locked
Relationship of endpointHandle and FwpsInjectTransportSendAsync0? RRS feed

  • Question

  • Hi,

    I read but could not understand  what is use of endpointHandle n FwpsInjectTransportSendAsync0?
    Could you please help to understand it?

    Regards,
    Anand Choubey
    Thursday, September 3, 2009 7:40 PM

Answers

  • Yes. You can use a similiar transport recv-inject technique shown in the WDK "inspect" sample to inject the restored packet back -- since the original packet had been ipsec verified, the recv-inject routine will skip the verification when the re-injected clone passes thru the ipsec driver.

    Thanks,
    biao.W.

    Saturday, September 5, 2009 1:44 AM

All replies

  • endpointHandle represents the socket from which the packet was intercepted. When FwpsInjectTransportSendAsync0 is called WFP will need to know which socket the packet is being injecting to such that it can retrieve the correct context such as socket options and etc.

    Thanks,
    Biao.W.
    Friday, September 4, 2009 7:06 AM
  • Hi,

    Thanks for reply.

    If I send out random TCP packet which is having correct sourec correct IP but some new Dest IP which is not in socket 5 tuples.  Will FwpsInjectTransportSendAsync0 be able to send random packet in IPSec and Non IPSec environment?

    Could you please forward me link which more takes about endpointHandle?

    Regards,
    Anand Choubey
    Friday, September 4, 2009 8:25 AM
  • Yes send should work.

    However response will be discarded ty TCP (since it didn't know about the new remote address). And you will need to retrieve the packet back from INBOUND_TRANSPORT_DISCARD layers, modify the remote address back, and recv-inject it so that TCP can take it.

    Thanks,
    Biao.W.
    Friday, September 4, 2009 7:11 PM
  • Thanks again your valuable reply.

    If Random packet(Correct Source IP but new random dest IP, new sequence number) is sent inplace of origin packet with original endpointHandle then Will IPSec policy and other callout be able to work properly on new packet?

    Regards,
    Anand Choubey
    Friday, September 4, 2009 7:34 PM
  • yes it should as the ipsec context is maintained by the endpointHandle.
    Friday, September 4, 2009 8:16 PM
  • Thanks again.

    It is my last question.
    whatever response packets are received in NBOUND_TRANSPORT_DISCARD layers. Is it after ipsec processing?

    Regards,
    Anand Choubey
    Friday, September 4, 2009 8:52 PM
  • Yes. You can use a similiar transport recv-inject technique shown in the WDK "inspect" sample to inject the restored packet back -- since the original packet had been ipsec verified, the recv-inject routine will skip the verification when the re-injected clone passes thru the ipsec driver.

    Thanks,
    biao.W.

    Saturday, September 5, 2009 1:44 AM