locked
Problems with ArchitecturalDesign.SupportPowerManagedStates WFP certification test RRS feed

  • Question

  • Hello,

    I'm having problems with "SupportPowerManagedStates". I tried testing on several machines, but it did not help.
    THe driver i'm testing does checks of outbound HTTP connections on the stream layer. The NTlog of the test can be found below.

    I would appreciate any help. Thank you!
    ****   NtLog date: Wed Jul 25 19:14:16 2012  V 6.02.9200.16384  C:\Windows\SYSTEM32\ntlog.DLL
    ****   Exe   date: Fri Sep 21 05:35:47 2012  C:\Windows\SYSTEM32\WFPLogo.Exe
    ****   Processor : AMD64
    ****   CPUS      : 4
    ****   System    : Windows NT 6.2[9200], Retail, Mouse,
    ****   Build Lab : 9200.win8_rtm.120725-1247
    ****   Vid Driver: cdd
    ****    Chip Type: ????M100M
    ****    DAC Type : ????????Cd RAMDAC
    ****    Adapter  : ????M100M
    ****    MiniPort : Unknown
    ****    VRAM     : 262144
    ****    Hertz    : 60
    ****    X Res    : 1440
    ****    Y Res    : 900
    ****    BPP      : 32
    ****    Planes   : 1
    ****    RGB Masks: (888)(bgr)
    ****    X Pos    : 0
    ****    Y Pos    : 0
    ****   Machine   : LAPTOP
    ****   User Name : DTMLLUAdminUser
    ****   Language  : English
    ****   KM boundary: 8192
    ****   ProductOptions: Terminal Server
    ****
    ****

    [Run By:                                                R. Akchurin]

    [Company Name:                                          Test]

    [Product Name:                                          Test]

    [Driver Name:                                           C:\Program Files\test.sys]

    [Use Answer File:                                       TRUE]

    [Has a callout driver:                                  TRUE]

    [Is a firewall:                                         FALSE]

    [Layered on Microsoft Windows Firewall:                 FALSE]

    [Does MAC Filtering:                                    FALSE]

    [Does Virtual Switch Filtering:                         FALSE]

    [Does Packet Injection:                                 FALSE]

    [Does Stream Injection:                                 TRUE]

    [Does Proxying:                                         FALSE]

    [Supports Modern Applications:                          TRUE]

    [Uninstalls cleanly:                                    TRUE]

    [Proxies without deadlocking:                           TRUE]

    [Has an identifying Provider:                           TRUE]

    [Associates Provider with all objects:                  TRUE]

    [Has at least 1 filter:                                 TRUE]

    [Uses only built-in or their own private SubLayer:      TRUE]

    [Has an NDF Helper Class:                               TRUE]

    [Does not AV:                                           TRUE]

    [Does not alter other's WFP Objects:                    TRUE]

    [Injects without deadlocking:                           TRUE]

    [Injects at STREAM without starvation:                  TRUE]

    [Supports Power Managed States:                         TRUE]

    [ACLs objects so other's can enum them:                 TRUE]

    [Uses latest WinSock specifications:                    TRUE]

    [Properly disabled Windows Firewall:                    FALSE]

    [Uses granular filtering:                               TRUE]

    [Can filter by 5 tuples:                                FALSE]

    [Can filter by application name:                        FALSE]

    [Can filter by Physical Addresses:                      FALSE]

    [Uses WFP for filtering and packet maniplulation:       TRUE]

    [Supports IPv4 Address Resolution - ARP:                TRUE]

    [Supports IPv6 Address Resolution - Neighbor Discovery: TRUE]

    [Supports Dynamic IP Addressing:                        TRUE]

    [Supports IPv4:                                         TRUE]

    [Supports IPv6:                                         TRUE]

    [Supports Name Resolution:                              TRUE]

    [Supports 6TO4:                                         TRUE]

    [Supports Automatic Updates:                            TRUE]

    [Supports Basic Website Browsing:                       TRUE]

    [Supports File and Printer Sharing:                     TRUE]

    [Supports ICMP Error Messages:                          TRUE]

    [Supports Internet Streaming:                           TRUE]

    [Supports Media Extender Streaming:                     TRUE]

    [Supports MobileBroadband:                              TRUE]

    [Supports Peer Name Resolution Protocol:                TRUE]

    [Supports Remote Assistance:                            TRUE]

