none
Is FWPS_FILTER_FLAG_CLEAR_ACTION_RIGHT a suboptimal design because it is needless? RRS feed

  • Question

  • MSDN says:

    "This flag indicates to a callout's classifyFn callout function that it should always clear the FWPS_RIGHT_ACTION_WRITE flag when it returns either FWP_ACTION_BLOCK or FWP_ACTION_PERMIT for the suggested action. If this flag is not set, a callout's classifyFn callout function should only clear the FWPS_RIGHT_ACTION_WRITE flag when it returns FWP_ACTION_BLOCK for the suggested action."

    I think this is a suboptimal design. Why deos the engine not encapulate this requirement in its own logic?

    In other words, if the engine finds it is necessary to ensure that the FWPS_RIGHT_ACTION_WRITE flag is cleared after calling a classifyFn, why does it require the classifyFn to do so, rather than do it in its own logic like the following:

    [engine's psuedo-code:]

    if (it is necessary to ensure that the FWPS_RIGHT_ACTION_WRITE flag is cleared after calling a classifyFn)
    {
        if (FWP_ACTION_BLOCK == classifyOut->actionType || FWP_ACTION_PERMIT == classifyOut->actionType)
        {
            ClearFlag(classifyOut->rights, FWPS_RIGHT_ACTION_WRITE); 
        }
    }

    If so, the FWPS_FILTER_FLAG_CLEAR_ACTION_RIGHT flag would be needless, and the logic of classifyFn would be more simple and more elegant, wouldn't it?

    Wednesday, January 16, 2013 11:52 AM

Answers

  • This is a mechanism for the FWPM_FILTER to tell the callout what to do.  This flag is set in the FWPS_FILTER when the FWPM_FILTER that is added has the FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT flag set.  There are plenty of other ways to do this same kind of thing using the providerContext, or raw Context, etc ...

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Wednesday, January 16, 2013 5:28 PM
    Moderator