Strange behavior with FWPM_LAYER_ALE_CONNECT_REDIRECT_V6 and Java RRS feed

  • Question

  • I have a WFP filter uses Connection Redirection to a local proxy via FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 and FWPM_LAYER_ALE_CONNECT_REDIRECT_V6 and am seeing some strange behavior with Java:

    When loading Runescape (www.runescape.com) for example, I see java.exe go through my callout in the FWPM_LAYER_ALE_CONNECT_REDIRECT_V6 layer. However, there are some inconsistencies and ultimately the connection fails:

    1. According to Wireshark, Windows Network Monitor, etc. Java is not making any IPv6 connections. (Also, I'm on a IPv4 network in this testing)
    2. connectRequestWritable->remoteAddressAndPort.ss_family is set to 0 (AF_UNSPEC) where connectRequestWritable is obtained via FwpsAcquireWritableLayerDataPointer0(). I would expect to see AF_INET6 (23) here.

    This is the only case in which I've seen any traffic go through FWPM_LAYER_ALE_CONNECT_REDIRECT_V6 on a IPv4 network. Any ideas?

    Monday, April 28, 2014 9:47 PM

All replies

  • Java used combined IPv4+IPv6 Sockets when creating client connections. I noticed the same behaviour today.

    My workaround was to let Java prefer IPv4 by passing the command line argument -Djava.net.preferIPv4Sockets=true. Now Java behaves like expected.

    I also noted that althought I connected to, Java itself seems to do something that binds to a v6-Port, but maybe the fault is in WFP, I couldn't work this out further. 

    Tuesday, May 15, 2018 4:45 PM