JeSa

Is there a way to inject Outbound-Data immediately after the TCP Outbound-Connection is established, but before any other Traffic is signaled at FWPS_LAYER_STREAM_V4

I tried this in a Callout-Function for Layer FWPS_LAYER_ALE_FLOW_ESTABLISHED_V4 and FwpsStreamInjectAsync0 fails with STATUS_NOT_FOUND.
It works when i inject the Outbound-Data, on the first Inbound-Data at Layer FWPS_LAYER_STREAM_V4. But this doesn't solve my Problem since neither the Remote Application nor the Local Application sends any data immediately after connection establishment.



Re: Windows Filtering Platform (WFP) FwpsStreamInjectAsync0 at Layer FWPS_LAYER_ALE_FLOW_ESTABLISHED_V4

JeSa

The final answer from Omer@Microsoft:

Hi Jens,

What you are trying to achieve needs a complete bypass of the stream shim component of WFP, and thus the TCP state management it performs for callouts.

Unfortunately this scenario is not supported for Vista, I apologize if my previous mail misled you. This was not a design goal for WFP since it aims to serve as an inspection/modification platform. The workaround for you would be to trigger some traffic (on flow establishment) from a layer above TCP (Winsock e.g http://msdn2.microsoft.com/en-us/library/aa504179.aspx ) thus invoking the stream module once, and then continue as usual.

Hope this helps.

Thanks
Omer.