.employees;

select count from hr.asm_tab where last_name King ;

Migrate ASM disks to use ASMFD

Let s find out disks in DATA and TEST disk groups

oracle host01 disks asmcmd lsdsk -G DATA

oracle host01 disks asmcmd lsdsk -G TEST

Let s make a note of current disk discovery path. It currently points to ASMLIB disks.

oracle host01 disks asmcmd dsget

oracle host01 disks srvctl config asm

Spfile: DATA/ASM/ASMPARAMETERFILE/registry.253.872686839

ASM diskgroup discovery string: ORCL:

Now, let s start with the migration.

Update the ASM Disk discovery path to enable ASMFD lookup

Once we label the disk, it will show up as AFD: and that name will be used for disk discovery.

AS GI owner, set the ASM discovery string to include AFD. as well:

oracle host01 root asmcmd dsset ORCL:, AFD:

We have updated ASM disk discovery string. Now, when we configure ASMFD it would be able to discover and migrate the existing disks.

Bring down the Clusterware stack

root host01 dev srvctl stop asm -f

root host01 dev crsctl stop has

CRS-2791: Starting shutdown of Oracle High Availability Services-managed resources on host01

CRS-2673: Attempting to stop ora.evmd on host01

CRS-2673: Attempting to stop ora.LISTENER.lsnr on host01

CRS-2677: Stop of ora.LISTENER.lsnr on host01 succeeded

CRS-2677: Stop of ora.evmd on host01 succeeded

CRS-2673: Attempting to stop ora.cssd on host01

CRS-2677: Stop of ora.cssd on host01 succeeded

CRS-2793: Shutdown of Oracle High Availability Services-managed resources on host01 has completed

CRS-4133: Oracle High Availability Services has been stopped.

Now, we are ready for the migration process.

This step will deconfigure ASMLIB, configure ASMFD and migrate the disks from ASMLIB to ASMFD.

root host01 asmcmd afd_configure

Connected to an idle instance.

AFD-627: AFD distribution files found.

AFD-636: Installing requested AFD software.

AFD-637: Loading installed AFD drivers.

AFD-9321: Creating udev for AFD.

AFD-9323: Creating module dependencies - this may take some time.

AFD-9154: Loading oracleafd.ko driver.

AFD-649: Verifying AFD devices.

AFD-9156: Detecting control device /dev/oracleafd/admin.

AFD-638: AFD installation correctness verified.

Modifying resource dependencies - this may take some time.

ASMCMD-9524: AFD configuration failed ERROR: OHASD start failed

ASMCMD-9524: AFD configuration failed ERROR: OHASD start failed

We can ignore the last error for now but we do have a working ASMFD now.

ASMCMD-9526: The AFD state is LOADED and filtering is DEFAULT on host host01.example.com

Note that the folder for oracleasm has been emptied and ASMFD has created a folder /dev/oracleafd where all the ASM disks are visible such that root is the owner of disks and only root can read from or write to ASM disks.

drwxrwx--- 3 oracle dba 80 Apr 20 oracleafd

drwxr-xr-x 2 root root 40 Apr 20 oracleasm

root host01 oracleasm ls -l /dev/oracleasm/

ls: /dev/oracleasm/ : No such file or directory

root host01 dev ls -l /dev/oracleafd/disks

-rw-r--r-- 1 root root 10 Apr 20 ASMDISK01

-rw-r--r-- 1 root root 10 Apr 20 ASMDISK02

-rw-r--r-- 1 root root 10 Apr 20 ASMDISK03

-rw-r--r-- 1 root root 10 Apr 20 ASMDISK04

-rw-r--r-- 1 root root 11 Apr 20 ASMDISK05

-rw-r--r-- 1 root root 11 Apr 20 ASMDISK06

-rw-r--r-- 1 root root 11 Apr 20 ASMDISK07

-rw-r--r-- 1 root root 11 Apr 20 ASMDISK08

-rw-r--r-- 1 root root 11 Apr 20 ASMDISK09

-rw-r--r-- 1 root root 11 Apr 20 ASMDISK10

The disks can now be viewed from ASM Filter Driver Module.

root host01 oracleasm asmcmd afd_lsdsk

We can verify that the configuration process has stopped the ASMLIB kernel module

root host01 dev service oracleasm status

Checking if /dev/oracleasm is mounted: no

We are almost done with the migration as ASMFD is loaded and the existing disks are already mapped. Once we start the Clusterware stack, we will update few configuration settings to make ASMFD persistent.

root host01 disks crsctl start has

CRS-4123: Oracle High Availability Services has been started.

