locked
How to Add UDP filter callback ? RRS feed

  • Question

  • Hi All,

    I'm using msnmntr example to add callouts for UDP.  

    Once I added these, I don't see even the stream level activities, much less is UDP activities.

    Don't understand how to add callouts for different layers.

    Please shed some lights !

    Here is the code changes

    TIA,

    prokash

    In monitor.c I add the callout registration ---

        if (NT_SUCCESS(status))
        {
            status = MonitorCoRegisterCallout(deviceObject,
                MonitorCoStreamCalloutV4,  //-- callout at stream level for traffic to/fro
                MonitorCoStreamNotifyV4,   //-- callout for any filter add/del/mod at the layer
                MonitorCoStreamFlowDeletion, //- Flow deletion call back, session completed for all practical purposes
                &MONITOR_SAMPLE_STREAM_CALLOUT_V4,
                FWP_CALLOUT_FLAG_CONDITIONAL_ON_FLOW,
                &streamId);
        }

    //#if 0
        // UDP/ICMP
        //
        if (NT_SUCCESS(status))
        {
            //DbgBreakPoint();
            status = MonitorCoRegisterCallout(deviceObject,

                MonitorDataGramCalloutV4,  //-- callout at stream level for traffic to/fro
                MonitorDataGramNotifyV4,   //-- callout for any filter add/del/mod at the layer
                0, // MonitorDataGramFlowDeletion, //- Flow deletion call back, session completed for all practical purposes
                &MONITOR_SAMPLE_CALLOUT_AT_DATAGRAM_DATA_V4,
                FWP_CALLOUT_FLAG_ENABLE_COMMIT_ADD_NOTIFY, //0,    //FWP_CALLOUT_FLAG_CONDITIONAL_ON_FLOW,
                &datagramId);
        }

        if (!NT_SUCCESS(status)) {
            DbgBreakPoint();
        }

    It goes fine, in terms of registering....

    On the Appside ( monitor.cpp) -- at the end of DWORD MonitorAppAddCallouts()

        // ??????  datagram

        RtlZeroMemory(&callout, sizeof(FWPM_CALLOUT));

        displayData.description = MONITOR_DATAGRAM_CALLOUT_DESCRIPTION;
        displayData.name = MONITOR_DATAGRAM_CALLOUT_DESCRIPTION;

        callout.calloutKey = MONITOR_SAMPLE_CALLOUT_AT_DATAGRAM_DATA_V4;
        callout.displayData = displayData;
        callout.applicableLayer = FWPM_LAYER_DATAGRAM_DATA_V4; // FWPM_LAYER_STREAM_V4;
        callout.flags = FWPM_CALLOUT_FLAG_PERSISTENT; // Make this a persistent callout.

        printf("Adding Persistent Datagram callout through the Filtering Engine\n");
        result = FwpmCalloutAdd(engineHandle, &callout, NULL, NULL);
        if (NO_ERROR != result)
        {
            if (result == FWP_E_ALREADY_EXISTS) {
                result = NO_ERROR;
            }
            else {
                printf("FAILED Persistent Datagram callout through the Filtering Engine result=%d\n", result);
                goto abort;
            }
        }
        printf("Successfully Added Persistent DataGram callout.\n");

        // end ?????

    Wednesday, September 13, 2017 10:18 PM

All replies

  • Never-mind. I figured what was wrong.

    -pro

    Thursday, September 14, 2017 11:25 PM