locked
StreamV4Classify Function not called on Windows Server 2012 for Loopback Traffic RRS feed

  • Question

  • I have a WFP callout driver that monitors TCP V4/V6 streams.  It works fine on Windows 2008, 2008 R2 but one particular part no longer works on Windows Server 2012.  If I initiate a connection from the local server to the local server (for instance an SQL connection), my V4 Flow Established callout is invoked, but the V4 Stream Classify function is never called.  I set a breakpoint in the flow callout and the driver is successfully associating a context with the flow and is returning FWP_ACTION_PERMIT.  I set a breakpoint in the V4 stream classify function and it is never hit.

    The stream callout is defined as:

    const FWPS_CALLOUT0 StreamV4Callout =
    {
    	STREAM_V4_GUID,
    	FWP_CALLOUT_FLAG_CONDITIONAL_ON_FLOW,
    	StreamV4Classify,
    	StreamV4Notify,
    	StreamV4FlowDelete
    };
    

    The flow delete function is also being called when the connection goes away.

    Has anyone else seen this behavior?  Any ideas?

    Thanks

    Chris

    Tuesday, October 23, 2012 1:34 PM