none
Route internet traffic through specific interface in ALE layers. RRS feed

  • Question

  • Hello,

    I'm trying to implement what is called split tunneling. The main idea is to
    route internet traffic from the specific network interface depending on the application.

    My current approach is to register filter and callout at
    FWPS_LAYER_ALE_BIND_REDIRECT_v4. I set the local address to the address of the adapter I would like to route traffic through.

    Everything works great until the point when I try to make TCP connection to the socket listening on LOOPBACK interface.

    In FWPS_LAYER_ALE_BIND_REDIRECT_v4 layer remote address is yet unknown and I can't
    detect whether I should modify local address.

    I've tried to alter a local address at FWPS_LAYER_ALE_CONNECT_REDIRECT_V4 layer
    since at this layer remote address is known and I could make a decision.
    Sadly documentation states that only remote address and port can be modified.

    Is it possible to achieve this scenario in ALE layers or I should take a different route?
    Wednesday, August 7, 2019 12:03 PM

All replies

  • Hi,

    It is metioned in the document:

    • Because bind redirection is possible, it is not necessary to support local address and port modifications in a connect redirection. Changing the local address and port as part of connect redirection is not supported.

    Best regards,

    Drake


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, August 9, 2019 9:05 AM
    Moderator
  • Hey Drake,

    Thank you for your response.

    Yes. I have read about that in the documentation. Can you please advise which approach I should take? Is it possible to make it work in ALE layers or I should implement source address modification in packet level?

    Thank you for your help!
    Friday, August 9, 2019 11:10 AM
  • Not sure if I misunderstood your meaning. You could set the local address at FWPS_LAYER_ALE_BIND_REDIRECT_v4 and set remote address at FWPS_LAYER_ALE_CONNECT_REDIRECT_V4.

    Best regards,

    Drake


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, August 13, 2019 7:54 AM
    Moderator
  • Problem is that I would like to change local address at FWPS_LAYER_ALE_BIND_REDIRECT_v4 layer only if remote address is not 127.0.0.1.
    This would allow me to route internet traffic for specific applications from concrete network adapter but avoid rerouting loopback traffic.

    Since remote address is not yet available at FWPS_LAYER_ALE_BIND_REDIRECT_v4 layer I need somehow to accomplish this in other ALE layers but as far as I see I can't manipulate/change local address in other ALE layers. So is there a different approach I need to take to accomplish this?
    Tuesday, August 13, 2019 8:20 AM
  • Hey Drake,

    Do you have any suggestions?
    Wednesday, August 21, 2019 8:46 AM
  • Hi,

    I have escalated the problem and reported it to the Engineer concerned. He will continue to follow up this case.

    Best regards,

    Drake


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, August 26, 2019 1:51 AM
    Moderator
  • I'm interested in this as well. I've tried to find the solution for this exact problem with no luck. I hope you can help.
    Thursday, August 29, 2019 7:24 AM
  • Dear Drake,

    is there a followup to this issue? This is current a blocker for our development team.

    Best regards,

          Samuele


    Tuesday, September 10, 2019 12:32 PM