locked
Crash sometime when trying inject UDP packet RRS feed

  • Question

  • My callout work on FWPS_LAYER_ALE_AUTH_CONNECT_V4 layer. For UDP protocol, it will do following:

    1. Make a clone of NBL from "layerData"

    2. Pending operation with FwpsPendOperation0(), send request to user-land.

    3. User-land permit the request, my callout call FwpsCompleteOperation0() with the cloned NBL.

    4. My callout then call FwpsInjectTransportSendAsync0() to inject the cloned NBL.

    It works fine normally and injected successfully, but sometimes it will crash inside WFP. Here is register and stack.

     

    Code Snippet

    eax=8d9c75b8 ebx=00000000 ecx=00000000 edx=8d9c75b8 esi=9f0edca0 edi=8d9c7878
    eip=81a0ffe9 esp=8d9c74e4 ebp=8d9c75dc iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x19:
    81a0ffe9 8711            xchg    edx,dword ptr [ecx]  ds:0023:00000000=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 81a0ffe9 to 81a99d84

    STACK_TEXT: 
    8d9c7470 81a0ffe9 badb0d00 8d9c75b8 82a6f618 nt!KiTrap0E+0x2ac
    8d9c74e0 82a6f675 00000000 8d9c7878 00000000 hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x19
    8d9c75dc 82a80640 00000000 8d9c0002 00000011 tcpip!WfpAleAuthorizeSend+0x23d
    8d9c7638 82a7ec3d 872bfbd0 8d9c0002 00000011 tcpip!WfpAleConnectAcceptIndicate+0x56
    8d9c76a8 82a6e107 8d9c78b8 00000011 8d9c0002 tcpip!ProcessALEForTransportPacket+0xf3
    8d9c772c 82a6dc4f 8d9c78b8 00000011 8d9c0002 tcpip!ProcessAleForNonTcpOut+0x5c
    8d9c787c 82a6cd14 00000011 00000000 00004400 tcpip!WfpProcessOutTransportStackIndication+0x200
    8d9c7900 82a6cb68 00000000 86b731f0 8d9c7a64 tcpip!IppInspectLocalDatagramsOut+0xbf
    8d9c7aa4 82aa3f4b 00000000 00000004 82ad0c68 tcpip!IppSendDatagramsCommon+0x522
    8d9c7b3c 82af7437 00000000 00000004 c12b9120 tcpip!IppInspectInjectTlSend+0xd7
    8d9c7b9c 97dc843a 00000000 81010758 00000291 fwpkclnt!FwpsInjectTransportSendAsync0+0x26a
    8d9c7bf4 97dcbfed 86c89508 8d9c7c2c 97dcc10c eeyetv!Firewall_ProcessDecision+0x174 [c:\ss\products\blink\_mainline\source\engine\eeyetv\firewall.c @ 303]
    8d9c7c00 97dcc10c 80002009 86c89508 00000028 eeyetv!W32API_IoCtrl_ServiceReply+0x35 [c:\ss\products\blink\_mainline\source\engine\eeyetv\w32api.c @ 356]
    8d9c7c2c 81afb053 80002009 00000000 c4ed0bb0 eeyetv!W32API_Dispatch+0x10e [c:\ss\products\blink\_mainline\source\engine\eeyetv\w32api.c @ 448]
    8d9c7c44 81c8b515 9cb70728 c4ed0bb0 c4ed0c20 nt!IofCallDriver+0x63
    8d9c7c64 81c8bcba 9cbd72d8 9cb70728 00000000 nt!IopSynchronousServiceTail+0x1d9

     

     

    It's Vista SP1. 6001.18000.x86fre.longhorn_rtm.080118-1840

    Time stamp of tcpip.sys is 47919120 Fri Jan 18 21:56:48 2008

     

    I've double checked parameters sent to FwpsInjectTransportSendAsync0, they are all seems good, My cloned NBL to be injected is also valid. And there are no spin-lock hold when call this function.

     

    Can you please check the crash position and tell me what I've done incorrectly?

     

    Please let me know if you need the crash dump file (it's about 320M)

    Monday, March 3, 2008 8:20 PM

Answers

All replies

  • Yes please share out the memory.dmp.

     

    Biao.W.

    Tuesday, March 4, 2008 2:14 AM
  • Hi Martin,

     

    Please send a mail to wfp@microsoft.com to share out the download link of your crash dump file. We will take a look.

     

    Thanks,

    Charlie

     

    Tuesday, March 4, 2008 6:38 AM
  • A followup on this issue. Please refer to

     

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1690592&SiteID=1

     

    about best practise of pend-complete at ALE_CONNECT layer. It's recommended to permit/block or reinject on the FwpsCompleteOperation0-triggered re-auth (identified by CONDITION_FLAG_IS_REAUTHORIZE flag).

     

    Thanks,

    Charlie

    Friday, March 7, 2008 10:23 PM
  • Hello  Martin Kin,

     

    How did you resolve the problem?

     

    Thanks

    Tuesday, January 13, 2009 4:35 AM
  • Hi,
    I am kind of getting a similar problem:

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 00000000, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, bitfield :
     bit 0 : value 0 = read operation, 1 = write operation
     bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: 81615fe9, address which referenced memory

    Debugging Details:
    ------------------

    Loading symbols for 8a42b000     mssmbios.sys ->   mssmbios.sys

    WRITE_ADDRESS:  00000000

    CURRENT_IRQL:  2

    FAULTING_IP:
    hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+19
    81615fe9 8711            xchg    edx,dword ptr [ecx]

