I am creating a simple application firewall using ALE CONNECT & RECV_ACCEPT as a project to understand and get some experience with WFP, to get verdict from usermode FwpsPendOperation and FwpsCompleteOperation are used to defer the processing. But reading the documentation i couldn't understand how to clone and reinject packets in ALE_AUTH Layer. kindly guide me.
To complete a connection that was previously pended at the
FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_ Xxx layer, the callout driver
must reinject the packet that was cloned at that layer as well as call the
FwpsCompleteOperation0 function.
Any pended packet data is flushed from memory when the FwpsPendOperation0
function completes, so applications must retransmit those packets after
FwpsCompleteOperation0 runs. Callouts could buffer such data and reinject
the data on their behalf.