WFP callouts never get invoked

I am trying to write a test WFP driver, based upon MSNMNTR WDK same.

I register callbacks with FwpsCalloutRegister0() successfully, but none of them ever gets invoked…

What should be done is order to make sure that my 'Classify" function gets invoked, and how can I associate it with some particular layer? MSDN documentation does not seem to be helpfull at all here…

Anton Bassov

Take a look at the usermode application that comes with that sample and pay particular attention to these function calls:

FwpmCalloutAdd0
FwpmSublayerAdd0
FwpmFilterAdd0

These functions are documented in the Platform SDK.

Takin,

Thank you so much for your help - now I am getting somewhere (my callbacks are invoked), although few things are still left to be sorted out…

Regards

Anton Bassov

MSNMNTR filters based on Application on flow context layer… it works
when i tried with Internet Explorer…
xxxxx@hotmail.com wrote:

I am trying to write a test WFP driver, based upon MSNMNTR WDK same.

I register callbacks with FwpsCalloutRegister0() successfully, but none of them ever gets invoked…

What should be done is order to make sure that my 'Classify" function gets invoked, and how can I associate it with some particular layer? MSDN documentation does not seem to be helpfull at all here…

Anton Bassov


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


Kind Regards,
Niraj kumar Jha
Software Engineer
COMODO
www.comodo.com

I did look at the msnmntr sample early in the Vista beta, but I didn’t use
it as a guide building my WFP based driver. On the other hand, I do find
the WDK and SDK documentation helpful, but the annoying part is that the WFP
doc is spread across the WDK and SDK.

What has worked for me is the following. You can do some of this in user
mode, but in my case all of this is currently done in the driver.

FwpmEngineOpen0()
FwpmSubLayerAdd0() // Add my own sub layer
// result used in calls to FwpmFilterAdd0()

FwpmCalloutAdd0() // Add FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
FwpmFilterAdd0() // Add filter
FwpsCalloutRegister0() // Register callout

FwpmCalloutAdd0() // Add FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6
FwpmFilterAdd0() // Add filter
FwpsCalloutRegister0() // Register callout

FwpmCalloutAdd0() // Add FWPM_LAYER_STREAM_V4
FwpmFilterAdd0() // Add filter
FwpsCalloutRegister0() // Register callout

FwpmCalloutAdd0() // Add FWPM_LAYER_STREAM_V6
FwpmFilterAdd0() // Add filter
FwpsCalloutRegister0() // Register callout

FwpmEngineClose0()

I see new connections in the flow established callout where I grab the fixed
and meta values I want and associate those values with the flow by calling
FwpsFlowAssociateContext0().

In the stream callout I look at the flow data collected in the flow
established callout to determine what I want to do with the flow data.

-Preston

On 1/15/07 11:56 PM, “Niraj” wrote:

>
> MSNMNTR filters based on Application on flow context layer… it works
> when i tried with Internet Explorer…
> xxxxx@hotmail.com wrote:
>
>> I am trying to write a test WFP driver, based upon MSNMNTR WDK same.
>>
>> I register callbacks with FwpsCalloutRegister0() successfully, but none of
>> them ever gets invoked…
>>
>> What should be done is order to make sure that my 'Classify" function gets
>> invoked, and how can I associate it with some particular layer? MSDN
>> documentation does not seem to be helpfull at all here…
>>
>> Anton Bassov