We can verify that driver for ASMFD has been loaded.

root host01 oracleasm lsmod grep oracle

root host01 dev srvctl start asm

Verify that ASMFD has been successfully configured and ASM disks have been migrated

-----------------------------------------------------------------------------------------------------------

ASM select name, path, total_mb, free_mb from v asm_disk;

--------------- -------------------- ---------- ----------

ASMDISK01 AFD:ASMDISK01 3914 3865

ASMDISK02 AFD:ASMDISK02 3914 3862

ASMDISK03 AFD:ASMDISK03 3914 3867

ASMDISK04 AFD:ASMDISK04 3914 3871

ASMDISK10 AFD:ASMDISK10 3914 3761

Set ASM_DISKSTRING and AFD_DISKSTRING to AFD:

Currently, parameter ASM_DISKSTRING points to both ASMLIB and ASMFD disks. Since ASMLIB has been deconfigured, we can remove ORCL: from the parameter so that the parameter points to ASMFD disks only.

------------------------------------ ----------- ------------------------------

asm_diskstring string ORCL:, AFD:

ASM ALTER SYSTEM set asm_diskstring AFD: ;

We can also set discovery string for ASMFD disks to AFD:

ASM ALTER SYSTEM AFD_DISKSTRING SET AFD: ;

oracle host01 asmcmd afd_dsget

ASM SELECT SYS_CONTEXT SYS_ASMFD_PROPERTIES, AFD_DISKSTRING FROM DUAL;

SYS_CONTEXT SYS_ASMFD_PROPERTIES, AFD_DISKSTRING

oracle host01 srvctl config asm

ASM diskgroup discovery string: AFD:

Validate that ASM Diskgroups have migrated and are using ASMFD

oracle host01 srvctl status diskgroup -diskgroup DATA

Disk Group DATA is running on host01

oracle host01 srvctl status diskgroup -diskgroup TEST

Disk Group TEST is running on host01

Validate if the diskgroups are migrated and using ASMFD

oracle host01 asmcmd lsdsk -G DATA

oracle host01 asmcmd lsdsk -G TEST

root host01 disks crsctl stat res -t

Name Target State Server State details

ONLINE ONLINE host01 Started,STABLE

-------------------------------------------------------------------------------

Verify that our data is intact after migration

ORCL select tablespace_name, file_name from dba_data_files where tablespace_name ASMTBS ;

------------------------------ ------------------------------

ASMTBS TEST/ORCL/DATAFILE/asmtbs.256.877540769

ORCL select count from hr.asm_tab where last_name King ;

Let s explore the disks located under /dev/oracleafd/disks/.

These are actually just the text files owned by root pointing to the actual disks on which the ASM disks are configured as opposed to ASMLIB disks which were block devices owned by GI owner.

