locked
WFP FwpsFlowAssociateContext0 uesd fail RRS feed

  • Question

  • hi,every body:

     i used WFP FwpsFlowAssociateContext0 failed with win 7.it return error code is -107341811(bad param).

    this is my code and the windbg display runtime value is available,pleasa tell me why this API is FAIL.

    the windbg display the API param.

     

    MY CODE:

     if (FWPS_IS_METADATA_FIELD_PRESENT(inMetaValues, FWPS_METADATA_FIELD_FLOW_HANDLE))

      {

      flowHandle = inMetaValues->flowHandle;

      }

        // Get the flow handle

     

     

      if (FWPS_IS_METADATA_FIELD_PRESENT(inMetaValues, FWPS_METADATA_FIELD_PROCESS_ID))//检测是否接受PID信息

       {

           processId = inMetaValues->processId;

       }

     context =(PFLOW_CONTEXT)ExAllocatePoolWithTag( NonPagedPool, sizeof(FLOW_CONTEXT), TAG_NAME_CALLOUT);

     

      if (context == NULL) {

      classifyOut->actionType = FWP_ACTION_CONTINUE;//如果条件为真则启动

             goto cleanup;

      }

      else

      {

      context->flowHandle = inMetaValues->flowHandle;

      context->processId=processId;

      status = FwpsFlowAssociateContext0(context->flowHandle,FWPS_LAYER_INBOUND_TRANSPORT_V4,YgTcpCallinId, (UINT64)context);

      if(status==STATUS_OBJECT_NAME_EXISTS)

      {

      classifyOut->actionType = FWP_ACTION_CONTINUE;

             goto cleanup;

     

      }

      if (status != STATUS_SUCCESS)

          {

             classifyOut->actionType = FWP_ACTION_CONTINUE;

             goto cleanup;

          }

      }

    • Moved by Sheng Jiang 蒋晟 Wednesday, September 7, 2011 12:48 AM Windows Filtering Platform (From:一般性问题讨论区)
    Tuesday, September 6, 2011 2:06 AM

All replies

  • Hi,

    Couple of questions:

    1. is YgTcpCallinId the id for your callout at FWPS_LAYER_INBOUND_TRANSPORT_V4 layer?
    2. Have you registered flowDeleteFn http://msdn.microsoft.com/en-us/library/ff550025(v=vs.85).aspx function for that callout?

    -- Antti

    Wednesday, September 7, 2011 10:22 AM
  • Thanks for you reply.

    yes I forget the flowDeleteFn.

    thanks again.

    Wednesday, September 21, 2011 2:26 AM
  • Hi Antti Järvinen
    I have another qustion.

    I want to associate data from FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 to FWPM_LAYER_INBOUND_TRANSPORT_V4.

    In win 7 is useful.

    But in the vista if I set the flag  FWP_CALLOUT_FLAG_CONDITIONAL_ON_FLOW to the FWPM_LAYER_INBOUND_TRANSPORT_V4 layer callout.The callout will not be invoke.

    But in the FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 callout's ClassifyFn the FwpsFlowAssociateContext0 is return sucessful,and in Win 7 the same code can use ok,the callout could be invoke.

    In the windbg everting is ok,so  I don't know why was that happen.

    Is there some different form win 7 and vista?

    Wednesday, September 21, 2011 2:59 AM
  • But in the vista if I set the flag  FWP_CALLOUT_FLAG_CONDITIONAL_ON_FLOW to the FWPM_LAYER_INBOUND_TRANSPORT_V4 layer callout.The callout will not be invoke.

    Is there some different form win 7 and vista?

    I think flow ID is available on TRANSPORT layers starting from Windows 7. See http://www.microsoft.com/download/en/details.aspx?id=20431 chapter 3.

    -- Antti

    Wednesday, September 21, 2011 5:08 AM
  • Thank you very much ,I will see that.
    Wednesday, September 21, 2011 7:06 AM
  • Thanks for you reply,Antti.

    I see the chapter,but in vista how can I get the flow ID.

    Wednesday, September 21, 2011 9:20 AM
  • I see the chapter,but in vista how can I get the flow ID.


    I think that flow ID is not available on TRANSPROT layer at Vista. I haven't used WFP on Vista, so I'm not really able to help.

    -- Antti

    Thursday, September 22, 2011 6:13 AM