    DEFAULT_BUCKET_ID:  CODE_CORRUPTION

    BUGCHECK_STR:  0xA

    PROCESS_NAME:  System

    TRAP_FRAME:  863ec5cc -- (.trap 0xffffffff863ec5cc)
    ErrCode = 00000002
    eax=863ec714 ebx=00000000 ecx=00000000 edx=863ec714 esi=839962d8 edi=863ec9d4
    eip=81615fe9 esp=863ec640 ebp=863ec738 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x19:
    81615fe9 8711            xchg    edx,dword ptr [ecx]  ds:0023:00000000=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from 81712c83 to 816f0a98

    STACK_TEXT: 
    863ec18c 81712c83 00000003 e1a8192b 00000000 nt!RtlpBreakWithStatusInstruction
    863ec1dc 81713769 00000003 00000000 81615fe9 nt!KiBugCheckDebugBreak+0x1c
    863ec5ac 81692fb9 0000000a 00000000 00000002 nt!KeBugCheck2+0x66d
    863ec5ac 81615fe9 0000000a 00000000 00000002 nt!KiTrap0E+0x2e1
    863ec63c 8565c2d1 00000000 863ec9d4 00000000 hal!KeAcquireInStackQueuedSpinLockRaiseToSynch+0x19
    863ec738 85681039 00000000 863e0002 00000011 tcpip!WfpAleAuthorizeSend+0x23d
    863ec794 856804c5 84114b38 863e0002 00000011 tcpip!WfpAleConnectAcceptIndicate+0x56
    863ec804 8565fabb 863eca14 00000011 863e0002 tcpip!ProcessALEForTransportPacket+0xf3
    863ec888 8566c8de 863eca14 00000011 863e0002 tcpip!ProcessAleForNonTcpOut+0x5c
    863ec9d8 8566ba04 00000011 00000000 0000a7e6 tcpip!WfpProcessOutTransportStackIndication+0x200
    863eca5c 8566d4aa 00000000 837c1094 863ecbc0 tcpip!IppInspectLocalDatagramsOut+0xbf
    863ecc00 856a6475 00000000 84160004 856d2c90 tcpip!IppSendDatagramsCommon+0x522
    863ecc98 856f9460 00000000 84160004 84252018 tcpip!IppInspectInjectTlSend+0xd7
    863eccf8 85711469 00000000 8418e9d8 0000000b fwpkclnt!FwpsInjectTransportSendAsync0+0x277
    863ecd48 857110f2 837cb878 84165c30 00000000 thor3!reinject_item_nbl+0x1c9 
    863ecd7c 8181ac42 837cb878 e1a81537 00000000 thor3!sockop_thread_loop+0xf2
    863ecdc0 81683efe 85711000 837cb878 00000000 nt!PspSystemThreadStartup+0x9d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


