locked
Why should asynchronous processing not be done for ALE classify marked packets? RRS feed

  • Question

  • Hi,

    I have 2 long pending doubts on ALE classify:

    1. I understand ALE classify and its processing but do not understand "A callout driver must not perform asynchronous processing of packets that require ALE classify processing at an incoming (inbound) transport layer....". statement.

    If ALE classify marked packets are not processed asynchronously  then what would be side effect in traffic processing? What should be side effect on Windows firewall/System components and other 3rd party WFP drivers?

    2. Which/How component sets ALE classify flag in packets and how is it decided? For an example. I set callout and filter at port 53+UDP+TRANSPORT_INBOUND. I see only few incoming DNS packets are marked for ALE, not all. So I could not understand what is happening inside system.

    Could you please explain me?


    Regards,
    Anand Choubey

    P.S.: Complete paragraph from http://msdn.microsoft.com/en-us/library/windows/hardware/ff570203(v=vs.85).aspx

    INBOUND_TRANSPORT Layers

    A callout driver must not perform asynchronous processing of packets that require ALE classify processing at an incoming (inbound) transport layer (FWPS_LAYER_INBOUND_TRANSPORT_V4 orFWPS_LAYER_INBOUND_TRANSPORT_V6). Doing this can interfere with flow creation. When WFP calls the classifyFn callout function at an incoming transport layer, it sets theFWPS_METADATA_FIELD_ALE_CLASSIFY_REQUIRED flag for those packets that require ALE classify processing. A callout driver should permit such packets from an INBOUND_TRANSPORT layer and should defer processing them until they reach an ALE_RECV_ACCEPT layer.

    Thursday, December 11, 2014 5:59 PM