root host01 disks file /dev/oracleafd/disks/ASM

/dev/oracleafd/disks/ASMDISK01: ASCII text

/dev/oracleafd/disks/ASMDISK02: ASCII text

/dev/oracleafd/disks/ASMDISK03: ASCII text

/dev/oracleafd/disks/ASMDISK04: ASCII text

/dev/oracleafd/disks/ASMDISK05: ASCII text

/dev/oracleafd/disks/ASMDISK06: ASCII text

/dev/oracleafd/disks/ASMDISK07: ASCII text

/dev/oracleafd/disks/ASMDISK08: ASCII text

/dev/oracleafd/disks/ASMDISK09: ASCII text

root host01 disks ls -l /dev/oracleafd/disks/ASM

root host01 disks cat /dev/oracleafd/disks/ASM

root host01 log ls -l /dev/sda

brw-r----- 1 root disk 8, 0 Apr 20 /dev/sda

brw-r----- 1 root disk 8, 1 Apr 20 /dev/sda1

brw-r----- 1 root disk 8, 10 Apr 20 /dev/sda10

brw-r----- 1 root disk 8, 11 Apr 20 /dev/sda11

brw-r----- 1 root disk 8, 12 Apr 20 /dev/sda12

brw-r----- 1 root disk 8, 13 Apr 20 /dev/sda13

brw-r----- 1 root disk 8, 14 Apr 20 /dev/sda14

brw-r----- 1 root disk 8, 15 Apr 27 /dev/sda15

brw-r----- 1 root disk 8, 2 Apr 20 /dev/sda2

brw-r----- 1 root disk 8, 3 Apr 20 /dev/sda3

brw-r----- 1 root disk 8, 4 Apr 20 /dev/sda4

brw-r----- 1 root disk 8, 5 Apr 20 /dev/sda5

brw-r----- 1 root disk 8, 6 Apr 27 /dev/sda6

brw-r----- 1 root disk 8, 7 Apr 20 /dev/sda7

brw-r----- 1 root disk 8, 8 Apr 20 /dev/sda8

brw-r----- 1 root disk 8, 9 Apr 20 /dev/sda9

Verify that when filter is enabled it does not allow OS commands to alter the contents of ASM disks

We can check that filtering is enabled on AFD disks.

Now non-root users have no way to read directly from ASM disks using OS command strings. Root user can still read the content of ASM disks cirectly.

oracle host01 disks strings /dev/sda15 grep King

strings: /dev/sda15: Permission denied

root host01 log strings /dev/sda15 grep King

For ASM disk writes, we get a layer of protection for both root and non-root users. I will demonstrate it for both echo and dd commands.

oracle host01 disks echo corrupt /dev/sda15

bash: /dev/sda15: Permission denied

When we try to write to underlying disk using echo as a root user, although the echo command is successful, the I/O were rejected by ASMFD which can be confirmed by looking into /var/log/messages.

root host01 log echo corrupt /dev/sda15

root host01 log more /var/log/messages

quest_fn: write IO on ASM managed device major 8/minor 15 not supported i 10

pstart 186868143 pend 194884515

Apr 27 :51 host01 kernel: Buffer I/O error on device sda15, logical block 0

Apr 27 :51 host01 kernel: lost page write due to I/O error on sda15

Similarly when we try to modify contents of ASM disk using dd command, GI owner is denied permission where command succeeds for root without any effect though as can again be verified from /var/log/messages.

oracle host01 disks dd if /dev/zero of /dev/sda6 count 100 bs 2M

dd: opening /dev/sda6 : Permission denied

root host01 log dd if /dev/zero of /dev/sda15 count 10 bs 2M

20971520 bytes 21 MB copied, 0.013702 seconds, 1.5 GB/s

Apr 27 :06 host01 kernel: F 4306319.693/150427060406 pdflush 363 afd_mkrequest_fn: write IO on ASM managed device major 8/minor 15 not supported i 10 start 186868143 seccnt 4 pstart 186868143 pend 194884515

Let us disable filter for all disks

oracle host01 root asmcmd afd_filter -d

oracle host01 root asmcmd afd_lsdsk

Now that filter is disabled, let us try to perform write I/O on ASMDISK10.

It can be seen although non-root user can still not write to ASM disk but root user can alter the contents of ASM Disks leading to corruption of Data in the ASM Disks and ASM disks themselves.

root host01 strings /dev/sda15 grep corrupt

oracle host01 disks dd if /dev/zero of /dev/sda15 count 100 bs 2M

root host01 dd if /dev/zero of /dev/sda15 count 1000 bs 2M

2097152000 bytes 2.1 GB copied, 4.38152 seconds, 479 MB/s

ORCL alter system flush buffer_cache;

select count from hr.asm_tab where last_name King

ORA-01578: ORACLE data block corrupted file 2, block 130

ORA-01110: data file 2: TEST/ORCL/DATAFILE/asmtbs.256.877540769

ASM select name, STATE from v asm_diskgroup;

------------------------------ -----------

ASM alter diskgroup test mount;

ORA-15032: not all alterations performed

ORA-15017: diskgroup TEST cannot be mounted

ORA-15040: diskgroup is incomplete

Oracle Automatic Storage Management Filter Driver Oracle ASMFD can overcome the limitations of and replace traditional ASMLIB. When filter is enabled,

– Contents of ASMFD disks can only be read using OS commands by root user

– Contents of ASMFD disks cannot be altered using OS commands by any user

Thus, any write I/O performed to ASM disks by will be validated by the filter and corruption of data on ASM disks by non-oracle software will be eliminated.

