none
Processing ALE_CONNECT_REDIRECT asynchronously for UDP flows RRS feed

  • Question

  • I'm trying to process ALE_CONNECT_REDIRECT asynchronously for UDP flows on Windows 7 x64.

    In my callout I do the following:

    • FwpsAcquireClassifyHandle()
    • FwpsPendClassify()

    I then push the data off to a worker routine where I do the following:

    • FwpsCompleteClassify()
    • FwpsReleaseClassifyHandle()

    I am testing this with a usermode program that sends a UDP datagram to another listening PC. This program does a sendto() immediately followed by a closesocket().

    The problem is that ALE_CONNECT_REDIRECT does not seem to be processed asynchronously.

    This is made more apparent when I add a 100ms sleep inside the worker routine prior to invoking FwpsCompleteClassify().

    What happens is that I get ALE_ENDPOINT_CLOSURE immediately after ALE_CONNECT_REDIRECT returns, and then 100ms I can see that FwpsCompleteClassify() is invoked. Of course by this point the endpoint is gone so this has no effect.

    What's interesting is that if I add a sleep for 1 second in the usermode program between the sendto() and closesocket() then I see the expected behavior: I get ALE_CONNECT_REDIRECT, then 100ms later FwpsCompleteClassify() is invoked, then immediately I get ALE_AUTH_CONNECT.

    So my question is what am I missing or doing wrong? Why is sendto() not pended while waiting for ALE_CONNECT_REDIRECT to be completed asynchronously?

    Looks like someone reported a similar issue at ALE_AUTH_CONNECT.

    • Edited by Luke727 Thursday, May 7, 2020 5:06 PM link question
    Thursday, May 7, 2020 5:02 PM

Answers

  • Shortly after posting this I managed to stumble across this little tidbit in the documentation:

    Callouts registered for an ALE endpoint closure layer can pend classification. This enables the callout to reinject any packets queued for asynchronous processing before the endpoint is shut down. To pend classification, the callout driver must call FwpsPendClassify0 followed by a call to FwpsCompleteClassify0 when processing is complete.

    So the trick is to queue the ALE_CONNECT_REDIRECT as I'm doing and also queue the ALE_ENDPOINT_CLOSURE.

    Then make sure to process the first before the second, and viola: it works as expected.

    • Marked as answer by Luke727 Thursday, May 7, 2020 5:56 PM
    Thursday, May 7, 2020 5:56 PM