locked
What is difference between FWPS_LAYER_STREAM_V4 and FWPS_LAYER_STREAM_PACKET_V4 layer? RRS feed

  • Question

  • What is difference between FWPS_LAYER_STREAM_V4 and FWPS_LAYER_STREAM_PACKET_V4 layer?

    I run Internet explorer application in windows 8.1.
    I printed  callout functions of their layers in windbg.
    Sometimes, in case of outbound, two FWPS_LAYER_STREAM_V4 per a FWPS_LAYER_STREAM_PACKET_V4 were printed.
    FWPS_LAYER_STREAM_PACKET_V4 corresponded one-to-on to FWPM_LAYER_OUTBOUND_IPPACKET_V4 and FWPM_LAYER_OUTBOUND_TRANSPORT_V4 with IP and Port.

    Could I regard FWPS_LAYER_STREAM_PACKET_V4 as a segment that would be a packet having ethernet frame
    Wednesday, July 16, 2014 1:54 PM

All replies

  • BOth are bi-directional.

    STREAM_PACKET is a packetized layer.  This is essentially the TCP equivalent of the DATAGRAM_DATA layer.  Any data manipulation here means you must update the ACK and SEQ #'s appropriately and keep track of the changes for all subsequent packets.

    STREAM deals in TCP data only (no headers).  This is the best place to sit if you are manipulating the TCP payload, as the TCP state machine has already validated the ACK / SEQ #'s for inbound, and will auto-generate the #'s for outbound.

    As you observed, the Transport layers will have matching indications for STREAM_PACKET, whereas STREAM may have more or less indications, depending on the stack's processing of the data.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Wednesday, July 16, 2014 11:53 PM
    Moderator
  • I printed packet direction of FWPS_LAYER_STREAM_V4 and FWPS_LAYER_STREAM_PACKET_V4 layers by two methods as followings:

    1. using FWPS_INCOMING_METADATA_VALUES like inMetaValues->packetDirection

    2. using FWPS_INCOMING_VALUES like (FWP_DIRECTION)inFixedValues->incomingValue[FWPS_FIELD_STREAM_PACKET_V4_DIRECTION].value.uint32

    In FWPS_LAYER_STREAM_V4 layer, values of 1 and 2 are same.
    However, In FWPS_LAYER_STREAM_PACKET_V4 layer, values of 1 and 2 are different.

    Why is it? Which value Should I have to trust?
    Friday, July 18, 2014 5:23 AM