    [Supports Remote Desktop:                               TRUE]

    [Supports Teredo:                                       TRUE]

    [Supports Virtual Private Networking:                   TRUE]

    [Interops with other Virtual Switch Extensions:         FALSE]

    [Does not modify at Egress:                             FALSE]

    [Supports Live Migration:                               FALSE]

    [Supports Removal of Virtual Switch Extensions:         FALSE]

    [Supports Reordering of Virtual Switch Extension:       FALSE]

     [Configuration Timer:                 15 seconds]
    [Number of Packet Injection Commands: 0]
     Start Tests:WFP Logo:[[IGN-]Sun Jan 06 23:43:53 2013[-IGN]]
     
     Start Case:ArchitecturalDesign\SupportPowerManagedStates:[[IGN-]Sun Jan 06 23:43:53 2013[-IGN]]
     Priority: 0, Owner: WFP@Microsoft.com
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Add    Rule Name="WFPLogo" Description="Permit Outbound IPv4 with Power States" Dir=Out Action=allow Program=%WinDir%\System32\WFPLogo.Exe LocalIP=1.0.0.1 RemoteIP=1.0.0.254 Protocol=17 Enable=Yes Profile=Any"
     +VAR+INFO+     0 : [IPVersion: IPv4][Direction: Outbound][Protocol: Raw UDP (17)][Source / Local  Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local  Port: 44916][Destination / Remote Port: 46233][Action: PERMIT]
        LocalRawUDP::SocketBind : bind() [Local Bound Address: 1.0.0.1][Local Bound Port: 0xaf74] [status: 0]
        LocalRawUDP::SocketSendTo : sendto() [bytes sent: 1008] [status: 0]
     VirtualUDP::AnalyzePacket() [IP Version: 0x4][IP Protocol: 0x11][Source Address: 0x1000001][DestinationAddress: 0x10000fe][Source Port: 0xaf74][Destination Port:0xb499]
     VirtualUDP::RxPackets() : Exit
        LocalRawUDP::SocketSendTo : sendto() [bytes sent: 1008] [status: 0]
     VirtualUDP::AnalyzePacket() [IP Version: 0x4][IP Protocol: 0x11][Source Address: 0x1000001][DestinationAddress: 0x10000fe][Source Port: 0xaf74][Destination Port:0xb499]
     VirtualUDP::RxPackets() : Exit
     AnalyzeTrafficResults() [Analysis: Permitted][local Error: 0][peer Error: 0][packet(s) Rx'd: Yes][packet(s) Tx'd: Yes]
        LocalRawUDP::SocketShutdown : shutdown() [status: 0]
        LocalRawUDP::SocketClose : closesocket() [status: 0]
     +VAR+PASS     0 :  +SUB_VAR+     1 : [IPVersion: IPv4][Direction: Outbound][Protocol: Raw UDP (17)][Source / Local  Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local  Port: 44916][Destination / Remote Port: 46233][Action: PERMIT]
     PowerStates [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT]
     Variation:  +SUB_VAR+     1 : [IPVersion: IPv4][Direction: Outbound][Protocol: Raw UDP (17)][Source / Local  Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local  Port: 44916][Destination / Remote Port: 46233][Action: PERMIT]
     PowerStates [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT]:PASS:[[IGN-]Sun Jan 06 23:48:09 2013[-IGN]]
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Delete Rule Name="WFPLogo"                                                      Dir=Out              Program=%WinDir%\System32\WFPLogo.Exe LocalIP=1.0.0.1 RemoteIP=1.0.0.254 Protocol=17            Profile=Any"
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Add    Rule Name="WFPLogo" Description="Block Outbound IPv4 with Power States" Dir=Out Action=block Program=%WinDir%\System32\WFPLogo.Exe LocalIP=1.0.0.1 RemoteIP=1.0.0.254 Protocol=17 Enable=Yes Profile=Any"
