locked
FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 ignores FWP_ACTION_BLOCK RRS feed

  • Question

  • I try to redirect or block connection by callout at FWPM_LAYER_ALE_CONNECT_REDIRECT_V4. Redirection works fine, but blocking action is ignored.
    I check is (classifyOut->rights & FWPS_RIGHT_ACTION_WRITE) != 0. That is true and I can changed action, but this action is ignored.

    As a result I use a complex scheme. I remember action at FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 and then apply it at
    FWPM_LAYER_ALE_AUTH_CONNECT_V4 for blocking.

    I believe it would be great to reset FWPS_RIGHT_ACTION_WRITE flag for layer ignoring action's changing.

    Friday, October 21, 2011 11:07 AM

Answers

  • The redirect layers aren't a blocking layer.  they are there to allow you to change the intended traffic flow before the traffic flow is established.

    Why do you need more filters @ AUTH_CONNECT?  once you redirect, the entire socket (BIND_REDIRECT) or TCB (CONNECT_REDIRECT) is modified, and all subsequent packets will use the new redirected information.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Friday, October 21, 2011 11:47 PM
    Moderator

All replies

  • The redirect layers aren't a blocking layer.  they are there to allow you to change the intended traffic flow before the traffic flow is established.

    Why do you need more filters @ AUTH_CONNECT?  once you redirect, the entire socket (BIND_REDIRECT) or TCB (CONNECT_REDIRECT) is modified, and all subsequent packets will use the new redirected information.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Friday, October 21, 2011 11:47 PM
    Moderator
  • The redirect layers aren't a blocking layer

     

    It was not hard to make sure. But I think the FWPS_RIGHT_ACTION_WRITE  flag must be reset for such layers.

    Monday, October 24, 2011 7:02 AM