    STACK_COMMAND:  kb

    CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
        81657982-81657989  8 bytes - nt!IoAttachDeviceToDeviceStackSafe
     [ 8b ff 55 8b ec ff 75 10:ea f8 83 85 83 08 00 90 ]
        816913b0-816913b1  2 bytes - nt!KiTrap06 (+0x39a2e)
     [ f6 44:e9 cb ]
        816913b3-816913b4  2 bytes - nt!KiTrap06+3 (+0x03)
     [ 0a 02:3c 0b ]
        81692cd8-81692cde  7 bytes - nt!KiTrap0E (+0x1925)
     [ 66 c7 44 24 02 00 00:e9 b3 08 3c 0b 90 90 ]
        816f185c-816f185f  4 bytes - nt!KiServiceTable+30 (+0x5eb84)
     [ 6f 52 83 81:10 f6 a2 8c ]
        816f1874-816f1877  4 bytes - nt!KiServiceTable+48 (+0x18)
     [ 19 cf 88 81:00 7f a3 8c ]
        816f18ec-816f18ef  4 bytes - nt!KiServiceTable+c0 (+0x78)
     [ 2f f7 87 81:f0 99 a2 8c ]
        816f191c-816f191f  4 bytes - nt!KiServiceTable+f0 (+0x30)
     [ 59 6d 88 81:f0 7f a3 8c ]
        816f192c-816f192f  4 bytes - nt!KiServiceTable+100 (+0x10)
     [ 5d 3d 83 81:60 81 a3 8c ]
        816f194c-816f1953  8 bytes - nt!KiServiceTable+120 (+0x20)
     [ 4b 67 8d 81 96 67 8d 81:00 81 a3 8c 30 81 a3 8c ]
        816f1958-816f195b  4 bytes - nt!KiServiceTable+12c (+0x0c)
     [ 03 68 87 81:80 74 a2 8c ]
        816f1964-816f1967  4 bytes - nt!KiServiceTable+138 (+0x0c)
     [ 80 65 8d 81:60 80 a3 8c ]
        816f1a14-816f1a1b  8 bytes - nt!KiServiceTable+1e8 (+0xb0)
     [ 5e 5c 7b 81 d3 76 7f 81:60 a7 a2 8c 20 d6 a2 8c ]
        816f1a24-816f1a2b  8 bytes - nt!KiServiceTable+1f8 (+0x10)
     [ 74 2c 7f 81 e6 ce 88 81:00 d7 a2 8c 40 b0 a2 8c ]
        816f1a64-816f1a67  4 bytes - nt!KiServiceTable+238 (+0x40)
     [ 27 94 7c 81:10 dc a2 8c ]
        816f1a78-816f1a7b  4 bytes - nt!KiServiceTable+24c (+0x14)
     [ 3f 9f 6c 81:10 90 a5 8c ]
        816f1ac0-816f1ac3  4 bytes - nt!KiServiceTable+294 (+0x48)
     [ f0 0d 7b 81:e0 81 a3 8c ]
        816f1af0-816f1af3  4 bytes - nt!KiServiceTable+2c4 (+0x30)
     [ 46 54 85 81:80 7f a3 8c ]
        816f1b14-816f1b17  4 bytes - nt!KiServiceTable+2e8 (+0x24)
     [ 99 af 84 81:c0 7f a3 8c ]
        816f1b20-816f1b23  4 bytes - nt!KiServiceTable+2f4 (+0x0c)
     [ 43 d2 84 81:a0 81 a3 8c ]
        816f1b34-816f1b37  4 bytes - nt!KiServiceTable+308 (+0x14)
     [ 48 5b 86 81:20 80 a3 8c ]
        816f1b40-816f1b43  4 bytes - nt!KiServiceTable+314 (+0x0c)
     [ 19 62 85 81:40 fc a2 8c ]
        816f1b50-816f1b53  4 bytes - nt!KiServiceTable+324 (+0x10)
     [ 9a 10 86 81:b0 16 a3 8c ]
        816f1b74-816f1b77  4 bytes - nt!KiServiceTable+348 (+0x24)
     [ 7d ee 85 81:40 7f a3 8c ]
        816f1bf8-816f1bfb  4 bytes - nt!KiServiceTable+3cc (+0x84)
     [ 9a 99 81 81:e8 a2 86 83 ]
        816f1c0c-816f1c0f  4 bytes - nt!KiServiceTable+3e0 (+0x14)
     [ 97 9c 87 81:50 f1 a2 8c ]
        816f1c5c-816f1c5f  4 bytes - nt!KiServiceTable+430 (+0x50)
     [ b6 89 89 81:00 db a2 8c ]
        816f1c7c-816f1c7f  4 bytes - nt!KiServiceTable+450 (+0x20)
     [ ae 89 88 81:20 c3 a2 8c ]
        816f1c8c-816f1c8f  4 bytes - nt!KiServiceTable+460 (+0x10)
     [ b2 77 89 81:f0 d9 a2 8c ]
        816f1ce0-816f1ce3  4 bytes - nt!KiServiceTable+4b4 (+0x54)
     [ b5 ea 83 81:50 9e a2 8c ]
        816f1ce8-816f1ceb  4 bytes - nt!KiServiceTable+4bc (+0x08)
     [ 55 85 89 81:30 d9 a2 8c ]
        816f1cf0-816f1cf7  8 bytes - nt!KiServiceTable+4c4 (+0x08)
     [ 74 94 85 81 c5 de 83 81:50 82 a3 8c 00 25 a3 8c ]
        816f1d20-816f1d23  4 bytes - nt!KiServiceTable+4f4 (+0x30)
     [ 16 bb 82 81:10 82 a3 8c ]
        816f1d3c-816f1d3f  4 bytes - nt!KiServiceTable+510 (+0x1c)
     [ 22 30 82 81:e0 d7 a2 8c ]
        816f1d44-816f1d47  4 bytes - nt!KiServiceTable+518 (+0x08)
     [ a5 7a 8f 81:40 ee a2 8c ]
        816f1d84-816f1d87  4 bytes - nt!KiServiceTable+558 (+0x40)
     [ 4e 42 8b 81:c0 15 a3 8c ]
        816f1db8-816f1dbb  4 bytes - nt!KiServiceTable+58c (+0x34)
     [ 76 7e 85 81:40 9c a2 8c ]
        816f1dc4-816f1dc7  4 bytes - nt!KiServiceTable+598 (+0x0c)
     [ d9 24 85 81:30 91 a5 8c ]
        816f1e24-816f1e2b  8 bytes - nt!KiServiceTable+5f8 (+0x60)
     [ 84 0b 86 81 82 eb 80 81:a0 80 a3 8c d0 80 a3 8c ]
        8181ad81-8181ad88  8 bytes - nt!CcZeroData
     [ 8b ff 55 8b ec 83 e4 f8:ea 98 2b 86 83 08 00 90 ]
        81874590-81874597  8 bytes - nt!ObCreateObject (+0x5980f)
     [ 8b ff 55 8b ec 83 e4 f8:ea 00 1f 86 83 08 00 90 ]
    195 errors : !nt (81657982-81874597)

    MODULE_NAME: memory_corruption

    IMAGE_NAME:  memory_corruption

    FOLLOWUP_NAME:  memory_corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    MEMORY_CORRUPTOR:  LARGE

    FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE

    BUCKET_ID:  MEMORY_CORRUPTION_LARGE


     But I cannot see any details about what could cause this issue, the given followup seems to talk about tcp packet while the issue occurs in udp reinjection at the ALE_CONNECT layer. I must say that my problem happens sometimes after bfe is starting and following some completion errors like 0xc000021b:

