locked
FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX - exposed at which layer? RRS feed

  • Question

  • I am looking to track the interface being used in my driver and could not find where this is more fully documented.  Any help would be greatly appreciated.

    Thanks,
    Rob Rightmyer
    Monday, July 20, 2009 7:24 PM

Answers

  • ALE layers have INTERFACE_INDEX and/or INTERFACE LUID (e.g. FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_INTERFACE_INDEX / FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_INTERFACE). STREAM layers don't have these fields but they can be captured from FLOW_ESTABLISHED layer and flow to STREAM layer using a driver- defined flow context (see FwpsFlowAssociateContext0).

    Also there are iphlpapi functions that converts Interface LUID to Index and wise versa.

    Hope this helps,
    Biao.W.

    Wednesday, July 29, 2009 6:29 AM

All replies

  • Was this just a crazy question?  I realize this forum doesn't have the turn around time of OSR's, but I thought since this field is documented it must be exposed somewhere.

    Thanks for any help, even to the this is just a crazy question part.

    Tuesday, July 21, 2009 4:01 PM
  • You can use  sourceInterfaceIndex parameter in the FWPS_INCOMING_METADATA_VALUES0 to get the source interface;

    Use the macro FWPS_IS_METADATA_FIELD_PRESENT() to determine if the metadata is available at that particular layer.

    -Jaydeep.
    Tuesday, July 21, 2009 5:40 PM
  • Thanks for the reply - so are you saying this is not documented somewhere?

    And to use, I must filter every layer and look for where it is available? 

    I have stream and ale currently and niether seem to have this field.

    I was presuming somewhere there should be a big table other than the one I saw which does include the FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX field.

    Thanks again for any help.

    Tuesday, July 21, 2009 6:13 PM
  • ALE layers have INTERFACE_INDEX and/or INTERFACE LUID (e.g. FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_INTERFACE_INDEX / FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_INTERFACE). STREAM layers don't have these fields but they can be captured from FLOW_ESTABLISHED layer and flow to STREAM layer using a driver- defined flow context (see FwpsFlowAssociateContext0).

    Also there are iphlpapi functions that converts Interface LUID to Index and wise versa.

    Hope this helps,
    Biao.W.

    Wednesday, July 29, 2009 6:29 AM