调用FwpsInjectNetworkSendAsync时出现问题 [英] problem with calling FwpsInjectNetworkSendAsync
问题描述
FwpsInjectNetworkSendAsync返回成功,但netBufferList中的状态从完成pfn是"STATUS_DATA_NOT_ACCEPTED"(0xC000021B)
FwpsInjectNetworkSendAsync returns success,but the Status in netBufferList from completion pfn is"STATUS_DATA_NOT_ACCEPTED"(0xC000021B)
我做了一些研究,人们只是说它发生在  ; netBufferList包含多个netbuffer。但这不是我的情况。
i've done some reseach,people just say it happens when the netBufferList contains more than one netbuffer. but it's not in my situation.
还有一件事,我多次调用FwpsInjectNetworkSendAsync,但问题只发生在第一次......之后它一直成功
one more thing,i call FwpsInjectNetworkSendAsync many times ,but the issue only occur at the first time..after that it succeed all the time
无论如何,我发现有一些线索:
anyway,there are some clues i found:
kd> dt netBufferList
Local var @ 0x8078ad80 Type _NET_BUFFER_LIST*
0x87276e48
+0x000 Next : (null)
+0x004 FirstNetBuffer : 0x87276ee8 _NET_BUFFER
+0x000 Link : _SLIST_HEADER
+0x008 Context : (null)
+0x00c ParentNetBufferList : (null)
+0x010 NdisPoolHandle : 0x868c7b80 Void
+0x018 NdisReserved : [2] (null)
+0x020 ProtocolReserved : [4] (null)
+0x030 MiniportReserved : [2] (null)
+0x038 Scratch : (null)
+0x03c SourceHandle : (null)
+0x040 NblFlags : 0
+0x044 ChildRefCount : 0n0
+0x048 Flags : 0x1200100
+0x04c Status : 0n0
+0x050 NetBufferListInfo : [13] (null)
kd> !ndiskd.nbl 0x87276e48
NBL 87276e48 Next NBL NULL
First NB 87276ee8 Source NULL
Flags 01200100 [Unrecognized flags 01200000]
↑ NBL_ALLOCATED
kd> dt netBufferList -r1
Local var @ 0x8d5d0a74 Type _NET_BUFFER_LIST*
0x87276e48
+0x000 Next : (null)
+0x004 FirstNetBuffer : 0x87276ee8 _NET_BUFFER
+0x000 Next : (null)
+0x004 CurrentMdl : 0x8738f198 _MDL
+0x008 CurrentMdlOffset : 0
+0x00c DataLength : 0x28
+0x00c stDataLength : 0x28
+0x010 MdlChain : 0x8738f198 _MDL
+0x014 DataOffset : 0
+0x000 Link : _SLIST_HEADER
+0x018 ChecksumBias : 0
+0x01a Reserved : 0
+0x01c NdisPoolHandle : 0x868c7b80 Void
+0x020 NdisReserved : [2] (null)
+0x028 ProtocolReserved : [6] (null)
+0x040 MiniportReserved : [4] (null)
+0x050 DataPhysicalAddress : _LARGE_INTEGER 0x0
+0x000 Link : _SLIST_HEADER
+0x000 Alignment : 0x87276ee8`00000000
+0x000 Next : _SINGLE_LIST_ENTRY
+0x004 Depth : 0x6ee8
+0x006 Sequence : 0x8727
+0x008 Context : (null)
+0x00c ParentNetBufferList : (null)
+0x010 NdisPoolHandle : 0x868c7b80 Void
+0x018 NdisReserved : [2] (null)
+0x020 ProtocolReserved : [4] (null)
+0x030 MiniportReserved : [2] (null)
+0x038 Scratch : (null)
+0x03c SourceHandle : (null)
+0x040 NblFlags : 0
+0x044 ChildRefCount : 0n0
+0x048 Flags : 0x1000100
+0x04c Status : 0n-1073741285
+0x050 NetBufferListInfo : [13] (null)
第一个netBufferList来自成功的情况,而后者则不是。
the first netBufferList comes from the successful situation, and the latter is not.
"Flags"是什么?说,因为windbg不能告诉..........
what does the "Flags" says, since the windbg cant tell..........
推荐答案
如果另一个过滤器丢弃了注入的数据包,IP标头格式错误或注入链,则可以获得DATA_NOT_ACCEPTED。你指出的标志是内部的,基本上表示克隆成功注入。
You can get DATA_NOT_ACCEPTED if another filter drops the injected packet, the IP header is mal formatted, or injection of a chain. The flag you indicate is internal and essentially indicates a successful injection of the clone.
希望这有帮助,
这篇关于调用FwpsInjectNetworkSendAsync时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!