The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I have an issue with handling dual-stack sockets in my driver with WFP callouts.
The driver performs out-of-band inspection:
For now the worker thread just injects cloned packets back to the stream.
The test application sends WOL packets by using UDP:
When the test application uses only IPv4 (192.168.56.25), the following callouts are executed in the driver:
In this case the another PC receives a network packet (I'm using Wireshark to check that).
When the test application configures a dual-stack socket and uses IPv6 (::FFFF:ACA8:3819, the same test PC), the second FWPM_LAYER_DATAGRAM_DATA_V4 isn't called. The FwpsInjectTransportSendAsync0 returns SUCCESS, the completion routine is executed, but NET_BUFFER_LIST status is SUCCESS too. Also FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V4 is not called (in this callout I postpone closing the socket by using FwpsPendClassify0). As a result, a network packet is not delivered to another PC.
I'm not interested in handling IPv6 in my driver, so there are no IPv6 callouts registered. Also I haven't seen this issue with TCP or when I modified the application to sleep some time before closing the socket.
Does anyone know why FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V4 is not called in this case? Or there are some special rules to handle dual-sockets in WFP driver?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Internals & Software Drivers||15 November 2021||Live, Online|
|Writing WDF Drivers||24 January 2022||Live, Online|
|Developing Minifilters||7 February 2022||Live, Online|
|Kernel Debugging||21 March 2022||Live, Online|