Dev Center - Desktop >
What is the difference of the result between FwpsAleEndpointEnum and FwpsAleEndpointGetById?

Answered What is the difference of the result between FwpsAleEndpointEnum and FwpsAleEndpointGetById?

  • Friday, July 13, 2012 7:32 AM
     
     
    Sign In to Vote
    0

    Hi...

    What is the difference of the result between FwpsAleEndpointEnum and FwpsAleEndpointGetById?

    In Windows 7

    1. Call FwpsAleEndpointCreateEnumHandle( handle, NULL, &enumhandle );
       Call FwpsAleEndpointEnum( handle, enumhandle, 1024, &ppEntry, &u32EntriesReturn );

    And

    2. for (uIndex = 0; uIndex < 0xffff; uIndex++)
       {
          FwpsAleEndpointGetById( handle, uIndex, ppEntry );
       }

    [Resut]
    1 is 5 entries.
    2 is 18 entries.

    I can get some entries that cannot get when calling FwpsAleEndpointEnum, by calling FwpsAleEndpointGetById

    Why different??

    Andy Kim


     

All Replies

  • Friday, July 13, 2012 8:59 PM
    Moderator
     
     Proposed Answer
    Sign In to Vote
    0

    Enum looks at the snapshot of the point in time when you created the enumHandle.  GetById looks at the instance of the current state.  This means if you were to call CreateEnumHandle, close all endpoints, and then call enum, you would see the entries from before the endpoints were closed.

    Hope this helps,

    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

     
  • Saturday, July 14, 2012 2:05 AM
     
     
    Sign In to Vote
    0

    Thanks reply, D Harper.

    But in my case, the test results were different from what you said.

    1. my test application opens tcp socket to listen.

    2. wfp callout driver load(the driver call FwpsAleEndpointEnum())

    3. But the driver can't get the entry of my application(still listenning).

    How can i get the entries of pre-existing listenning endpoints when callout driver load?

    Andy Kim

     
  • Monday, July 16, 2012 9:41 PM
    Moderator
     
     
    Sign In to Vote
    0

    For Native TCP endpoints, they must be connected in order to be enumerated (i.e. FLOW_ESTABLISHED would get triggered).  If an enumTemplate is supplied, then only those endpoints matching the template criteria will be returned.

    For non-Native TCP (Raw) and non-TCP endpoints, all endpoints matching the enumTemplate (if provided) will be enumerated.

    Hope this helps,

    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

     
  • Thursday, July 26, 2012 5:32 AM
     
     
    Sign In to Vote
    0

    If so, is there another way to get an information of listening endpoint(native tcp)?

    Andy Kim

     
  • Thursday, July 26, 2012 7:46 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Does GetTcpTable, GetTcp6Table, GetUdpTable, and GetUdp6Table meet your needs?

    Hope this helps,

    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------