     +VAR+INFO+     1 : [IPVersion: IPv4][Direction: Inbound][Protocol: UDP (17)][Source / Remote Address: 1.0.0.254][Destination / Local  Address: 1.0.0.1][Source / Remote Port: 41266][Destination / Local  Port: 46067][Action: PERMIT]
        LocalUDP::SocketBind : bind() [Local Bound Address: 1.0.0.1][Local Bound Port: 0xb3f3] [status: 0]
        LocalUDP::SocketSetToNonBlocking : ioctlsocket() [status: 0]
        LocalUDP::SocketRecv : recv() [bytes received: 0] [status: 0x274c]
        LocalUDP::SocketSetToNonBlocking : ioctlsocket() [status: 0]
     AnalyzeTrafficResults() [Analysis: Blocked][local Error: 0x274c][peer Error: 0][packet(s) Rx'd: No][packet(s) Tx'd: Yes]
        LocalUDP::SocketClose : closesocket() [status: 0]
     +VAR+SEV1     1 :  +SUB_VAR+     1 : [IPVersion: IPv4][Direction: Inbound][Protocol: UDP (17)][Source / Remote Address: 1.0.0.254][Destination / Local  Address: 1.0.0.1][Source / Remote Port: 41266][Destination / Local  Port: 46067][Action: PERMIT]
     PowerStates [status: 0][IPv4][Inbound][From: 1.0.0.254][To: 1.0.0.1][PERMIT]
     Variation:  +SUB_VAR+     1 : [IPVersion: IPv4][Direction: Inbound][Protocol: UDP (17)][Source / Remote Address: 1.0.0.254][Destination / Local  Address: 1.0.0.1][Source / Remote Port: 41266][Destination / Local  Port: 46067][Action: PERMIT]
     PowerStates [status: 0][IPv4][Inbound][From: 1.0.0.254][To: 1.0.0.1][PERMIT]:FAIL:[[IGN-]Sun Jan 06 23:51:47 2013[-IGN]]
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Delete Rule Name="WFPLogo"                                                     Dir=Out              Program=%WinDir%\System32\WFPLogo.Exe LocalIP=1.0.0.1 RemoteIP=1.0.0.254 Protocol=17            Profile=Any"
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Add    Rule Name="WFPLogo" Description="Permit Inbound IPv4 with Power States" Dir=In Action=allow Program=%WinDir%\System32\WFPLogo.Exe LocalIP=fe80::edba:7b1:9a16:88b5 RemoteIP=fe80::1:0:0:FE Protocol=17 Enable=Yes Profile=Any"
     +VAR+INFO+     2 : [IPVersion: IPv6][Direction: Outbound][Protocol: UDP (17)][Source / Local  Address: fe80::edba:7b1:9a16:88b5][Destination / Remote Address: fe80::1:0:0:FE][Source / Local  Port: 41512][Destination / Remote Port: 46816][Action: PERMIT]
        LocalUDP::SocketBind : bind() [Local Bound Address: fe80::edba:7b1:9a16:88b5][Local Bound Port: 0xa228] [status: 0]
        LocalUDP::SocketSendTo : sendto() [bytes sent: 1000] [status: 0]
     VirtualUDP::AnalyzePacket() [IP Version: 0x6][IP Protocol: 0x11][Source Address: fe80::edba:7b1:9a16:88b5][DestinationAddress: fe80::1:0:0:fe][Source Port: 0xa228][Destination Port: 0xb6e0]
     VirtualUDP::RxPackets() : Exit
        LocalUDP::SocketSendTo : sendto() [bytes sent: 1000] [status: 0]
     VirtualUDP::AnalyzePacket() [IP Version: 0x6][IP Protocol: 0x11][Source Address: fe80::edba:7b1:9a16:88b5][DestinationAddress: fe80::1:0:0:fe][Source Port: 0xa228][Destination Port: 0xb6e0]
     VirtualUDP::RxPackets() : Exit
     AnalyzeTrafficResults() [Analysis: Permitted][local Error: 0][peer Error: 0][packet(s) Rx'd: Yes][packet(s) Tx'd: Yes]
        LocalUDP::SocketShutdown : shutdown() [status: 0]
        LocalUDP::SocketClose : closesocket() [status: 0]
