I am implementing a callout routine for WFP driver doing connection redirection. I have registered at the FWPS_LAYER_ALE_CONNECT_REDIRECT_V4 layer. Everything is working fine. When I am trying to get the local IP address for the connection, I always get it as 0. Is this expected? I am redirecting the connection to local service.
local_ip = RtlUlongByteSwap(inFixedValues->incomingValue
[FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_LOCAL_ADDRESS])
IN const FWPS_INCOMING_VALUES *inFixedValues received as parameter for callout routine.
The same is the case for user sid. It always comes like s-1-0-0 which is basically invalid sid
I am fetching user's sid blob as
inFixedValues->incomingValue[FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ALE_PACKAGE_ID].value.sid
Need help in understanding is this expected behavior or something I am missing here!
thanks
This isn't documented behavior as far as I know, but I've seen this callout be invoked twice for UDP connections: the first time with zero-values for the local address and port and the second time with actual values. It's been reported here and here. I work around it by checking the address and port fields for zero-values and ignoring the callout in that case.