标注不会阻止我的流量 [英] Callout is not blocking my traffic
问题描述
hi
我有一个问题
我注册了一个 wfp过滤器驱动程序中的标注
i register a callout in wfp filter driver
通过FWPM_LAYER_ALE_AUTH_CONNECT_V4我在ALEConnectClassify中注册一个标注ALEConnectClassify
by FWPM_LAYER_ALE_AUTH_CONNECT_V4 i register a callout ALEConnectClassify
我想通过一些防火墙规则来阻止数据包
in ALEConnectClassify i want to block a packet by some rules of firewall
ALEConnectClassify(
IN const FWPS_INCOMING_VALUES0 * inFixedValues,
IN const FWPS_INCOMING_METADATA_VALUES0 * inMetaValues,
IN OUT void * layerData,
IN const FWPS_FILTER0 * filter,
IN UINT64 flowContext,
OUT FWPS_CLASSIFY_OUT0 * classifyOut
)
ALEConnectClassify(
IN const FWPS_INCOMING_VALUES0* inFixedValues,
IN const FWPS_INCOMING_METADATA_VALUES0* inMetaValues,
IN OUT void* layerData,
IN const FWPS_FILTER0* filter,
IN UINT64 flowContext,
OUT FWPS_CLASSIFY_OUT0* classifyOut
)
{
       NTSTATUS状态;
NTSTATUS status;
if(matchrules(inMetaValues))
if (matchrules(inMetaValues))
{
{
classifyOut-> actionType = FWP_ACTION_BLOCK;
classifyOut-> rights& = ~FWPS_RIGHT_ACTION_WRITE;
classifyOut->actionType = FWP_ACTION_BLOCK;
classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
}
}
否则
else
{
{
classifyOut-> actionType = FWP_ACTION_PERMIT;
classifyOut->actionType = FWP_ACTION_PERMIT;
}
}
返回;
return;
}
如果规则是远程端口== 80 我将bock网络数据包
if the rule is remote port == 80 i will bock the web packet
但它不会阻止网络数据包
but it not block the web packet
帮助 我不使用过滤条件
help and i not use filter condition
推荐答案
matchrules()做什么用? 你的标注中没有任何内容可以决定你阻止哪个端口(此信息位于inFixedValues和layerData中)。
What does matchrules() do? There is nothing in your callout which could determine which port you are blocking (this info is in inFixedValues and the layerData).
一旦我知道了matchrules()的作用,我可以进一步帮助你。
Once I know what matchrules() does, I can assist you further.
谢谢,
这篇关于标注不会阻止我的流量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