     +VAR+PASS     2 :  +SUB_VAR+     1 : [IPVersion: IPv6][Direction: Outbound][Protocol: UDP (17)][Source / Local  Address: fe80::edba:7b1:9a16:88b5][Destination / Remote Address: fe80::1:0:0:FE][Source / Local  Port: 41512][Destination / Remote Port: 46816][Action: PERMIT]
     PowerStates [status:0][IPv6][Outbound][From: fe80::edba:7b1:9a16:88b5][To: fe80::1:0:0:FE][PERMIT]
     Variation:  +SUB_VAR+     1 : [IPVersion: IPv6][Direction: Outbound][Protocol: UDP (17)][Source / Local  Address: fe80::edba:7b1:9a16:88b5][Destination / Remote Address: fe80::1:0:0:FE][Source / Local  Port: 41512][Destination / Remote Port: 46816][Action: PERMIT]
     PowerStates [status:0][IPv6][Outbound][From: fe80::edba:7b1:9a16:88b5][To: fe80::1:0:0:FE][PERMIT]:PASS:[[IGN-]Sun Jan 06 23:55:20 2013[-IGN]]
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Delete Rule Name="WFPLogo"                                                     Dir=In              Program=%WinDir%\System32\WFPLogo.Exe LocalIP=fe80::edba:7b1:9a16:88b5 RemoteIP=fe80::1:0:0:FE Protocol=17            Profile=Any"
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Add    Rule Name="WFPLogo" Description="Block Inbound IPv4 with Power States" Dir=In Action=block Program=%WinDir%\System32\WFPLogo.Exe LocalIP=fe80::edba:7b1:9a16:88b5 RemoteIP=fe80::1:0:0:FE Protocol=6 Enable=Yes Profile=Any"
     +VAR+INFO+     3 : [IPVersion: IPv6][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address: fe80::1:0:0:FE][Destination / Local  Address: fe80::edba:7b1:9a16:88b5][Source / Remote Port: 44480][Destination / Local  Port: 47651][Action: PERMIT]
        LocalTCP::SocketBind : bind() [Local Bound Address: fe80::edba:7b1:9a16:88b5][Local Bound Port: 0xba23] [status: 0]
        LocalTCP::SocketListen : listen() [status: 0]
        LocalTCP::SocketSetToNonBlocking : ioctlsocket() [status: 0]
        LocalTCP::SocketAccept : accept() [status: 0x2733]
        LocalTCP::SocketSetToNonBlocking : ioctlsocket() [status: 0x2726]
     AnalyzeTrafficResults() [Analysis: Blocked][local Error: 0x2733][peer Error: 0][packet(s) Rx'd: No][packet(s) Tx'd: No]
     LocalTCP::SocketSetOptions() [Option Level: 0xffff][Option Name: 0x80][Option Length: 0x4]
        LocalTCP::SocketClose : closesocket() [status: 0]
     +VAR+SEV1     3 :  +SUB_VAR+     1 : [IPVersion: IPv6][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address: fe80::1:0:0:FE][Destination / Local  Address: fe80::edba:7b1:9a16:88b5][Source / Remote Port: 44480][Destination / Local  Port: 47651][Action: PERMIT]
     PowerStates [status: 0][IPv6][Inbound][From: fe80::1:0:0:FE][To: fe80::edba:7b1:9a16:88b5][PERMIT]
     Variation:  +SUB_VAR+     1 : [IPVersion: IPv6][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address: fe80::1:0:0:FE][Destination / Local  Address: fe80::edba:7b1:9a16:88b5][Source / Remote Port: 44480][Destination / Local  Port: 47651][Action: PERMIT]
     PowerStates [status: 0][IPv6][Inbound][From: fe80::1:0:0:FE][To: fe80::edba:7b1:9a16:88b5][PERMIT]:FAIL:[[IGN-]Sun Jan 06 23:59:01 2013[-IGN]]
     Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Delete Rule Name="WFPLogo"                                                    Dir=In              Program=%WinDir%\System32\WFPLogo.Exe LocalIP=fe80::edba:7b1:9a16:88b5 RemoteIP=fe80::1:0:0:FE Protocol=6            Profile=Any"
     +TEST+SEV1      : ArchitecturalDesign\SupportPowerManagedStates
     End Case:ArchitecturalDesign\SupportPowerManagedStates:FAIL:[[IGN-]Sun Jan 06 23:59:17 2013[-IGN]]
     
