locked
Filter missing inbound packets on Win 8.1 RRS feed

  • Question

  • I have a WFP filter that is used to implement a local subnet p2p protocol.  On my Windows 7 x64 machines, it works flawlessly.  However, I recently compiled it on a Win 8.1 x64 system and it's not performing the way it should.  The code is exactly the same so the only thing I can think is there is some architectural change I am not aware of between 7 and 8.1 that is preventing the filtering of these special inbound UDP packets.

    Essentially, the filter will send a targeted broadcast packet using FwpsInjectNetworkSendAsync and then process any responses it receives.  The issue is all of the received responses get missed by the filter.  The outbound packet gets sent fine and the other hosts are responding normally.  I know this because I can clearly see the network traffic in Wireshark running on the same system.  Here are the layers at which I am filtering at:

    FWPM_LAYER_ALE_AUTH_CONNECT_V4
    FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
    FWPM_LAYER_ALE_AUTH_LISTEN_V4
    FWPM_LAYER_OUTBOUND_IPPACKET_V4
    FWPM_LAYER_INBOUND_IPPACKET_V4
    FWPM_LAYER_ALE_AUTH_CONNECT_V6
    FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6
    FWPM_LAYER_OUTBOUND_IPPACKET_V6
    FWPM_LAYER_INBOUND_IPPACKET_V6
    FWPM_LAYER_ALE_AUTH_LISTEN_V6
    FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V4
    FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V6

    In my debug output the only indications of my packets are the outbound ones that I send.  Nothing on the ALE_AUTH or INBOUND_IP show any hints that the filter is getting called when the responses arrive.  What could possible be the issue with Win 8.1 that is causing this problem?  Thanks.

    Thursday, August 27, 2015 11:59 AM