    Mon Feb  8 11:41:53.399 2010 (GMT+1): [!] on_bfe_state_change: The service BFE is starting
    Mon Feb  8 11:41:53.399 2010 (GMT+1):
    Mon Feb  8 11:41:53.399 2010 (GMT+1): [>] on_bfe_state_change()
    Mon Feb  8 11:41:53.399 2010 (GMT+1):
    Mon Feb  8 11:41:53.993 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:53.993 2010 (GMT+1):
    Mon Feb  8 11:41:54.008 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 0
    Mon Feb  8 11:41:54.008 2010 (GMT+1):
    Mon Feb  8 11:41:54.024 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 0
    Mon Feb  8 11:41:54.024 2010 (GMT+1):
    Mon Feb  8 11:41:54.040 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:41:54.040 2010 (GMT+1):
    Mon Feb  8 11:41:54.040 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0xe0000016
    Mon Feb  8 11:41:54.040 2010 (GMT+1):
    Mon Feb  8 11:41:54.055 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 4
    Mon Feb  8 11:41:54.055 2010 (GMT+1):
    Mon Feb  8 11:41:54.071 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  OTHER PROTO 2
    Mon Feb  8 11:41:54.071 2010 (GMT+1):
    Mon Feb  8 11:41:54.071 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REAUTHORIZATION
    Mon Feb  8 11:41:54.071 2010 (GMT+1):
    Mon Feb  8 11:41:54.087 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  SKIP FILTERING
    Mon Feb  8 11:41:54.087 2010 (GMT+1):
    Mon Feb  8 11:41:54.102 2010 (GMT+1): [>] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:54.102 2010 (GMT+1):
    Mon Feb  8 11:41:54.243 2010 (GMT+1): [<] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:41:54.243 2010 (GMT+1):
    Mon Feb  8 11:41:54.243 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  BIND EXPLICIT
    Mon Feb  8 11:41:54.243 2010 (GMT+1):
    Mon Feb  8 11:41:54.258 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PID: 1296
    Mon Feb  8 11:41:54.258 2010 (GMT+1):
    Mon Feb  8 11:41:54.274 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PROTO UDP
    Mon Feb  8 11:41:54.274 2010 (GMT+1):
    Mon Feb  8 11:41:54.274 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  LOCAL PORT 5355
    Mon Feb  8 11:41:54.274 2010 (GMT+1):
    Mon Feb  8 11:41:54.290 2010 (GMT+1): [>] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:41:54.290 2010 (GMT+1):
    Mon Feb  8 11:41:54.321 2010 (GMT+1): [<] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:41:54.321 2010 (GMT+1):
    Mon Feb  8 11:41:54.321 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  BIND EXPLICIT
    Mon Feb  8 11:41:54.321 2010 (GMT+1):
    Mon Feb  8 11:41:54.337 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  WILDCARD_BIND
    Mon Feb  8 11:41:54.337 2010 (GMT+1):
    Mon Feb  8 11:41:54.352 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PID: 1296
    Mon Feb  8 11:41:54.352 2010 (GMT+1):
    Mon Feb  8 11:41:54.352 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PROTO UDP
    Mon Feb  8 11:41:54.352 2010 (GMT+1):
    Mon Feb  8 11:41:54.368 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  LOCAL PORT 54750
    Mon Feb  8 11:41:54.368 2010 (GMT+1):
    Mon Feb  8 11:41:54.383 2010 (GMT+1): [>] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:41:54.383 2010 (GMT+1):
    Mon Feb  8 11:41:54.383 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:54.383 2010 (GMT+1):
    Mon Feb  8 11:41:54.399 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 54750
    Mon Feb  8 11:41:54.399 2010 (GMT+1):
    Mon Feb  8 11:41:54.415 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 5355
    Mon Feb  8 11:41:54.415 2010 (GMT+1):
    Mon Feb  8 11:41:54.430 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:41:54.430 2010 (GMT+1):
    Mon Feb  8 11:41:54.430 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0xe00000fc
    Mon Feb  8 11:41:54.430 2010 (GMT+1):
    Mon Feb  8 11:41:54.446 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 1296
    Mon Feb  8 11:41:54.446 2010 (GMT+1):
    Mon Feb  8 11:41:54.462 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PROTO UDP
    Mon Feb  8 11:41:54.462 2010 (GMT+1):
    Mon Feb  8 11:41:54.462 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOOPBACK
    Mon Feb  8 11:41:54.462 2010 (GMT+1):
    Mon Feb  8 11:41:54.477 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  SKIP FILTERING
    Mon Feb  8 11:41:54.477 2010 (GMT+1):
    Mon Feb  8 11:41:54.477 2010 (GMT+1): [>] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:54.477 2010 (GMT+1):
    Mon Feb  8 11:41:54.555 2010 (GMT+1): [<] on_bfe_state_change()
    Mon Feb  8 11:41:54.555 2010 (GMT+1):
    Mon Feb  8 11:41:54.571 2010 (GMT+1): [!] on_bfe_state_change: The service BFE is running
    Mon Feb  8 11:41:54.571 2010 (GMT+1):
    Mon Feb  8 11:41:54.587 2010 (GMT+1): [>] on_bfe_state_change()
    Mon Feb  8 11:41:54.587 2010 (GMT+1): ModLoad: 8cbdd000 8cbf6000   bowser.sys
    ModLoad: 8a5eb000 8a600000   mpsdrv.sys