Fun With Filters - Win2K/WDM Device Filter Drivers

The NT Insider, Vol 7, Issue 1, Jan-Feb 2000 Published: 15-Feb-00 Modified: 05-Aug-02

The Windows NT operating system has always included the ability for one device driver to filter the Device Objects created by another driver.While the actual filtering mechanism has changed very little since NT was first introduced, the advent of Windows 2000 and WDM has greatly changed the architecture of device filtering.In this article, we ll explore some of the most important changes in device filters in Windows 2000.We ll start by describing what device filter drivers are, and briefly describe how they were implemented in NT V4.Next, we ll talk about Win2K, and how filters for device drivers get installed and instantiated.Then we ll discuss the difference between upper and lower filters, and why those lower filters aren t nearly as useless as they sound when you first hear about them.

We re going to stick to discussing how to filter devices.So, what we will explicitly not discuss in this article is how file system filtering is accomplished in Windows 2000.We ll leave that topic for a whole different article, perhaps even a series of them.

Filtering Basics - Before Win2K

Back in the days of Windows NT V4, device driver filtering was a pretty straightforward process. A driver created some Device Objects and gave each one a name.If another driver wanted to intercept all the I/O requests that went to that first device driver it needed to filter the Device Objects created by the first driver.To do this, the filtering driver would create a Device Object of its own for each Device Object to be filtered.The filtering driver than attached the Device Object that it created to the Device Object to be filtered.This is typically done by calling IoAttachDevice, which takes as arguments the name of the Device Object to be filtered and a pointer to the Device Object that will be used to perform the filtering.

It s really only confusing to write about.As an example, consider an NT V4 filter driver that has the job of counting the writes that are sent to SCSI disk devices.This driver decides to filter the SCSI port device to carry out its mission.The filter driver knows the SCSI port driver creates Device Objects named ScsiPort0, ScsiPort1, etc.So, in order to intercept all the I/O requests sent to the SCSI adapter so he can determine if the request represents a write is to a disk unit, and count it if it is, the filter driver creates one usually unnamed Device Object of his own for each Device Object the SCSI port driver creates. The filter driver then attaches one of the Device Objects it created to each of the SCSI Port Device Objects. Thus, to filter the I/O requests destined for the device ScsiPort0, a filter driver would create his own, unnamed, Device Object, and attach it to the Device Object named ScsiPort0 as follows:

RtlInitUnicodeString deviceNameToFilter,

Pretty easy, right.There are some disadvantages to this scheme, however.The most obvious disadvantage is that the filter driver has to have predefined knowledge of the names of the Device Objects it wants to filter. Suppose you need to filter all the Device Objects that represent SCSI Devices in the system.And, suppose one of your customers installs some OEM adapters that use a non-miniport SCSI port driver that names its first Device Object Joe_Bloggs_Slightly_Used_SCSI_Adapters_Pty_Ltd_Port_A.

The second complexity of the NT V4 scheme is that you must carefully control the load-order of the filter driver.The filter driver must only be started after the driver being filtered.Otherwise, when the filter driver starts, the Device Objects it wants to filter won t yet exist, and the call to IoAttachDevice will fail.

Well, if Windows 2000 didn t completely replace NT s I/O subsystem, it at least shook its foundations.Devices can arrive and leave at almost any time.Device Objects names are no longer pre-defined and static.Lots of new port devices exist.And there are plenty of changes that affect device filter drivers.

I m not going to describe too much detail about how devices get enumerated, or drivers get loaded and initialized. I ve talked about this a bunch of times in previous articles. I ll assume you already know the basics of how device drivers on Win2K work.If you don t, take our Writing Kernel Mode Drivers For Windows 2000/WDM seminar and I ll tell you all about it then.

