Skip to main content

FwpsFlowAssociateContext does not work as expected after FwpsFlowRemoveContext RRS feed

  • Question

  • Tested environments:  Windows-2008R2, Windows 2012, Windows2012R2

    Consider following scenario:

    1. Flow X start and driver-A Flow-Establish-V4 clasiifyFn associate context FwpsFlowAssociateContext with its stream-V4 callout.

    2. Driver-A remove context (FwpsFlowRemoveContext) for flow X.

    3. Driver-B started and add filters & callouts at ale-auth-recv-accept, flow-establish & stream layers.

    4. Flow X packet classified to driver-B ale-auth-recv-accept classifyFn for re-authorization due to  policy change and context is being associated successfully with driver-B stream-V4 callout.

    5. Driver-B Stream-V4 classifyFn receives packets of flow X but flowContext input parameter is NULL and not the new context associated (step 4).

    6. When connection is being terminated, Driver-B Stream-V4 flowDeleteFn is being called by Filter engine with associated context from step 4.

    The problems from the above behavior is that driver-B which implement Mid-stream inspection:

    1. can't rely on flowContext mechanism since other driver might call FwpsFlowRemoveContext.

    2. Shouldn't register its stream callout with FWP_CALLOUT_FLAG_CONDITIONAL_ON_FLOW to get better performancesince if it does , its stream-V4 classifyFn won't receive mid-stream traffic at all for flows that their context association made after context removal (by any\other driver).

    Another simple test gave same results:

    1)associate context 2)remove context 3) associate context again on same driver, stream classifyFn receives NULL in flowContext input parameter.

    Anyone have an idea why context mechanism does not work after FwpsFlowRemoveContext called once?



    Monday, December 22, 2014 2:50 PM

All replies

  • I have found same as you.

    I need to associate context with flow for throttling speedy incoming connections. When I call removeContext, is not possible associate context again to same flow.

    I use solution to associate context only once and leave it alive during whole connection life. Then, it is definitely a bug in WFP engine.

    But I'm surprised that this bug persist unload/load sequence. It's new for me and doesn't make sense...

    Tuesday, February 17, 2015 12:47 PM
  • Same issue to me..
    Sunday, August 18, 2019 2:19 PM
  • Same issue to me..
    Tuesday, August 20, 2019 10:16 AM