    ModLoad: 857c3000 857e4000   mrxdav.sys
    ModLoad: 8500f000 8502e000   mrxsmb.sys
    ModLoad: 8502e000 85067000   mrxsmb10.sys
    ModLoad: 85067000 8507f000   mrxsmb20.sys
    ModLoad: 8507f000 850a6000   srv2.sys
    ModLoad: 850a6000 850f2000   srv.sys
    Mon Feb  8 11:41:57.274 2010 (GMT+1): [<] gfe_callout_on_classify_ale_recv_accept_v4()
    Mon Feb  8 11:41:57.274 2010 (GMT+1):
    Mon Feb  8 11:41:57.290 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  LOCAL PORT 137
    Mon Feb  8 11:41:57.290 2010 (GMT+1):
    Mon Feb  8 11:41:57.305 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  REMOTE PORT 137
    Mon Feb  8 11:41:57.305 2010 (GMT+1):
    Mon Feb  8 11:41:57.305 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  LOCAL ADDRESS 0xc0a803ff
    Mon Feb  8 11:41:57.305 2010 (GMT+1):
    Mon Feb  8 11:41:57.321 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  PID: 1092
    Mon Feb  8 11:41:57.321 2010 (GMT+1):
    Mon Feb  8 11:41:57.337 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  PROTO UDP
    Mon Feb  8 11:41:57.337 2010 (GMT+1):
    Mon Feb  8 11:41:57.352 2010 (GMT+1): [<] pend_socket_operation()
    Mon Feb  8 11:41:57.352 2010 (GMT+1):
    Mon Feb  8 11:41:57.352 2010 (GMT+1): [>] pend_socket_operation()
    Mon Feb  8 11:41:57.352 2010 (GMT+1):
    Mon Feb  8 11:41:57.368 2010 (GMT+1): [<] sockop_thread_loop()
    Mon Feb  8 11:41:57.368 2010 (GMT+1):
    Mon Feb  8 11:41:57.383 2010 (GMT+1): [<] reinject_item_nbl()
    Mon Feb  8 11:41:57.383 2010 (GMT+1):
    Mon Feb  8 11:41:57.399 2010 (GMT+1): [?] reinject_item_nbl: direction: INBOUND
    Mon Feb  8 11:41:57.399 2010 (GMT+1):
    Mon Feb  8 11:41:57.399 2010 (GMT+1): [?] reinject_item_nbl: injection handle: 0x837cb858
    Mon Feb  8 11:41:57.399 2010 (GMT+1):
    Mon Feb  8 11:41:57.415 2010 (GMT+1): [?] reinject_item_nbl: family: 0x2
    Mon Feb  8 11:41:57.415 2010 (GMT+1):
    Mon Feb  8 11:41:57.415 2010 (GMT+1): [?] reinject_item_nbl: compartment_id: 0x1
    Mon Feb  8 11:41:57.415 2010 (GMT+1):
    Mon Feb  8 11:41:57.430 2010 (GMT+1): [?] reinject_item_nbl: interface_index: 0x8
    Mon Feb  8 11:41:57.430 2010 (GMT+1):
    Mon Feb  8 11:41:57.446 2010 (GMT+1): [?] reinject_item_nbl: sub_interface_index: 0x0
    Mon Feb  8 11:41:57.446 2010 (GMT+1):
    Mon Feb  8 11:41:57.462 2010 (GMT+1): [?] reinject_item_nbl: cloned_nbl == 0x84252018
    Mon Feb  8 11:41:57.462 2010 (GMT+1):
    Mon Feb  8 11:41:57.462 2010 (GMT+1): [?] gfe_callout_classify_common: REINJECTION
    Mon Feb  8 11:41:57.462 2010 (GMT+1):
    Mon Feb  8 11:41:57.477 2010 (GMT+1): [<] gfe_callout_on_classify_ale_recv_accept_v4()
    Mon Feb  8 11:41:57.477 2010 (GMT+1):
    Mon Feb  8 11:41:57.477 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  LOCAL PORT 137
    Mon Feb  8 11:41:57.477 2010 (GMT+1):
    Mon Feb  8 11:41:57.493 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  REMOTE PORT 137
    Mon Feb  8 11:41:57.493 2010 (GMT+1):
    Mon Feb  8 11:41:57.508 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  LOCAL ADDRESS 0xc0a803ff
    Mon Feb  8 11:41:57.508 2010 (GMT+1):
    Mon Feb  8 11:41:57.508 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  PID: 4
    Mon Feb  8 11:41:57.508 2010 (GMT+1):
    Mon Feb  8 11:41:57.524 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  PROTO UDP
    Mon Feb  8 11:41:57.524 2010 (GMT+1):
    Mon Feb  8 11:41:57.540 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  REINJECTED
    Mon Feb  8 11:41:57.540 2010 (GMT+1):
    Mon Feb  8 11:41:57.540 2010 (GMT+1): [?] gfe_callout_on_classify_ale_recv_accept_v4:  SKIP FILTERING
    Mon Feb  8 11:41:57.540 2010 (GMT+1):
    Mon Feb  8 11:41:57.555 2010 (GMT+1): [>] gfe_callout_on_classify_ale_recv_accept_v4()
    Mon Feb  8 11:41:57.555 2010 (GMT+1):
    Mon Feb  8 11:41:57.571 2010 (GMT+1): [<] on_completion()
    Mon Feb  8 11:41:57.571 2010 (GMT+1):
    Mon Feb  8 11:41:57.571 2010 (GMT+1): [!] on_completion:  Status 0x00000000
    Mon Feb  8 11:41:57.571 2010 (GMT+1):
    Mon Feb  8 11:41:57.587 2010 (GMT+1): [>] on_completion()
    Mon Feb  8 11:41:57.587 2010 (GMT+1):
    Mon Feb  8 11:41:57.602 2010 (GMT+1): [>] sockop_thread_loop()
    Mon Feb  8 11:41:57.602 2010 (GMT+1):
    Mon Feb  8 11:41:58.118 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:58.118 2010 (GMT+1):
    Mon Feb  8 11:41:58.133 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 137
    Mon Feb  8 11:41:58.133 2010 (GMT+1):
    Mon Feb  8 11:41:58.133 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 137
    Mon Feb  8 11:41:58.133 2010 (GMT+1):
    Mon Feb  8 11:41:58.149 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:41:58.149 2010 (GMT+1):
    Mon Feb  8 11:41:58.165 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0xc0a80101
    Mon Feb  8 11:41:58.165 2010 (GMT+1):