     ArchitecturalDesign:[FAIL:1]
      SupportPowerManagedStates:[FAIL:1]
     
     
     
     
     Total:
          =============================================================================
                        PASS     FAIL  ABORTED NOT IMPL  PENDING  BLOCKED  WARNING
          -----------------------------------------------------------------------------
             Tests:        0        1        0        0        0        0        0
          -----------------------------------------------------------------------------
          Variation        2        2        0        0        0        0        0
          =============================================================================
     
     Status: FAIL
     
     NTLOG REPORT -------------------------------------------------------
       Tests Total           1      | Variations Total           4
       ------------------------------------------------------------------
       Tests Passed          0   0% | Variations Passed          2  50%
       Tests Warned          0   0% | Variations Warned          0   0%
       Tests Failed sev3     0   0% | Variations Failed sev3     0   0%
       Tests Failed sev2     0   0% | Variations Failed sev2     0   0%
       Tests Failed sev1     1 100% | Variations Failed sev1     2  50%
       Tests Blocked         0   0% | Variations Blocked         0   0%
       Tests Aborted         0   0% | Variations Aborted         0   0%
     --------------------------------------------------------------------
    ****

    Sunday, January 6, 2013 11:21 PM

Answers

  • There is a filter blocking the packet, when it is expected to be permitted.  You should run Netsh.exe WFP capture start, run the  test, and then Netsh.exe WFP capture stop.  Look in the resultant WFPDiag.XML for the drop of this packet.  Once you know what filter is causing the drop, then you can tailor your environment to not drop the packet, thus passing the test.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Monday, January 7, 2013 4:03 PM
    Moderator
  • The test itself doesn't add policy (unless using the answer file, in which case it adds the policy via the cmd line you supply).  From the above, it seems like you are using the answer file, but have left it tailored to Windows Firewall.  Can you explain what software package you are validating?  Do you take the Windows Firewall category?  What does your .Info file look like?

    As for the description, it has no bearing as to what the rule actually does.  However it does indicate that you did not tailor the answer file to this case.  I imagine that in your answer file, you specified IsAFirewall=0.  If this is the case, then there are only 4 variations for the PowerManaged States (you can delete the BLOCK cases in the answer file, and renumber the variations assuming this is the case).

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Thursday, January 10, 2013 12:05 AM
    Moderator

All replies

  • There is a filter blocking the packet, when it is expected to be permitted.  You should run Netsh.exe WFP capture start, run the  test, and then Netsh.exe WFP capture stop.  Look in the resultant WFPDiag.XML for the drop of this packet.  Once you know what filter is causing the drop, then you can tailor your environment to not drop the packet, thus passing the test.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Monday, January 7, 2013 4:03 PM
    Moderator
  • It seems like the test itself is blocking the packet. Could you please explain the following:

    The test blocks on tcp level (I do not understand why the description states "Block Inbound IPv4 with Power States", because it is blocking v6, not v4).

    Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Add    Rule Name="WFPLogo" Description="Block Inbound IPv4 with Power States" Dir=In Action=block Program=%WinDir%\System32\WFPLogo.Exe LocalIP=fe80::edba:7b1:9a16:88b5 RemoteIP=fe80::1:0:0:FE Protocol=6 Enable=Yes Profile=Any"

    Now it tries to receive, but the packet is blocked due to the rule above:

    +VAR+INFO+     3 : [IPVersion: IPv6][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address: fe80::1:0:0:FE][Destination / Local  Address: fe80::edba:7b1:9a16:88b5][Source / Remote Port: 44480][Destination / Local  Port: 47651][Action: PERMIT]
        LocalTCP::SocketBind : bind() [Local Bound Address: fe80::edba:7b1:9a16:88b5][Local Bound Port: 0xba23] [status: 0]
        LocalTCP::SocketListen : listen() [status: 0]
        LocalTCP::SocketSetToNonBlocking : ioctlsocket() [status: 0]
        LocalTCP::SocketAccept : accept() [status: 0x2733]

    Why does it expect the packet to be received?

    Best regards,

    Eldar Akchurin

    Wednesday, January 9, 2013 12:48 AM
  • The test itself doesn't add policy (unless using the answer file, in which case it adds the policy via the cmd line you supply).  From the above, it seems like you are using the answer file, but have left it tailored to Windows Firewall.  Can you explain what software package you are validating?  Do you take the Windows Firewall category?  What does your .Info file look like?

    As for the description, it has no bearing as to what the rule actually does.  However it does indicate that you did not tailor the answer file to this case.  I imagine that in your answer file, you specified IsAFirewall=0.  If this is the case, then there are only 4 variations for the PowerManaged States (you can delete the BLOCK cases in the answer file, and renumber the variations assuming this is the case).

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Thursday, January 10, 2013 12:05 AM
    Moderator