locked
understanding ddproxy example problem RRS feed

  • Question

  • i want to modify all network data at transport layer ..

    to do this i start with ddproxy example and face a problem in understanding the function

     

    NTSTATUS
    DDProxyRegisterFlowEstablishedCallouts(
       IN const GUID* layerKey,
       IN const GUID* calloutKey,
       IN void* deviceObject,
       OUT UINT32* calloutId
       )

    the problem is

    what is happened in that function ?  that it declares 2 Callouts  variables (sCallout and mCallout)

    where it register the first and add the second to filter engine??

    thx alot

    Friday, September 24, 2010 10:24 PM

Answers

  • This function is registering the callout functions that will be used with BFE ( FwpsCalloutRegister0 using the FWPS_CALLOUT0 structure.  This tells BFE which Functions to invoke if the classify is supposed to invoke a callout etc)

    The function then adds the callout (FwpmCalloutAdd0 using the FWPM_CALLOUT0 structure.  This makes the callout available to the FWPM_FILTERS).

    Finally it adds 2 filters that reference the callout that was added.

    I suggest further reading http://msdn.microsoft.com/en-us/library/ff543875(v=VS.85).aspx.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Saturday, September 25, 2010 10:09 PM
    Moderator

All replies

  • may be it register and then add 2 callouts.... it is formal code
    Saturday, September 25, 2010 7:58 AM
  • any help please......................................................
    Saturday, September 25, 2010 7:21 PM
  • This function is registering the callout functions that will be used with BFE ( FwpsCalloutRegister0 using the FWPS_CALLOUT0 structure.  This tells BFE which Functions to invoke if the classify is supposed to invoke a callout etc)

    The function then adds the callout (FwpmCalloutAdd0 using the FWPM_CALLOUT0 structure.  This makes the callout available to the FWPM_FILTERS).

    Finally it adds 2 filters that reference the callout that was added.

    I suggest further reading http://msdn.microsoft.com/en-us/library/ff543875(v=VS.85).aspx.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Saturday, September 25, 2010 10:09 PM
    Moderator