    Mon Feb  8 11:41:58.165 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 4
    Mon Feb  8 11:41:58.165 2010 (GMT+1):
    Mon Feb  8 11:41:58.180 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PROTO UDP
    Mon Feb  8 11:41:58.180 2010 (GMT+1):
    Mon Feb  8 11:41:58.196 2010 (GMT+1): [<] pend_socket_operation()
    Mon Feb  8 11:41:58.196 2010 (GMT+1):
    Mon Feb  8 11:41:58.196 2010 (GMT+1): [<] sockop_thread_loop()
    Mon Feb  8 11:41:58.196 2010 (GMT+1):
    Mon Feb  8 11:41:58.212 2010 (GMT+1): [>] sockop_thread_loop()
    Mon Feb  8 11:41:58.212 2010 (GMT+1):
    Mon Feb  8 11:41:58.212 2010 (GMT+1): [>] pend_socket_operation()
    Mon Feb  8 11:41:58.212 2010 (GMT+1):
    Mon Feb  8 11:41:58.227 2010 (GMT+1): [>] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:58.227 2010 (GMT+1):
    Mon Feb  8 11:41:58.243 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:58.243 2010 (GMT+1):
    Mon Feb  8 11:41:58.258 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 137
    Mon Feb  8 11:41:58.258 2010 (GMT+1):
    Mon Feb  8 11:41:58.258 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 137
    Mon Feb  8 11:41:58.258 2010 (GMT+1):
    Mon Feb  8 11:41:58.274 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:41:58.274 2010 (GMT+1):
    Mon Feb  8 11:41:58.290 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0xc0a80101
    Mon Feb  8 11:41:58.290 2010 (GMT+1):
    Mon Feb  8 11:41:58.290 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 4
    Mon Feb  8 11:41:58.290 2010 (GMT+1):
    Mon Feb  8 11:41:58.305 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PROTO UDP
    Mon Feb  8 11:41:58.305 2010 (GMT+1):
    Mon Feb  8 11:41:58.321 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  layer_data null
    Mon Feb  8 11:41:58.321 2010 (GMT+1):
    Mon Feb  8 11:41:58.337 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REAUTHORIZATION
    Mon Feb  8 11:41:58.337 2010 (GMT+1):
    Mon Feb  8 11:41:58.337 2010 (GMT+1): [<] sockop_queue_filter_pended_packet()
    Mon Feb  8 11:41:58.337 2010 (GMT+1):
    Mon Feb  8 11:41:58.352 2010 (GMT+1): [<] sockop_is_matching()
    Mon Feb  8 11:41:58.352 2010 (GMT+1):
    Mon Feb  8 11:41:58.368 2010 (GMT+1): [!] sockop_is_matching: MATCHING 0x00000011 0x00000011 0x6a03a8c0 0x6a03a8c0 0x0101a8c0 0x0101a8c0 0x00008900 0x00008900 0x00008900 0x00008900
    Mon Feb  8 11:41:58.368 2010 (GMT+1):
    Mon Feb  8 11:41:58.368 2010 (GMT+1): [>] sockop_is_matching()
    Mon Feb  8 11:41:58.368 2010 (GMT+1):
    Mon Feb  8 11:41:58.383 2010 (GMT+1): [?] sockop_queue_filter_pended_packet: is_allowed == 1
    Mon Feb  8 11:41:58.383 2010 (GMT+1):
    Mon Feb  8 11:41:58.383 2010 (GMT+1): [<] sockop_thread_loop()
    Mon Feb  8 11:41:58.383 2010 (GMT+1):
    Mon Feb  8 11:41:58.399 2010 (GMT+1): [<] reinject_item_nbl()
    Mon Feb  8 11:41:58.399 2010 (GMT+1):
    Mon Feb  8 11:41:58.415 2010 (GMT+1): [?] reinject_item_nbl: direction: OUTBOUND
    Mon Feb  8 11:41:58.415 2010 (GMT+1):
    Mon Feb  8 11:41:58.415 2010 (GMT+1): [?] reinject_item_nbl: remoteAddress == 0x101a8c0
    Mon Feb  8 11:41:58.415 2010 (GMT+1):
    Mon Feb  8 11:41:58.430 2010 (GMT+1): [?] reinject_item_nbl: injection_handle = 0x837cb858
    Mon Feb  8 11:41:58.430 2010 (GMT+1):
    Mon Feb  8 11:41:58.446 2010 (GMT+1): [?] reinject_item_nbl: endpoint_handle = 0x0000000a
    Mon Feb  8 11:41:58.446 2010 (GMT+1):
    Mon Feb  8 11:41:58.446 2010 (GMT+1): [?] reinject_item_nbl: cloned nbl ==  0x84252018
    Mon Feb  8 11:41:58.446 2010 (GMT+1):
    Mon Feb  8 11:41:58.462 2010 (GMT+1): [?] reinject_item_nbl: control_data ==  0x00000000
    Mon Feb  8 11:41:58.462 2010 (GMT+1):
    Mon Feb  8 11:41:58.477 2010 (GMT+1): [?] reinject_item_nbl: pid ==  4
    Mon Feb  8 11:41:58.477 2010 (GMT+1):
    Mon Feb  8 11:41:58.477 2010 (GMT+1): [?] reinject_item_nbl: local port ==  137
    Mon Feb  8 11:41:58.477 2010 (GMT+1):
    Mon Feb  8 11:41:58.493 2010 (GMT+1): [<] on_completion()
    Mon Feb  8 11:41:58.493 2010 (GMT+1):
    Mon Feb  8 11:41:58.508 2010 (GMT+1): [!] on_completion:  Status 0xc000021b
    Mon Feb  8 11:41:58.508 2010 (GMT+1):
    Mon Feb  8 11:41:58.508 2010 (GMT+1): [>] on_completion()
    Mon Feb  8 11:41:58.508 2010 (GMT+1):
    Mon Feb  8 11:41:58.524 2010 (GMT+1): [>] sockop_thread_loop()
    Mon Feb  8 11:41:58.524 2010 (GMT+1):
    Mon Feb  8 11:41:58.540 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  SKIP FILTERING
    Mon Feb  8 11:41:58.540 2010 (GMT+1):
    Mon Feb  8 11:41:58.555 2010 (GMT+1): [>] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:58.555 2010 (GMT+1):
    Mon Feb  8 11:41:59.602 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:59.602 2010 (GMT+1):
    Mon Feb  8 11:41:59.618 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 137
    Mon Feb  8 11:41:59.618 2010 (GMT+1):
    Mon Feb  8 11:41:59.633 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 137
    Mon Feb  8 11:41:59.633 2010 (GMT+1):
    Mon Feb  8 11:41:59.633 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:41:59.633 2010 (GMT+1):
    Mon Feb  8 11:41:59.649 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0xc0a80101
    Mon Feb  8 11:41:59.649 2010 (GMT+1):
    Mon Feb  8 11:41:59.665 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 1592
    Mon Feb  8 11:41:59.665 2010 (GMT+1):
    Mon Feb  8 11:41:59.665 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PROTO UDP
    Mon Feb  8 11:41:59.665 2010 (GMT+1):
    Mon Feb  8 11:41:59.680 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REAUTHORIZATION
    Mon Feb  8 11:41:59.680 2010 (GMT+1):
    Mon Feb  8 11:41:59.696 2010 (GMT+1): [<] sockop_queue_filter_pended_packet()
    Mon Feb  8 11:41:59.696 2010 (GMT+1):
    Mon Feb  8 11:41:59.696 2010 (GMT+1): [!] sockop_queue_filter_pended_packet: NOT FOUND
    Mon Feb  8 11:41:59.696 2010 (GMT+1):
    Mon Feb  8 11:41:59.712 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  SKIP FILTERING
    Mon Feb  8 11:41:59.712 2010 (GMT+1):
    Mon Feb  8 11:41:59.727 2010 (GMT+1): [>] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:41:59.727 2010 (GMT+1): ModLoad: 91900000 91908000   vga.dll
    Mon Feb  8 11:42:01.899 2010 (GMT+1): [<] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:42:01.899 2010 (GMT+1):
    Mon Feb  8 11:42:01.915 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  BIND EXPLICIT
    Mon Feb  8 11:42:01.915 2010 (GMT+1):
    Mon Feb  8 11:42:01.915 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PID: 4
    Mon Feb  8 11:42:01.915 2010 (GMT+1):
    Mon Feb  8 11:42:01.930 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PROTO TCP
    Mon Feb  8 11:42:01.930 2010 (GMT+1):
    Mon Feb  8 11:42:01.946 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  LOCAL PORT 445
    Mon Feb  8 11:42:01.946 2010 (GMT+1):
    Mon Feb  8 11:42:01.946 2010 (GMT+1): [>] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:42:01.946 2010 (GMT+1): ModLoad: 850f2000 850f9000   parvdm.sys
    ModLoad: 850f9000 85164000   HTTP.sys
    ModLoad: 85164000 85173000   npf.sys
    ModLoad: 91e02000 91eb2000   spsys.sys
    ModLoad: 91eb2000 91f90000   peauth.sys
    ModLoad: 91f90000 91f9a000   secdrv.SYS
    Mon Feb  8 11:42:08.555 2010 (GMT+1): [<] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:42:08.555 2010 (GMT+1):
    Mon Feb  8 11:42:08.571 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  BIND EXPLICIT
    Mon Feb  8 11:42:08.571 2010 (GMT+1):
    Mon Feb  8 11:42:08.571 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  WILDCARD_BIND
    Mon Feb  8 11:42:08.571 2010 (GMT+1):
    Mon Feb  8 11:42:08.602 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PID: 1296
    Mon Feb  8 11:42:08.602 2010 (GMT+1): ModLoad: 91f9a000 91fa6000   tcpipreg.sys
    Mon Feb  8 11:42:08.774 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  PROTO UDP
    Mon Feb  8 11:42:08.774 2010 (GMT+1):
    Mon Feb  8 11:42:08.790 2010 (GMT+1): [!] gfe_callout_on_classify_ale_bind_v4:  LOCAL PORT 59047
    Mon Feb  8 11:42:08.790 2010 (GMT+1):
    Mon Feb  8 11:42:08.790 2010 (GMT+1): [>] gfe_callout_on_classify_ale_bind_v4()
    Mon Feb  8 11:42:08.790 2010 (GMT+1):
    Mon Feb  8 11:42:08.821 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:42:08.821 2010 (GMT+1):
    Mon Feb  8 11:42:08.837 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 59047
    Mon Feb  8 11:42:08.837 2010 (GMT+1):
    Mon Feb  8 11:42:08.852 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 53
    Mon Feb  8 11:42:08.852 2010 (GMT+1):
    Mon Feb  8 11:42:08.868 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:42:08.868 2010 (GMT+1):
    Mon Feb  8 11:42:08.868 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0xc0a80101
    Mon Feb  8 11:42:08.868 2010 (GMT+1):
    Mon Feb  8 11:42:08.884 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 1296
    Mon Feb  8 11:42:08.884 2010 (GMT+1):
    Mon Feb  8 11:42:08.884 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PROTO UDP
    Mon Feb  8 11:42:08.884 2010 (GMT+1):
    Mon Feb  8 11:42:08.915 2010 (GMT+1): [<] pend_socket_operation()
    Mon Feb  8 11:42:08.915 2010 (GMT+1):
    Mon Feb  8 11:42:08.915 2010 (GMT+1): [<] sockop_thread_loop()
    Mon Feb  8 11:42:08.915 2010 (GMT+1):
    Mon Feb  8 11:42:08.930 2010 (GMT+1): [>] sockop_thread_loop()
    Mon Feb  8 11:42:08.930 2010 (GMT+1):
    Mon Feb  8 11:42:08.962 2010 (GMT+1): [>] pend_socket_operation()
    Mon Feb  8 11:42:08.962 2010 (GMT+1):
    Mon Feb  8 11:42:08.962 2010 (GMT+1): [>] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:42:08.962 2010 (GMT+1):
    Mon Feb  8 11:42:08.993 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:42:08.993 2010 (GMT+1):
    Mon Feb  8 11:42:08.993 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 59047
    Mon Feb  8 11:42:08.993 2010 (GMT+1):
