Hi,
I downloaded the WFP inspection sample from https://code.msdn.microsoft.com/windowshardware/Windows-Filtering-Platform-fbce2ebf and made some changes to handle only TCP traffic by adding these filter conditions
filterConditions[conditionIndex].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
filterConditions[conditionIndex].conditionValue.type = FWP_UINT8;
filterConditions[conditionIndex].conditionValue.uint8 = IPPROTO_TCP;
filterConditions[conditionIndex].matchType = FWP_MATCH_EQUAL;
When i try to run put command in ftp i am getting this error
C:\Users\Administrator>ftp xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xx.
220 (vsFTPd 2.0.5)
User (xxx.xxx.xxx.xxx:(none)): root
331 Please specify the password.
Password:
230 Login successful.
ftp> put c:\abc.txt
200 PORT command successful. Consider using PASV.
150 Ok to send data.
Connection closed by remote host.
When i remove the Transport layer, ftp runs normally, hence my question is do we have to do anything specific in case of FTP in transport layer. I came across this link https://msdn.microsoft.com/en-us/library/windows/desktop/bb451830(v=vs.85).aspx where the TCP packet flow is described, it is mentioned that for Data transmitted over a TCP connection, transport layer as well FWPM_LAYER_STREAM_V4 come into play.
Kindly apprise me what is amiss here.
Thanks
Debbrat
On 18-Feb-2015 06:36, xxxxx@yahoo.com wrote:
ftp> put c:\abc.txt
200 PORT command successful. Consider using PASV.
So have you tried the passive mode as suggested?
– pa
Thanks for replying Pavel
Yes i have tried, result was same.
The file is copied to the FTP but the connection gets closed. Our WFP driver is based on the sample hence i thought of running the sample first and it comes out that sample inspection driver is facing this problem too.
We are facing this issue in the customer environment and when they try to run a batch file which copies multiple files it does not work, as after one copy operation connection gets closed. One of the workaround is changing data_connection_timeout value on ftp server to shorter value, it causes no problems but it is not acceptable by the customer.
Network analyzer helps a lot.
Why is a close? due to RST packet? from client to server? or from server to client? and what was wrong in a packet preceding the RST?
Try to avoid filtering of control connection in the driver. Will it still close?
Try to switch the driver to the dumb no-op mode. Will it still close?
The easy-to-repro bugs of such kind are also easy to be found.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> Thanks for replying Pavel
>
> Yes i have tried, result was same.
>
> The file is copied to the FTP but the connection gets closed. Our WFP driver is based on the sample hence i thought of running the sample first and it comes out that sample inspection driver is facing this problem too.
> We are facing this issue in the customer environment and when they try to run a batch file which copies multiple files it does not work, as after one copy operation connection gets closed. One of the workaround is changing data_connection_timeout value on ftp server to shorter value, it causes no problems but it is not acceptable by the customer.
>
>
>
Thanks Maxim for your reply.
I had checked the logs of client and ftp server also, here they are
server:
tcp 1 0 155.35.114.83:ftp 155.35.114.81:49178 CLOSE_WAIT
tcp 0 1 155.35.114.83:ftp-data 155.35.114.81:49179 LAST_ACK
client:
TCP 155.35.114.81:49178 155.35.114.83:ftp FIN_WAIT_2
TCP 155.35.114.81:49179 155.35.114.83:ftp-data TIME_WAIT
I also ran TCPView, once i ran the put command in FTP, after a long delay it changed from ESTABLISHED to FIN_WAIT2.
Thanks
Debbrat