TCP Packet from specific App not being indicated to ALE_CONECT_REDIRECT layer,

TCP Packet from specific App not being indicated to ALE_CONECT_REDIRECT layer, however i see packet on ALE_AUTH_CONNECT layer.

Is it possible you have only registered your callout @ IPV4 and it is either a IPV6 flow or a mapped ipv4 flow (dual socket - which is also indicated at IPV6). IIRC there are subtle differences in the layers at which this traffic is invoked.
J

Yes Currently our software do not support IPv6 so we only register IPv4 layer however I registered for testing purpose as i was not getting packet indicated.
Some other interesting fact after disabling IPv6 stack by using HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
DisabledComponent =>0xffffffff, but IPv6 checkbox on Adapter was still checked.

I am still seeing IPv6MappedV4 packet in IPv6 ALE_CONNECT_REDIRECT Layer.

Yes Currently our software do not support IPv6 so we only register IPv4 layer
You will almost certainly still want to register at the _V6 connect redirect layer but ignore “true” ipv6. If you don’t do this then any application that uses dual sockets to connect to an ipv4 address (::ffff:xx.yy.zz.gg) will bypass your application. IIRC this will include any application written in Java.

As for why you’re not seeing tcp flows from your “certain” application. My first thoughts are:

  1. Your filters are wrong
  2. There’s conflicting software on the box that has already rejected your flow at AUTH_CONNECT

Have you registered at AUTH_CONNECT? What access rights is your callout invoked with?
J

I have seen logs no other software rejecting the packet , I have fixed the issue now dual stack socket that connect to ::ffff:1.2.3.4 always gets packet to IPv6.