I have registered a callout on FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4. This filtering layer allows for authorizing transport port assignments, bind requests, promiscuous mode requests, and raw mode requests.
I want to detect if the application wants an specific port or if the port is assigned by the OS.
The information that I can use in the classify function is here: dttp://msdn.microsoft.com/en-us/library/windows/hardware/ff551266(v=vs.85).aspx
The remarks sections says:
For the case of an implicit bind, the local address and port information might not be available. In this situation, the FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_ADDRESS_TYPE, and/or FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_PORT data fields might be of type FWP_EMPTY.
Any suggestions?
Thanks in advance,
Julian