none
[ FWP_CONDITION_FLAG_IS_xxx at ALE_RESOURCE_ASSIGNMENT_V4 layer ] RRS feed

  • Question

  • Hi,

    I m trying to filter at the ALE_RESOURCE_ASSIGNMENT_V4 layer. When connecting, my client does a connect, that should result in my callout at ALE_RESOURCE_ASSIGNMENT_V4 layer be called with FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_FLAGS set to IS_IMPLICIT_BIND, as specified in the doc. I noly see IS_WILDCARD_BIND specified, and I cannot differentiate between an explicit bind and an implicit one. I run vista with the sp1 installed, any idea?

    Thanks,

    Fabien.
    Thursday, January 31, 2008 8:22 AM

Answers

  • This is a day 1 bug.  FWP_CONDITION_FLAG_IS_IMPLICIT BIND will never be set.  We are looking at either removing the flag, or actually hooking it up in a future release.

     

    To help us make the determination, could you answer a few questions for us on your use?  Is there any particular reason why you are interested in this flag?  Are you actually interested in whether the application actually called bind, or whether the stack did it for them?  Would you base a decision on this or is it a stepping stone on how to proceed to get further information?

     

    Thanks

     

    Dusty

    Saturday, February 2, 2008 12:50 AM
    Moderator
  • You could request a hotfix from Microsoft PSS if this information is required per your design.

     

    Thanks,

    Biao.W.

     

    Saturday, February 2, 2008 5:18 AM
  • The flag is not set in Windows 7 as it was deemed not very useful.  Pre Win7, the flag could be set in some WSK scenarios.

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, December 16, 2009 1:41 AM
    Moderator

All replies

  •  

    IS_WILDCARD_BIND means the socket application invoked bind(0) before connect().

     

    IS_IMPLICIT_BIND means the socket application invokes connect() w/o calling bind(). IS_IMPLICIT_BIND implies a widecard bind because the port is picked from the dynamic range by the TCP/IP Stack.

     

    Thanks,

    Biao.W.

    Thursday, January 31, 2008 10:19 PM
  • Hi,

    thanks for your answer. I totally agree, but the fact is that I
    dont see the bit for IS_IMPLICIT_BIND(value == 0x200) in the
    flag, while I see the one for IS_WILDCARD_BIND(value == 0x8).
    I am sure my application does an implicit bind, since this is a
    client only calling connect().

    Any idea?

    Thanks for helping,
    Thursday, January 31, 2008 10:25 PM
  • This is a day 1 bug.  FWP_CONDITION_FLAG_IS_IMPLICIT BIND will never be set.  We are looking at either removing the flag, or actually hooking it up in a future release.

     

    To help us make the determination, could you answer a few questions for us on your use?  Is there any particular reason why you are interested in this flag?  Are you actually interested in whether the application actually called bind, or whether the stack did it for them?  Would you base a decision on this or is it a stepping stone on how to proceed to get further information?

     

    Thanks

     

    Dusty

    Saturday, February 2, 2008 12:50 AM
    Moderator
  • You could request a hotfix from Microsoft PSS if this information is required per your design.

     

    Thanks,

    Biao.W.

     

    Saturday, February 2, 2008 5:18 AM
  • hi,

    Thanks for the replies, as well as pointing the issue.

    To make things short, I have an old(ie. pre wfp) kernel mode
    application that hooks the bind deviceiocontrol tcpip.syssyscall
    in order to know about the client or server behaviour of the upperlying
    process using TCP sockets. I know that this is not the right thing to do,
    since a client application may call bind, but it is how it works.

    Since I am migrating the driver to Vista and WFP, I would like to
    stay backward compatible. Without the implicit bind flag, I dont
    know if the application is actually calling bind, or if it is an implicit
    one.

    I talked to my team about this issue a few days ago, and it is possible
    we have a workaround, so it may not be a great deal if WFP doesnot expose
    this flag...

    Feel free to ask any questions,

    Thanks for helping,

    Fabien.
    Saturday, February 2, 2008 10:54 PM
  • Hi,

    I am using Vista Enterprise SP2 and I still have the bug, the flag FWP_CONDITION_FLAG_IS_IMPLICIT BIND is never set.
    I'd like to know what is the situation of this flag. Is it working on windows 7 or has it been removed ?

    Thanks in advance, Cyril

    Monday, December 14, 2009 3:06 PM
  • The flag is not set in Windows 7 as it was deemed not very useful.  Pre Win7, the flag could be set in some WSK scenarios.

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, December 16, 2009 1:41 AM
    Moderator
  • Hi,

    I have the same issue, 10 years later.

    I'm on windows 10 and I want to filter at the ALE_RESOURCE_ASSIGNMENT_V4 layer.

    But I can't distinguish the following 3 cases in the callout :

    - #1: bind explicit (server binding a given port)

    - #2: implicit bind before connect (client)

    - #3: bind dynamic (server binding with port 0 which request to the OS an available port)

    For the cases #2 (bind implicit from connect) and #3 (bind dynamic), i have exactly the same information:

    - from field FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_PORT:  the local port is set to a value given by the OS,

    - from field FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_ADDRESS: the local address is set to WFP_EMPTY,

    - from field FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_FLAGS: the only flag sets is 0x8 (FWP_CONDITION_FLAG_IS_WILDCARD_BIND).

    So I'm not able to differentiate these 2 cases. I'm very surprised that I can't distinguish an implicit bind from a Connect compared to a real bind (dynamic or not). And why the flag IS_IMPLICIT_BIND is not set for the case #2 (bind implicit from connect)?



    • Edited by FRZ69 Wednesday, December 18, 2019 8:18 AM
    Tuesday, December 17, 2019 3:21 PM