locked
Multiple filters at single layer RRS feed

  • Question

  • Hi all,

    I am trying to specify two  filters at layer ALE_AUTH_LISTEN. One for local address and one for loop-back address.
    The following code return error c0220023. ie displayData.name can't be NULL.

     NTSTATUS status = STATUS_SUCCESS;

       FWPM_FILTER0 filter[2] = {0};
       FWPM_FILTER_CONDITION0 filterConditions[3] = {0};
       UINT conditionIndex;
       PWSTR terminator;
       UINT32 filterIndex;
      
       wchar_t * AddressString = L"192.168.40.103";

       filter[0].layerKey = filter[1].layerKey = *layerKey;
       filter[0].displayData.name = L"name1";//(wchar_t*)filterName;
       filter[1].displayData.name = L"name2";//(wchar_t*)filterName;
       filter[0].displayData.description = (wchar_t*)filterDesc;
       filter[0].numFilterConditions = filter[1].numFilterConditions = 1;
       filter[1].displayData.description = L"filter 2";

       filter[0].action.type = filter[1].action.type = FWP_ACTION_CALLOUT_TERMINATING;
       filter[0].action.calloutKey = filter[1].action.calloutKey = *calloutKey;
       filter[0].filterCondition = filterConditions;
       filter[1].filterCondition = &(filterConditions[1]);
       filter[0].subLayerKey = filter[1].subLayerKey = TL_INSPECT_SUBLAYER;
       filter[0].weight.type = filter[1].weight.type = FWP_EMPTY; // auto-weight.
       filter[0].rawContext = context;

       conditionIndex = 0;

       /* String to IP Address Conversion */

      
             status = RtlIpv4StringToAddressW(
                         (PCWSTR)(AddressString),
                         TRUE,
                         &terminator,
                         &Address
                         );

             if (NT_SUCCESS(status))
             {
                Address.S_un.S_addr = RtlUlongByteSwap(Address.S_un.S_addr);
                configInspectLocalAddrV4 = &Address.S_un.S_un_b.s_b1;
                DbgPrint("RtlIpv4StringToAddressEx success. IP %d\n", configInspectLocalAddrV4);
             }

              DbgPrint("RtlIpv4StringToAddressEx failed %x\n", status);

    if( IsEqualGUID(layerKey, &FWPM_LAYER_ALE_AUTH_LISTEN_V4) )
          {
             
            conditionIndex = 0;

             filterConditions[conditionIndex].fieldKey = FWPM_CONDITION_FLAGS;

             filterConditions[conditionIndex].matchType = FWP_MATCH_EQUAL;
             filterConditions[conditionIndex].conditionValue.type = FWP_UINT32;
             filterConditions[conditionIndex].conditionValue.uint32 = FWP_CONDITION_FLAG_IS_LOOPBACK;

             conditionIndex++;
               
             DbgPrint("Inside listen filter 1\n");

              filterConditions[conditionIndex].fieldKey = FWPM_CONDITION_IP_LOCAL_ADDRESS;
                           
             filterConditions[conditionIndex].matchType = FWP_MATCH_EQUAL;
             filterConditions[conditionIndex].conditionValue.type = FWP_UINT32;
             filterConditions[conditionIndex].conditionValue.uint32 = *(UINT32*)configInspectLocalAddrV4;
               
             DbgPrint("Inside listen filter 2\n");
             conditionIndex++;


          }

    filter[0].numFilterConditions = conditionIndex;
       if(conditionIndex > 0)
           filter[0].filterCondition = filterConditions;

       filter[1].numFilterConditions = conditionIndex;
       if(conditionIndex > 0)
           filter[1].filterCondition = filterConditions;

       for(filterIndex = 0; filterIndex < 2; filterIndex++ )
       {
       status = FwpmFilterAdd0(
                   gEngineHandle,
                   &filter[filterIndex],
                   NULL,
                   NULL);
       if(!NT_SUCCESS(status))
       {
           DbgPrint( "FwpmFilterAdd0 from NW failed %x\n", status );
           return status;
       }
          DbgPrint( "FwpmFilterAdd0 from NW success%x\n", status );
       }
    Friday, August 21, 2009 4:13 AM

Answers

  • The only time you would receive this error is if the object you are trying to add has the displayData.name set to 0.  looking at the above code this does not appear to be the case.  Is this the exact code you are running?  Have you verified your values within the filter struct using a debugger?
    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Friday, August 21, 2009 6:05 PM
    Moderator