locked
Seting redirect records on the proxy connection socket correctly RRS feed

  • Question

  • The MSDN documentation for Bind and Connect Redirection (http://msdn.microsoft.com/en-us/library/ff571005(VS.85).aspx) states:

    In your proxy service (which could be in user mode or kernel mode), you should set redirect records on the proxy connection socket as shown in the following example to create a new outbound socket:

    proxySock = WSASocket(…);
    result = WSAIoctl(
                 proxySock,
                 SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS,
                 redirectRecords, …);
    

    The correspondent code in WFPSampler can be found in HlprWinSockAssociateResourceRecordsWithProxiedConnection() function of ClassifyFunctions_ProxyCallouts.cpp file:

    status = WSAIoctl(proxySocket, SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS, (BYTE*)ppRedirectRecords, (DWORD)redirectRecordsSize, 0, 0, (LPDWORD)&redirectRecordsSet, 0, 0);

    ...

    ASSERT(redirectRecordsSize == redirectRecordsSet);

    It looks like variable redirectRecordsSet that corresponds to lpcbBytesReturned parameter should contain number of bytes written by WSAIoctl() function. However, documentation for this parameter of function (http://msdn.microsoft.com/en-us/library/windows/desktop/ms741621(v=vs.85).aspx) states: "lpcbBytesReturned [out] A pointer to actual number of bytes of output". Therefore it seems like for SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS control code returned value of lpcbBytesReturned parameter should be zero. If this is correct than assertion will fail.

    There are two questions:

    1. What value should be returned with redirectRecordsSet in case of success execution of WSAIoctl(..., SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS, ...) function?
    2. How correctness of setting of redirect records on the proxy connection socket can be checked in kernel and in user mode?
    Monday, March 10, 2014 2:06 PM

Answers

  • Good catch. The ASSERT is no longer valid with the actual REDIRECT_RECORDS implementation. There is currently no way to verify the records were correctly set aside from WSAIoctl not returning an error or querying the records from the proxy socket's connection (at which time it's a moot point anyway).

    Thanks,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Friday, March 21, 2014 4:25 AM
    Moderator

All replies

  • Good catch. The ASSERT is no longer valid with the actual REDIRECT_RECORDS implementation. There is currently no way to verify the records were correctly set aside from WSAIoctl not returning an error or querying the records from the proxy socket's connection (at which time it's a moot point anyway).

    Thanks,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Friday, March 21, 2014 4:25 AM
    Moderator
  • Thank you for the answer!

    I assume it will be possible to check correctness of writing of redirection records for a connection with an additional redirection of the same connection with a callout. In this case redirection records can be observed within, e.g., WFPSamplerCalloutDriver.sys at ClassifyProxyByALERedirect () function with the following member of pRedirectData variable ((FWPS_CONNECT_REQUEST*)(pRedirectData->pWritableLayerData))->previousVersion.

    Wednesday, April 2, 2014 1:21 PM