Hi
I have a MUX 1:1 driver sitting on top on the real NIC driver.
Setup has 2 machines connected back to back (static IPs). Both have NetMon on them.
I am using Winsock to send a UDP pkt from machine_2 to machine_1 mux_driver.
I see the pkt in Netmon on both sides (i.e. my mux driver doesn’t drop instead does a proper NdisMIndicateReceiveNetBufferLists() or pkt contents are not garbled etc.)
But the KeWait() (after WskReceiveFrom()) I have on machine_1 for this UDP packet doesn’t get satisfied and eventually returns STATUS_IO_TIMEOUT.
I briefly tried TCP connection socket. The issue is the same. WskAccept() fails.
I used below cmd to collect netsh trace on machine_1.
netsh trace start ndis globallevel=0xff capture=yes capturemultilayer=yes
Following section from netevents.xml seems to be my pkt and it has FWPM_NET_EVENT_TYPE_CLASSIFY_DROP identifier on it.
Looks like somebody dropped my pkt, probably NDIS, tcp/ip.sys?
I even disabled all protocols (except Netmon, ipv4), still I see this pkt drop.
The destination port (i.e. the listening port on machine_1 is a well known port if that means anything here. But I used a ephemeral port as well, see same behavior.).
Please let me know
-
Whether that identifier implies NDIS (or who?) dropped the pkt? thereby not having the pkt reach whom - tcpip.sys or afd.sys ?
-
Are there any other means/tools to debug this to point to which OS component dropped the pkt?
-
Below capture was for ipv4. So not sure what some of below FWPM_NET_EVENT_FLAG_*_SET mean.
-
-
2015-10-28T00:13:27.475Z
-
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
FWPM_NET_EVENT_FLAG_APP_ID_SET
FWPM_NET_EVENT_FLAG_USER_ID_SET
FWPM_NET_EVENT_FLAG_IP_VERSION_SET
FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
FWP_IP_VERSION_V4
17
192.168.1.10
192.168.1.20
4791
56465
0
-
530079007300740065006d000000
S.y.s.t.e.m…
S-1-5-18
FWP_AF_INET
S-1-0-0
FWPM_NET_EVENT_TYPE_CLASSIFY_DROP
-
67183
44
0
1
1
MS_FWP_DIRECTION_OUT
false
0
0