    Mon Feb  8 11:42:09.024 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 53
    Mon Feb  8 11:42:09.024 2010 (GMT+1):
    Mon Feb  8 11:42:09.040 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:42:09.040 2010 (GMT+1):
    Mon Feb  8 11:42:09.087 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0x00000000
    Mon Feb  8 11:42:09.087 2010 (GMT+1):
    Mon Feb  8 11:42:09.102 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 1296
    Mon Feb  8 11:42:09.102 2010 (GMT+1):
    Mon Feb  8 11:42:09.118 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PROTO UDP
    Mon Feb  8 11:42:09.118 2010 (GMT+1):
    Mon Feb  8 11:42:09.134 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  layer_data null
    Mon Feb  8 11:42:09.134 2010 (GMT+1):
    Mon Feb  8 11:42:09.149 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REAUTHORIZATION
    Mon Feb  8 11:42:09.149 2010 (GMT+1):
    Mon Feb  8 11:42:09.149 2010 (GMT+1): [<] sockop_queue_filter_pended_packet()
    Mon Feb  8 11:42:09.149 2010 (GMT+1):
    Mon Feb  8 11:42:09.165 2010 (GMT+1): [<] sockop_is_matching()
    Mon Feb  8 11:42:09.165 2010 (GMT+1):
    Mon Feb  8 11:42:09.180 2010 (GMT+1): [!] sockop_is_matching: MATCHING 0x00000011 0x00000011 0x6a03a8c0 0x6a03a8c0 0x0101a8c0 0x00000000 0x0000a7e6 0x0000a7e6 0x00003500 0x00003500
    Mon Feb  8 11:42:09.180 2010 (GMT+1):
    Mon Feb  8 11:42:09.196 2010 (GMT+1): [>] sockop_is_matching()
    Mon Feb  8 11:42:09.196 2010 (GMT+1):
    Mon Feb  8 11:42:09.212 2010 (GMT+1): [?] sockop_queue_filter_pended_packet: is_allowed == 1
    Mon Feb  8 11:42:09.212 2010 (GMT+1):
    Mon Feb  8 11:42:09.212 2010 (GMT+1): [<] sockop_thread_loop()
    Mon Feb  8 11:42:09.212 2010 (GMT+1):
    Mon Feb  8 11:42:09.227 2010 (GMT+1): [<] reinject_item_nbl()
    Mon Feb  8 11:42:09.227 2010 (GMT+1):
    Mon Feb  8 11:42:09.243 2010 (GMT+1): [?] reinject_item_nbl: direction: OUTBOUND
    Mon Feb  8 11:42:09.243 2010 (GMT+1):
    Mon Feb  8 11:42:09.243 2010 (GMT+1): [?] reinject_item_nbl: remoteAddress == 0x101a8c0
    Mon Feb  8 11:42:09.243 2010 (GMT+1):
    Mon Feb  8 11:42:09.259 2010 (GMT+1): [?] reinject_item_nbl: injection_handle = 0x837cb858
    Mon Feb  8 11:42:09.259 2010 (GMT+1):
    Mon Feb  8 11:42:09.274 2010 (GMT+1): [?] reinject_item_nbl: endpoint_handle = 0x0000000b
    Mon Feb  8 11:42:09.274 2010 (GMT+1):
    Mon Feb  8 11:42:09.274 2010 (GMT+1): [?] reinject_item_nbl: cloned nbl ==  0x84252018
    Mon Feb  8 11:42:09.274 2010 (GMT+1):
    Mon Feb  8 11:42:09.290 2010 (GMT+1): [?] reinject_item_nbl: control_data ==  0x00000000
    Mon Feb  8 11:42:09.290 2010 (GMT+1):
    Mon Feb  8 11:42:09.305 2010 (GMT+1): [?] reinject_item_nbl: pid ==  1296
    Mon Feb  8 11:42:09.305 2010 (GMT+1):
    Mon Feb  8 11:42:09.305 2010 (GMT+1): [?] reinject_item_nbl: local port ==  59047
    Mon Feb  8 11:42:09.305 2010 (GMT+1):
    Mon Feb  8 11:42:09.321 2010 (GMT+1): [<] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:42:09.321 2010 (GMT+1):
    Mon Feb  8 11:42:09.337 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL PORT 59047
    Mon Feb  8 11:42:09.337 2010 (GMT+1):
    Mon Feb  8 11:42:09.352 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE PORT 53
    Mon Feb  8 11:42:09.352 2010 (GMT+1):
    Mon Feb  8 11:42:09.352 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  LOCAL ADDRESS 0xc0a8036a
    Mon Feb  8 11:42:09.352 2010 (GMT+1):
    Mon Feb  8 11:42:09.368 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REMOTE ADDRESS 0xc0a80101
    Mon Feb  8 11:42:09.368 2010 (GMT+1):
    Mon Feb  8 11:42:09.384 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PID: 1296
    Mon Feb  8 11:42:09.384 2010 (GMT+1):
    Mon Feb  8 11:42:09.384 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  PROTO UDP
    Mon Feb  8 11:42:09.384 2010 (GMT+1):
    Mon Feb  8 11:42:09.399 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  REINJECTED
    Mon Feb  8 11:42:09.399 2010 (GMT+1):
    Mon Feb  8 11:42:09.415 2010 (GMT+1): [?] gfe_callout_on_classify_ale_connect_v4:  SKIP FILTERING
    Mon Feb  8 11:42:09.415 2010 (GMT+1):
    Mon Feb  8 11:42:09.415 2010 (GMT+1): [>] gfe_callout_on_classify_ale_connect_v4()
    Mon Feb  8 11:42:09.415 2010 (GMT+1):
    Mon Feb  8 11:42:09.430 2010 (GMT+1):
    *** Fatal System Error: 0x0000000a
                           (0x00000000,0x00000002,0x00000001,0x81615FE9)

    The general idea of the implementation is really similar to the sample given with the DDK. At the ALE_CONNECT layer (for udp packets), I reference the layer_data, pend the operation, make a decision, complete the operation, permit or block during reauthorization depending on the decision made,  clone layer_data &  reinject the packet  depending on the decision made then dereference the layer_data.  

    Any help would be appreciated, Thx

    Monday, February 8, 2010 1:09 PM