locked
Try to use FwpsPendClassify0 - classifyContext is NULL RRS feed

  • Question

  • Hallo I'm trying to pend some classification requests in my callout driver by FwpsPendClassify0 mechanism, but the classifyContext is sometimes NULL.

    I have registered

    FWPM_LAYER_ALE_AUTH_CONNECT_V4

    FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4

    FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4

    FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V4

    layers callouts.

    By registering FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V4, i expect that classifyContext will be always valid in my classifyFn1 function.

    Is this expectation true? Or I have to use old

    FwpsPendOperation0

    FwpsCompleteOperation0

    mechanism with all additional packet cloning/injecting, header recalculation overhead to provide 100% proof pending mechanism?

    Thank you for reply.

     

    Zdenek

     

    Wednesday, February 9, 2011 1:51 PM

Answers

  • FwpsPendClassify And FwpsCompleteClassify are only able to be used on Win7's new layers (BIND_REDIRECT, CONNECT_REDIRECT, etc) which contain the classifyContext.

    For the other layers, you will need to use the FwpsPendOperation  / FwpsCompleteOperation APIs

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, February 10, 2011 5:52 PM
    Moderator