Having said that, check out Figure 1, as you recall the arrangement of the Win2K device stack.Some bus driver let s say the PCI driver for the sake of convenience finds a SCSI adapter on the bus, and creates a Physical Device Object PDO that represents that adapter.The PCI bus driver reports the creation of this PDO to the PnP Manager.As a result, the PnP Manager loads the SCSI adapter driver.The SCSI adapter driver is then called at its AddDevice entry point where it is passed a pointer to the PDO created by the bus driver.The SCSI adapter driver then creates his Functional Device Object FDO and still in its AddDevice entry point attaches that FDO to the underlying PDO.

Next, the SCSI adapter driver acts like a bus driver because it is, in fact, a bus driver – they don t call it a SCSI bus for nothin and enumerates the devices on the SCSI bus.For each device the SCSI adapter driver finds on the bus, it creates a PDO, and reports the existence of the PDOs it creates to the PnP Manager.

As a result of being informed about the creation of these new PDOs, the PnP Manager loads the SCSI disk class driver.The SCSI disk class driver is called it at its AddDevice entry point once for each PDO that represents a disk device these PDOs having been created by the SCSI adapter driver to represent devices on its bus. Within its AddDevice routine, the SCSI disk class driver creates an FDO that represents the functional instance of a disk device, and attaches that FDO to the underlying PDO passed to it.

The process continues, as the disk class driver acts as a bus driver and enumerates disk partitions for each disk, etc.And so it goes, on up the stack.

Eventually, once the stack is fully set-up, somebody will issue a disk request.The IRP that represents this request will be passed-down the device stack from driver to driver.Typically though not always the device to which a higher-level driver passes its IRPs is the underlying PDO device to which its FDO is attached.For example, the disk class driver will be called with an IRP at one of its dispatch entry points.It will process this IRP by reading parameters from the current I/O stack location in the IRP, setting up the next I/O stack location, and passing the IRP down to a specific SCSI disk PDO.

The good news if you can call it that is that device filter drivers in Win2K get loaded, initialized, and started almost exactly the same way as any other Win2K device driver.When the driver is first loaded, its DriverEntry entry point is called.At this point the filter driver does the typical driver-wide initialization activities, like exporting its other entry point by filling in its Driver Object.When a device is found to filter, the filter driver s AddDevice entry point is called with a pointer to a Device Object below it. So, where a typical hardware driver would be passed a pointer to an underlying PDO at its AddDevice entry point, a filter driver is a passed a pointer to an underlying device to filter.When the device being filtered gets its resources, the filter driver gets an IRP_MJ_PNP, IRP_MN_START_DEVICE IRP.

The rest of a filter device s operations are similarly straight-forward.When the filter driver is called with an IRP, it does whatever it wants with or to that IRP – Just as it did in NT V4 – and then passes it on assuming it wants to to the underlying driver.

To continue our example of the filter driver that counts writes to SCSI disk devices, this filter driver would determine if any request it receives is a write operation ignoring, for the moment, whether or not the request is being sent to a disk, if the request is for a write the driver counts it, sets up the next IRP stack location and then passes the request on to the driver below it using IoCallDriver. This is not rocket science we re talking about here.It s all pretty mundane stuff.

There is one concept about Win2K device filtering has confused more than one experienced NT driver writer, however.In Win2K, a filter driver can be either an upper filter or a lower filter.An upper filter receives requests before the device it filters receives them.A lower filter receives requests after the device being filters receives them, assuming the filtered device passes them down.

The concept of a lower filter has occasioned more than a few guffaws from NT V4 cognoscenti: Gee, given a device stack like DeviceA, DeviceB, DeviceC if I want to filter all the IRPs going to DeviceC, I wonder if I should write an upper filter of DeviceC or a lower filter of DeviceB.Maybe we should have a design review. Guffaw twitter giggle. As if it makes any difference. Nudge nudge, wink wink, aren t we smart, say no more.

