WFP pend and complete operation question RRS feed

  • Question

  • What is the time delay that Windows WFP can tolerate between FwpsPendOperation and FwpsCompleteOperation? For instance, can one call FwpsPendOperation in classifyFn and then transition to user mode for input dialog (Yes/No) and then based on user input call FwpsCompleteOperation in driver? Will there be any issues if the user responds after 10 seconds, will the packet still be held and then sent down the stack?

    What if it is ALE_AUTH_CONNECT_REDIRECT for a TCP SYN ? Will the other packets be blocked for 10 seconds? Will the WFP callout receive another ALE_AUTH_CONNECT_REDIRECT in the interim?

    Monday, August 31, 2020 6:22 PM