Port TDI filter driver to WFP framework, analog of CompletionRoutine in WFP RRS feed

  • Question

  • I have an old legacy TDI filter driver, but it has some problems with stability, and I want to port its functions to the WFP framework.
    A general question is: how I can get an operation result, like in TDIi?
    As example:
    In TDI driver, I have IRP_MJ = TDI_CONNECT or IRP_MJ_CREATE, and I can set CompletionRoutine for this Irp, and in that routine, I can read operation status(SUCCESS or other error), and I need to do this using the WFP framework.

    I tried to set FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 and FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4_DISCARD callouts and used first for successful operation, other for unsuccessful operations, but the second callout doesn't work at all, it never called. The first is works but seems that it's working with all operations successful and not.
    I used a test program, which just pings some undefined hosts(so no answer got, operation end with timeout) and after that ping known, real host(which send answer), but I don't understand how I can distinguish these operations by status...

    I can't find or understand how does analogs of CompletionRoutine have the WFP framework, can you please prompt me?

    Thursday, December 10, 2020 6:56 AM

All replies