Well, lads, I m afraid you ve just stuffed your Nike s into your mouth about up to the knee.The only problem with the above snicker-soaked soliloquy is that it s totally wrong, as a result of being NT V4 centric.It doesn t take into account the Win2K driver model, and the difference between FDOs and PDOs.So, while the speaker may be an NT V4 god, it s pretty clear that he/she doesn t really understand how Win2K works.

Filters are specified in Win2K in relation to FDOs, not in relation to PDOs.Thus check out Figure 1 again it is almost never the case that the lower filter of one device, and the upper filter of the device the immediately follows it in the device stack, are equivalent.

Let s return once again to the example of wanting to filter all the SCSI disk devices.To accomplish this, we would want our driver to be a lower filter of the disk class driver.That places our Device Objects directly below the FDOs created by the disk class driver and above the PDOs created by the SCSI adapter driver for any disk type devices.At this location, we will receive any I/O requests destined for SCSI disk type devices, after the disk class driver has processed those requests. We will not receive requests for other SCSI device types CD-ROM, tape, or the like. Also, note that being a lower filter of the disk class driver most decidedly does not make our device an upper filter of the SCSI adapter driver.

I ve found that the best way well, for me it s also the only way to figure out where you want your filter driver to load is to sit down and carefully diagram the part of the device stack you re filtering.Use squares for the PDOs and circles for the FDOs, or whatever other distinctive geometric shapes turn you on.Check your concept of how the device stack looks against several real systems OSR s newly re-written and highly revised DeviceTree utility, available for free download from the OSR web site, actually shows the device enumeration tree and the relationship of PDOs and FDOs in the system – There s nothing better with which to check out your ideas. When you re sure you know how the PDOs and FDOs stack up, you ll know precisely where you want your filter installed.

Filter driver installation is another major differences between NT V4 and Win2K.After you ve created the usual service entry in the registry HKLM System CCS Services, you ll need to add your driver s name to the UpperFilters or LowerFilters value for the device you want to filter.

In Win2K, you must choose whether you want to filter one or more specific instances of a device, or an entire class of devices.This determines where you make your UpperFilters or LowerFilters Registry entry.To filter an entire class of device, which includes those devices presently installed and those which may be installed in the future by the user, place the name of your driver in a REG_MULTI_SZ value named UpperFilters or LowerFilters under the Registry key:

Where is the setup class of the device you want to filter.For example, continuing our example again, to be a lower filter of any disk devices, you would create a REG_MULTI_SZ value named LowerFilters set equal to your driver name, and place that entry in:

HKLM SYSTEM CCS Control Class 4D36E967-E325-11CE-BFC1-08002BE10318

This is done programmatically using the Registry API.In fact, check out the above key in any Win2K system.You ll see that there are already two drivers listed as UpperFilters for this class.These are PartMgr the Partition Manager and DiskPerf the Disk Performance Filter.

Alternatively, you may choose to filter only specific device instances.To do this, put the name of your driver in a REG_MULTI_SZ value named UpperFilters or LowerFilters under the key:

This is done programmatically using the function SetupDiSetDeviceRegistryProperty for property SPDRP_UPPERFILTERS or SPDRP_LOWERFILTERS.The DDK program AddFilter adds filters for specific device instances only. Check out that program for an example of how to use the lovely SetupDiXxxx interface. You ll find it in ntddk src storage filters addfilter.

Filter Exploration and Caveats

So, that s the skinny on device filters in Win2K.If you want to do more filter exploration, and possibly add filters interactively to your system for debugging or testing, check out our FilterMan utility, available for free download from the OSR web site.

As for caveats, whenever you re writing a filter driver, make certain that you pay special attention to the issue of I/O completion, especially if you utilize a completion routine in your IRPs.Remember the all-important if Irp- PendingReturned IoMarkIrpPending ; If you don t know what I m talking about, check out The NT Insider back issues for the article on I/O Completion for a refresher.

Rate this article and give us feedback. Do you find anything missing. Share your opinion with the community.

Oracle Automatic Storage Management Filter Driver (Oracle ASMFD)

KMDF Filter Driver: 30-Minutes -- Installation: AhSomewhat Longer The NT Insider, Vol 13, Issue 1, Jan-Feb 2006 Published: 08-Mar-06 Modified: 08-Mar-06.