locked
Pended then reauthorized packets get original profile id set to 0 in w7 but not w8 & later - is there a w7 hotfix for this? RRS feed

  • Question

  • Hi,

    We have a wfp driver which pends outgoing connects, reports the details to a service (which "does stuff"), then completes them and lets them go through. We don't ever block packets by the way.

    What we're seeing is that the first time the connect hits our ConnectClassify callback (before we pend it), both 

    FWPS_FIELD_ALE_AUTH_CONNECT_V4_ORIGINAL_PROFILE_ID and 

    FWPS_FIELD_ALE_AUTH_CONNECT_V4_CURRENT_PROFILE_ID

    are set.

    But when ConnectClassify is called for the same thing after we have called FwpsCompleteOperation to let it carry on, the

    FWPS_FIELD_ALE_AUTH_CONNECT_V4_ORIGINAL_PROFILE_ID value is set to 0, although the current profile id has not been changed.

    This is causes issues with third-party firewall rules which reference both current and original profile id values.

    We have only observed this in W7 - in w8 & w10 the original profile id value comes back unchanged.

    So the big question is - is there a hotfix for some w7 driver(s) that we can recommend to our users to avoid problems of this nature?

    (I don't think there is a way of changing our driver to work round this, but if you think different then do please let us know more!).

    regards,

    MH

    Wednesday, September 7, 2016 3:10 PM