multiple Callouts on FWPM_LAYER_STREAM_V4 RRS feed

  • Question

  • Hi,

    I have a WDK Sample stmedit  driver and own Sample driver,my Driver have a Callout on FWPM_LAYER_STREAM_V4 and the Callout just return FWP_ACTION_CONTINUE.

    These Callouts on different SubLayer(stmedit  SubLayer weight higher)and filter the local port 5001.Socket send "Today is a rainy day!"

    Question1:When stmedit replace "Today" to "sunny",my Callout receive "sunny is a rainy day!",When stmedit replace "rainy" to "sunny",my Callout receive "Today is a rainy day!".Why?


    "6.The callout returns FWP_ACTION_BLOCK with countBytesEnforced set to m." in Stream Inspection:http://msdn.microsoft.com/en-us/library/ff570891(VS.85).aspx.

    Why step 6 return FWP_ACTION_BLOCK?not FWP_ACTION_PERMIT?


    Thursday, July 7, 2011 4:55 AM