locked
Win7 vs Win8 FWPS_LAYER_ALE_CONNECT_REDIRECT_V4 redirection RRS feed

  • Question

  • Hi,

    I managed to get connection redirected on Win7 using FWPS_LAYER_ALE_CONNECT_REDIRECT_V4 into my transparent proxy, now I was wondering is the mechanism to query the socket at the proxy level to get the original IP/Port on Win8 is relevant to Win7, or on Win7 I need to manage a table to tuples and let proxy query the driver to get the original destination address.

    Thanks,

    Barak

    Sunday, August 26, 2012 7:05 PM

Answers

  • If you are referring to the redirect records, those are available only in Win8+.

       These are only available on Win8+ at this time:
          FwpsQueryConnectionRedirectState
          SIO_WFP_QUERY_CONNECTION_REDIRECT_CONTEXT
          SIO_WFP_QUERY_CONNECTION_REDIRECT_RECORDS
          SIO_WFP_SET_CONNECTION_REDIRECT_RECORDS
          FwpsQueryConnectionSioFormatRedirectRecords

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Sunday, August 26, 2012 8:03 PM
    Moderator

All replies

  • If you are referring to the redirect records, those are available only in Win8+.

       These are only available on Win8+ at this time:
          FwpsQueryConnectionRedirectState
          SIO_WFP_QUERY_CONNECTION_REDIRECT_CONTEXT
          SIO_WFP_QUERY_CONNECTION_REDIRECT_RECORDS
          SIO_WFP_SET_CONNECTION_REDIRECT_RECORDS
          FwpsQueryConnectionSioFormatRedirectRecords

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Sunday, August 26, 2012 8:03 PM
    Moderator
  • Hi,

    So for Win7, how can I get the source address/port after the redirection has been made inside the WFP so I can create the lookup method from the proxy, that is if I'm not planning on setting the source address/port myself during the redirection stage.

    Thanks,

    Barak

    Sunday, August 26, 2012 10:04 PM
  • You would need to walk the FWPS_CONNNECT_REQUEST0 structure.
    http://msdn.microsoft.com/en-us/library/windows/hardware/ff551231(v=vs.85).aspx

    This structure acts as a linked list that contains a record of all the changes made by other callout    drivers. There is previous version information if the      previousVersion member is not NULL. To examine the complete version history, the callout driver    must continue to examine the      previousVersion member of each structure in the list until it is set to NULL.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Monday, August 27, 2012 6:24 PM
    Moderator