Packet length (kmdf/umdf).

Hi,

In my kmdf (inspect/wfp) I’m counting packet input and output data:

void TLInspectFnClassify(
In const FWPS_INCOMING_VALUES* inFixedValues,
In const FWPS_INCOMING_METADATA_VALUES* inMetaValues,
Inout_opt void* layerData,
In_opt const void* classifyContext,
In const FWPS_FILTER* filter,
In UINT64 flowContext,
Inout FWPS_CLASSIFY_OUT* classifyOut
)
{
UNREFERENCED_PARAMETER(filter);
UNREFERENCED_PARAMETER(flowContext);

EventType eventType = FixedValueToEventType(inFixedValues);
BOOL associateContext = eventType == INSPECT_EVENT_ESTABILISHED;

if (eventType == INSPECT_EVENT_STREAM)
{
	KLOCK_QUEUE_HANDLE lockHandle;

	PFLOW_CONTEXT flowData = (PFLOW_CONTEXT)flowContext;

	if (flowData != NULL)
	{
		FWPS_STREAM_CALLOUT_IO_PACKET* ioPacket;
		FWPS_STREAM_DATA* streamData;

		ioPacket = (FWPS_STREAM_CALLOUT_IO_PACKET*)layerData;
		NT_ASSERT(ioPacket != NULL);

		streamData = ioPacket->streamData;
		NT_ASSERT(streamData != NULL);

		KeAcquireInStackQueuedSpinLock(&dataLenghtGuard, &lockHandle);

		flowData->DataLength = streamData->dataLength;

		if (inMetaValues->packetDirection == FWP_DIRECTION_OUTBOUND)
		{
			flowData->DataTotalLengthOut += streamData->dataLength;
		}
		else
		{
			flowData->DataTotalLengthIn += streamData->dataLength;
		}
                   ....

In DbgPrint I can see values DataTotalLengthOut, DataTotalLengthIn and DataLength.

In my umdf each time session is closed I would like to display above data:

BOOL dispatch_request(struct InspectTransportItem *request, const unsigned char *g_disp_buf){

if (request->EventType == INSPECT_EVENT_CLOSE) 
	{
		ZeroMemory(msg, MSG_MAX_LENGTH);
		
		sprintf_s(info, sizeof(info),  "IN:%u;OUT:%u",
			request->DataTotalLengthIn,
			request->DataTotalLengthOut
		 );
       .....

but those values are always 0’s.

I’m trying to debug this, but no success so far. How can I use DataTotalLengthIn/DataTotalLengthOut in my service (umdf)?

Thanks

You should get stream direction from streamData. The metadata.packetDirection is the tcp establish direction.

Hi,

I have made following modifcation of kmdf:

instead of :

   if (inMetaValues->packetDirection == FWP_DIRECTION_OUTBOUND)
                   {
			flowData->DataTotalLengthOut += streamData->dataLength;
		}
		else
		{
			flowData->DataTotalLengthIn += streamData->dataLength;
		}

I have:

     if(inFixedValues->incomingValue[FWPS_FIELD_STREAM_V4_DIRECTION].value.uint32 == FWP_DIRECTION_OUTBOUND)
		{
			flowData->DataTotalLengthOut += streamData->dataLength;
		}
		else
		{
			flowData->DataTotalLengthIn += streamData->dataLength;
		}

but still in my service, when I’m displaying DataTotalLengthIn/DataTotalLengthOut the value is 0.

I have also tried with:

     if (streamData->flags & FWPS_STREAM_FLAG_SEND)
		{
			flowData->DataTotalLengthOut += streamData->dataLength;
		}
		else if(streamData->flags & FWPS_STREAM_FLAG_RECEIVE)
		{
			flowData->DataTotalLengthIn += streamData->dataLength;
		}

but no success so far. Am I still doing something wrong?

Thanks

Try the last code. There may be some problems elsewhere .

Because none of my ideas doesn’t work I have a question. What is a right way to get DataTotalLengthOut and DataTotalLengthIn in service (umdf) on session close (request->EventType == INSPECT_EVENT_CLOSE)?