locked
flowDeleteFn and FwpsStreamInjectAsync0 RRS feed

  • Question

  • I made a OOB stream filter and noticed that my flowDeleteFn callback sometimes is may not be called.
    I found those circumstances:
    1. FwpsStreamInjectAsync0 was called once or more with flags FWPS_STREAM_FLAG_RECEIVE.  The outbound path seems to work normal.
    2. All completion routine is called, all NBL is freed
    3. There is no connections in half-closed state ( netstat /na )
    4. This sitiuation is reproducable for localhost connection very well ( one socket send in loop, another - recv ), for foriegn host - sometimes.

    This is an injection routine and completion routine ( I'v cut some details ) . If I delete comments at return operator,
    flowDeleteFn will be called always ( of course, client app will not get anything ).
    NTSTATUS
    InjectData(
       __in HANDLE  streamHandle,
       __in BOOLEAN inbound,
       __in PVOID  dataBuffer,
       __in ULONG  dataLength,
       __in UINT32 flags )
    {
    	PSTREAM_CONTEXT            streamContext = (PSTREAM_CONTEXT)streamHandle;
    	NTSTATUS                   status = STATUS_UNSUCCESSFUL;
    	PINJECT_CONTEXT            injectContext = NULL;
    	PNET_BUFFER_LIST           nbl = NULL;
    	UINT32                     fwpsFlags = inbound ? FWPS_STREAM_FLAG_RECEIVE : FWPS_STREAM_FLAG_SEND;
    
    	if ( 0 != ( FWPS_STREAM_EOF_FLAG_MASK & flags ) )
    	{
    		return InjectEof( streamContext, inbound, completeRoutine, completeContext );
    	}
       
    	do {
    
    // return STATUS_SUCCESS; injectContext = (PINJECT_CONTEXT)ExAllocatePoolWithTag( NonPagedPool, sizeof( INJECT_CONTEXT ), KL_WFP_STM_TAG ); if ( !injectContext ) { status = STATUS_INSUFFICIENT_RESOURCES; break; } RtlZeroMemory( injectContext, sizeof( INJECT_CONTEXT ) ); injectContext->mdl = IoAllocateMdl( dataBuffer, dataLength, FALSE, FALSE, NULL ); if ( !injectContext->mdl ) { status = STATUS_NO_MEMORY; break; } MmBuildMdlForNonPagedPool( injectContext->mdl ); status = FwpsAllocateNetBufferAndNetBufferList( g_stmNblPool, 0, 0, injectContext->mdl, 0, dataLength, &nbl ); if ( !NT_SUCCESS( status ) ) break; injectContext->dataLength = dataLength; injectContext->streamContext = streamContext; status = FwpsStreamInjectAsync( g_stmInjectHandle, NULL, 0, streamContext->flowId, g_stmCalloutId, streamContext->layerId, fwpsFlags, nbl, dataLength, InjectComplete, injectContext ); if ( !NT_SUCCESS( status ) ) break; return STATUS_PENDING; } while( FALSE ); if ( injectContext ) { if ( injectContext->mdl ) IoFreeMdl( injectContext->mdl ); ExFreePoolWithTag( injectContext, KL_WFP_STM_TAG ); } if ( nbl ) FwpsFreeNetBufferList( nbl ); return status; } VOID WfpStmInjectComplete( __in VOID *context, __inout NET_BUFFER_LIST *netBufferList, __in BOOLEAN dispatchLevel ) { PINJECT_CONTEXT injectContext = (PINJECT_CONTEXT)context; FwpsFreeNetBufferList( netBufferList ); if ( injectContext->mdl ) IoFreeMdl( injectContext->mdl ); ExFreePoolWithTag( injectContext, KL_WFP_STM_TAG ); }

    2 Q:

    I have never seen classifyFn with flags FWPS_STREAM_FLAG_RECEIVE_ABORT & FWPS_STREAM_FLAG_SEND_ABORT inspite of the fact sometimes connections is reseted

    OS: Win7   7100 and 7600 RTM
    Thursday, October 15, 2009 11:36 AM

Answers

  • You are probably hitting a known bug in WFP. You can contact your microsoft rep to request a hotfix.

    Thanks,
    Biao.W.

    Saturday, October 24, 2009 5:17 AM

All replies

  • Debug output  for two scoket connetcing through localhost:

    Flow Id:  

    51f                  injecting recv 6 bytes
    51e                 injecting send 8 bytes
    51f                  injecting send eof
    51f                  complete inject recv 6 bytes
    51e                 complete inject send 8 bytes
    51e                 injecting send 9 bytes
    51f                  injecting recv 8 bytes
    51e                 injecting recv eof
    51f                  complete inject recv 8 bytes
    51e                 complete inject recv eof
    51f                  complete inject send eof
    51e                 complete inject send 9 bytes
    51f                  injecting recv 9 bytes
    51e                 injecting send eof
    51f                  complete inject recv 9 bytes
    51f                  injecting recv eof
    51f                  complete inject recv eof
    51e                 complete inject send eof
    close endpoint        <---  bp tcpip!TcpTlConnectionCloseEndpoint ".echo  close endpoint; g"
    51e                 stream delete
    51e                 delete context inbound=0 inject=6076
    close endpoint
    close complete       <--- bp afd!AfdTLCloseConnectionHandleComplete ".echo close complete; g;"

    flow id=51f is not closed



    Thursday, October 15, 2009 12:09 PM
  • You are probably hitting a known bug in WFP. You can contact your microsoft rep to request a hotfix.

    Thanks,
    Biao.W.

    Saturday, October 24, 2009 5:17 AM
  • Hi,

     

    Is this the same problem I had 3 years ago (see the very end of the thread)?

    http://social.msdn.microsoft.com/Forums/en-US/wfp/thread/6c626dfa-aaa3-4031-9438-b7acd8fb710f

     

    Is there a fix meanwhile? The bug still seems to be present in Win7...

     

    Regards,

    Boris

    Thursday, September 16, 2010 6:24 AM
  • Hi,

    Is this bug fixed meanwhile in Windows8?

    Regards,
    Boris

    Monday, March 5, 2012 10:08 AM