locked
Is this code right? RRS feed

  • Question

  • <br/>VOID NTAPI
    TransportClassify(
    			IN const FWPS_INCOMING_VALUES0 *inFixedValues,
    			IN const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues,
    			IN OUT VOID *layerData,
    			IN const FWPS_FILTER0 *filter,
    			IN UINT64 flowContext,
    			OUT FWPS_CLASSIFY_OUT0 *classifyOut
    			)
    {
    	NTSTATUS status;
    	NET_BUFFER_LIST * nbl;
    	NET_BUFFER * nb;
    	PTCPHEADER tcpheader = NULL;
    	ULONG Index = 0;
    	ULONG Protocol = 0;
    
    	Index = FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_PROTOCOL;
    	Protocol = inFixedValues->incomingValue[Index].value.uint8;
    	
    	if(Protocol != 6)
    	{
    		DbgPrint("Protocol %X\n",Protocol);
    		return;
    	}
    
    	DbgPrint("TransportClassify\n");
    
    	status = FwpsAllocateCloneNetBufferList0(
    		(NET_BUFFER_LIST*)layerData,
    		NULL,
    		NULL,
    		0,
    		&nbl);
    
    	if (!NT_SUCCESS(status))
    	{
    		DbgPrint("Cannot AllocateCloneNetBufferList: %lx", status);
    		return;
    	}
    
    	nb = NET_BUFFER_LIST_FIRST_NB(nbl);
    	if(nb == NULL)
    	{
    		DbgPrint("NET_BUFFER_LIST_FIRST_NB return NULL\n");
    		return;
    	}
    
    	tcpheader = (PTCPHEADER)NdisGetDataBuffer(
    		nb,
    		sizeof(TCPHEADER),
    		NULL,
    		sizeof(UINT16),
    		0);
    
    	if(tcpheader == NULL)
    	{
    		DbgPrint("NdisGetDataBuffer return NULL\n");
    		return;
    	}
    
    	DbgPrint(" %X %X %d\n", tcpheader->sourcePort ,tcpheader->destinationPort ,
    		tcpheader->flags);
    
    	if (nbl != NULL)
    		FwpsFreeCloneNetBufferList0(nbl, 0);
    
    }
    
    

    In FWPM_LAYER_OUTBOUND_TRANSPORT_V4 Layer in classifyFn0  function

    i get the tcp head, but sometimes printf the "NdisGetDataBuffer  return NULL"

    some wrong in this code?  Please help me to correction!

    thank you!

     

    "

    Wednesday, July 27, 2011 8:37 AM

Answers

  • I'm not seeing any obvious mistakes... Are you sure this is only being called for OUTBOUND?  You may want to guarantee this by checking the layerId and exiting the function if its not.

     

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    • Marked as answer by nzihjoon Tuesday, August 2, 2011 1:08 AM
    Wednesday, July 27, 2011 7:14 PM
    Moderator

All replies

  • I'm not seeing any obvious mistakes... Are you sure this is only being called for OUTBOUND?  You may want to guarantee this by checking the layerId and exiting the function if its not.

     

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    • Marked as answer by nzihjoon Tuesday, August 2, 2011 1:08 AM
    Wednesday, July 27, 2011 7:14 PM
    Moderator
  • i am sure !  I only register one callout that is FWPM_LAYER_OUTBOUND_TRANSPORT_V4 layer!

    but i can always see the message "NdisGetDataBuffer return NULL" in dbgview !

    I want to filter packets on the computer!

    Thursday, July 28, 2011 1:54 AM
  • I would suggest putting an ASSERT before the debug statement.  when the assert hits, look at the NBL. (you can post the outcome here and I'll see if I can help you further)

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, July 28, 2011 5:58 AM
    Moderator