JeSa

Hi,

in a callout for OUTBOUND_TRANSPORT_V4 i will redirect the TCP connection to 127.0.0.1. FwpsInjectTransportSendAsync0 returns with STATUS_SUCCESS, but the Completion-function has (status member of Netbufferlist) STATUS_INVALID_ADDRESS_COMPONENT as result.

Everything works ok, if i use the DHCP-assigned address of the LAN interface instead of 127.0.0.1.

FwpsInjectTransportSendAsync0 has a parameter "compartmentId", which is the identifier of the routing compartment. I believe the id taken from the classify function does not match to the loop back interface, so how can i get the compartmentId for the loop back interface I don't like the idea to catch this id in a different callout, and store it in my driver for later use.

If i'm totally wrong, any hints for my problem

Thanks, Jens


Re: Windows Filtering Platform (WFP) Redirecting TCP to loop back interface

Anupama Vasanth[MSFT]

Hi Jens,

You cannot send a packet to a loopback address(127.x.x.x) from a non-loopback address. This is by design and hence the STATUS_INVALID_ADDRESS_COMPONENT error is valid.

The solution to the problem would be to use the DHCP assigned address of the LAN interface as you have done. Is there any way this solution can work for you Also, it would help if you can explain your scenario a little bit more to see if there is any other way you can do this.

Thanks,

anu






Re: Windows Filtering Platform (WFP) Redirecting TCP to loop back interface

JeSa

Hi Anu,

the background is, that i want to redirect all TCP connections to a local proxy process.

Anyway my problem cannot be solved with the loopback interface, since a TCP connection will not enter the stack (at least i did not see a FWPM_LAYER_ALE_AUTH_CONNECT_V4 event) when the LAN interface is unplugged. I believe there is something above WFP which checks for any available routes (or interfaces != loop back) and blocks then the TCP connection.

To use the DHCP assigned address of the LAN interface is not a fully functional solution if you have multiple interfaces (e.g. WiFi adapter). I believe - but did not test it - that in this case a packet from a WiFi adapter can not be injected for the LAN adapter. As long as the proxy process is not bound to a specific interface i can use the source ip address as destination address.

Thanks for your help,
Jens




Re: Windows Filtering Platform (WFP) Redirecting TCP to loop back interface

Biao Wang [MSFT]

Jens,

Your analysis is correct -- w/o ther presence of an interface, the tcp stack wouldn't be able to find the next-hop and hence will not attempt an connect.

You may want to research into WinSock LSP or TDI filters technology for a solution. They can intercept the socket connect() call and you should be able to proxy your connection during that context.

The long term goal of WFP is to be able to replace LSP/TDI, but we are not there yet.

Also you may want to research into developing a NDIS miniport driver that exposes a virutal NIC to windows which will be always "connected". With that, WFP should be able to accomplish rest of what you need.

Hope this helps,

Biao.W.





Re: Windows Filtering Platform (WFP) Redirecting TCP to loop back interface

JeSa

Hi,

since i want redirect remote file system access, a Winsock LSP or TSP is not appropriate. A TDI filter works only up to Windows XP. For Vista you have to use WFP and a NDIS driver together, unless there is a way to implement a Network Provider for WSK which fullfills these requirements:
- every user application and every WSK application is forced to use this Network Provider.
- this counts also for remote filesystem access. From my experience with WXP i know, that the remote filesystem access bypasses TDI when it comes to transfer data.

Documentation doesn't helped me with these points, maybe you can help me

Thanks for your efforts,

Jens




Re: Windows Filtering Platform (WFP) Redirecting TCP to loop back interface

Biao Wang [MSFT]

I would like to help but I am no expert on some of these areas (e.g. LSP/TDI/WSK). Below is according to best of my knowledge --

- TDI filters are still supported in Vista

- Only connections arriving over port 445 will bypass TDI filters (mainly for performance reasons)

- Currently there is no WSP-like support for WSK.

You may want to post your questions to Winsock/WSK related forums/newsgroups to see what other options are available for your project.

Biao.W.





Re: Windows Filtering Platform (WFP) Redirecting TCP to loop back interface

barry2255

the problem is that the router to connected to broadband is not able to get the ip address of the broad band server