locked
Redirection with Windows 8 RRS feed

  • Question

  • Hi,

    I have a WFP which works great under Win7 and Win8 legacy mode, but in Metro mode it doesn't work, my WFP redirects all traffic to a localhost proxy using the packet approach, it intercepts the traffic at the layer of FWPM_LAYER_OUTBOUND_TRANSPORT_V4 (the reason is that I'm also sending data on the stream after the redirection).

    When putting the WFP is bypass mode, which means it just recreates the stream as is, but no redirection is taken place, Metro works great, but when in the version where redirection is taking place, according to the WFP debug messages, it redirects the packet to localhost and my port, but my proxy app (in legacy mode) never sees the traffic and IE Metro doesn't get the web page.

    Is there a limitation that may cause this kind of behavior?

    Thanks,

    Barak


    Sunday, August 12, 2012 4:43 PM

All replies

  • Redirection of modern apps is achievable using the FWPM_LAYER_ALE_CONNECT_REDIRECT_V{4 | 6}.  Starting with Windows 7 this is the preferred way to do redirection. 

    You should also ask yourself whether redirection is necessary.  Can you achieve the same using a callout at FWPM_LAYER_STREAM_V{4 | 6}?

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Monday, August 13, 2012 2:56 AM
    Moderator
  • Hi,

    I had a feeling that would be the answer I'd get, I want to confirm, does Win8 actively refuses to redirect using the way I do?

    Also where can I get a sample that uses the FWPM_LAYER_ALE_CONNECT_REDIRECT_V method?

    Thanks,

    Barak


    • Edited by Barak W Monday, August 13, 2012 10:40 AM
    Monday, August 13, 2012 10:35 AM
  • Your redirection happens, but the modern app rejects it.

    For a sample, you can use the WFPSampler (in the WDDK) http://code.msdn.microsoft.com/Windows-Filtering-Platform-27553baa/sourcecode?fileId=51338&pathId=943621706.

    One thing to note about this sample is that we were not able to publish the WFPSamplerProxyService component.  Essentially this component can easily be replaced by one of your own.  It would accept the redirected connection, Get the redirect records and context, and set those on the new connection.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Monday, August 13, 2012 5:47 PM
    Moderator
  • Hi,

    Thanks, I will take a look at the sample.

    Out of curiosity, how can the modern app know it's being redirected? is it actively querying the OS, if so which method does it use?

    Thanks,

    Barak

    Tuesday, August 14, 2012 12:56 AM
  • The modern app doesn't know its being redirected, but its capabilities prevent it from communicating with loopback...

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Monday, August 27, 2012 6:29 PM
    Moderator
  • I just managed to redirect a Modern app today with my WFP driver, I redirect the modern app to localhost via the CONNECT_REDIRECT, so just for my understanding, why does it work, while the old method doesn't, both redirect to localhost.
    Wednesday, August 29, 2012 10:24 PM
  • This is because ALE_CONNECT_REDIRECT was built specifically for redirection, and there is underlying code which makes this happen.  sitting at other layers, WFP has no idea of your intentions, and the logic would be horrendous to try to accommodate a small scenario for which there is already a better solution (using the ALE_CONNECT_REDIRECT).

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Thursday, August 30, 2012 3:40 PM
    Moderator