Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

WFP: Associating a flowContext at ALE_CONNECT layer

john-7john-7 Member Posts: 13

I am writing a WFP driver to perform deep inspection at the Stream layer.
A context is associated at ALE_CONNECT (Connect layer) using FwpsFlowAssociateContext.
There is a specific need to associate a context in the Connect layer.

However for FlowEstablishedClassify or StreamClassify callouts, WFP passes the flowContext as 0.
Hence I am not able to dereference my context and perform the deep inspection at the stream layer.
Please let me know if there is anything I am missing here.
When the flow gets closed WFP calls AleConnectFlowDeleteFn() with the correct context which wad allocated during AleConnectClassify()

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE