I’m developing a WFP callout driver for redirecting traffic to local proxy (user-mode).
- My user-mode app call
FwpmGetAppIdFromFileName0
then sends app id blob data (byte array) to my WFP callout driver. - Add filters with conditions:
FWPM_FILTER_CONDITION conditions[2] = { 0 }; int conditionIndex = 0; conditions[conditionIndex].fieldKey = FWPM_CONDITION_IP_PROTOCOL; conditions[conditionIndex].matchType = FWP_MATCH_EQUAL; conditions[conditionIndex].conditionValue.type = FWP_UINT8; conditions[conditionIndex++].conditionValue.uint8 = IPPROTO_TCP; conditions[conditionIndex].fieldKey = FWPM_CONDITION_ALE_APP_ID; conditions[conditionIndex].matchType = FWP_MATCH_EQUAL; conditions[conditionIndex].conditionValue.type = FWP_BYTE_BLOB_TYPE; conditions[conditionIndex++].conditionValue.byteBlob = appIdFromUserMode; filter.filterCondition = conditions; filter.numFilterConditions = sizeof(conditions) / sizeof(conditions[0]);
- Redirect to local proxy.
My question is:
When my target appId is "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
, it works well, all traffic will redirect by my local proxy.
But when target appId is "C:\Program Files (x86)\PacketSender\PacketSender.exe"
, my ClassifyFn callback of callout driver never called, so no traffic redirect to my local proxy.
And I try it with "C:\Program Files\internet explorer\iexplore.exe"
, A small part of traffic will redirect, but more parts not work.