none
WFP: nslookup domain controller issue RRS feed

  • Question

  • Our callout driver is dropping and re-injecting packets at FWPM_LAYER_DATAGRAM_DATA_V4.

    Problem is on domain controller machines, nslookup is timing out.
    before re-injecting the packet the code is,
    if (nblOffset != packet->nblOffset)
    {
    ASSERT(packet->nblOffset - nblOffset == packet->transportHeaderSize);
    packet->transportHeaderSize = 0;
    }

    //
    // Adjust the net buffer list offset to the start of the IP header.
    // 
    NdisRetreatNetBufferDataStart( netBuffer, packet->ipHeaderSize + packet->transportHeaderSize, 0, NULL ); 

    // 
    // Note that the clone will inherit the original net buffer list's offset. 
    // 
    status = FwpsAllocateCloneNetBufferList0( packet->netBufferList, NULL, NULL, 0, &clonedNetBufferList ); 

    // 
    // Undo the adjustment on the original net buffer list. 
    // 
    NdisAdvanceNetBufferDataStart( netBuffer, packet->ipHeaderSize + packet->transportHeaderSize, FALSE, NULL ); 
    if (!NT_SUCCESS(status)) 
    { goto Exit; } 

    status = FwpsInjectTransportReceiveAsync0( 
    gInjectionHandle, 
    NULL, 
    NULL, 
    0, 
    packet->belongingFlow->addressFamily, 
    packet->compartmentId, 
    packet->interfaceIndex, 
    packet->subInterfaceIndex, 
    clonedNetBufferList, 
    DDProxyInjectComplete, 
    packet
    ); 

    not calling FwpsConstructIpHeaderForTransportPacket0 as the packet is not modified. 

    Even in the event viewer no packet drop log after enabling the policy through auditpol.exe. 

    want to know why it is timing out only on domain controller and not elsewhere.


    • Edited by W8Lover Sunday, August 11, 2013 11:23 AM formatting
    Sunday, August 11, 2013 10:04 AM