• Question

  • Hi,

    I know FWP_CONDITION_FLAG_REQUIRES_ALE_CLASSIFY and its use in inbound transport layer and check and ALE inspection.

    BUT I do not understand following points:

    1.  My WFP driver is registered classify at tcp inbound layer and at some conditions it blocks SYN+ACK incoming tcp packet.
    SYN+ACK incoming tcp packet is consumed at TCP layer, is there any possibility handling SYN+ACK at ALE layer?

    2. If My WFP callout breaks the rule and process the packet at TCP inbound layer at even though FWP_CONDITION_FLAG_REQUIRES_ALE_CLASSIFY is set then what is side effect?

    3.My remote application can send TCP packets for which there is no any tcp connection at host tcp stack and tcp stack will send rst if unknown tcp packet is received by host tcp stack. 
    Is FWP_CONDITION_FLAG_REQUIRES_ALE_CLASSIFY  set for unknown tcp packets?

    Anand Choubey

    • Edited by Anand Choubey Wednesday, April 2, 2014 10:52 AM Revised question
    Thursday, March 27, 2014 6:37 AM

All replies

  • Hello Anand

    Did you pick up any trail regarding your issue?(RST sent inresponse to Syn/ACK) I would appreciate if you shared your findings.


    Umar Yaqoob

    Monday, May 5, 2014 6:27 AM