Expand Minimize

FwpsInjectTransportSendAsync0 function

The FwpsInjectTransportSendAsync0 function injects packet data from the transport, datagram data, or ICMP error layers into the send data path.

Note  FwpsInjectTransportSendAsync0 is the specific version of FwpsInjectTransportSendAsync used in Windows Vista and later. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 7, FwpsInjectTransportSendAsync1 is available.

Syntax


NTSTATUS NTAPI FwpsInjectTransportSendAsync0(
  _In_      HANDLE injectionHandle,
  _In_opt_  HANDLE injectionContext,
  _In_      UINT64 endpointHandle,
  _In_      UINT32 flags,
  _In_opt_  FWPS_TRANSPORT_SEND_PARAMS0 *sendArgs,
  _In_      ADDRESS_FAMILY addressFamily,
  _In_      COMPARTMENT_ID compartmentId,
  _Inout_   NET_BUFFER_LIST *netBufferList,
  _In_      FWPS_INJECT_COMPLETE0 completionFn,
  _In_opt_  HANDLE completionContext
);

Parameters

injectionHandle [in]

An injection handle that was previously created by a call to the FwpsInjectionHandleCreate0 function.

injectionContext [in, optional]

An optional handle to the injection context. If specified, it can be obtained by calling the FwpsQueryPacketInjectionState0 function when the packet injection state FWPS_PACKET_INJECTION_STATE is FWPS_PACKET_INJECTED_BY_SELF or FWPS_PACKET_PREVIOUSLY_INJECTED_BY_SELF.

endpointHandle [in]

A handle that indicates the stack transport endpoint in the send data path into which the packet is to be injected. This endpoint handle is provided to a callout through the transportEndpointHandle member of the FWPS_INCOMING_METADATA_VALUES0 structure that is passed to the callout driver's classifyFn callout function. Callout drivers should use the provided handle to inject cloned packets back into the data path as soon as possible, before the socket associated with the stack endpoint is closed and the handle becomes no longer valid.

flags [in]

Reserved. Callout drivers must set this parameter to zero.

sendArgs [in, optional]

A pointer to a FWPS_TRANSPORT_SEND_PARAMS0 structure that specifies the properties of the current outbound packet. Can be NULL only if the net buffer list to be injected contains an IP header (for example, if the packet is sent via a raw socket).

addressFamily [in]

One of the following address families:

AF_INET

The IPv4 address family.

AF_INET6

The IPv6 address family.

compartmentId [in]

The identifier of the routing compartment into which the packet data is injected, specified as a COMPARTMENT_ID type. This identifier is provided to a callout through the compartmentId member of the FWPS_INCOMING_METADATA_VALUES0 structure that is passed to the callout driver's classifyFn callout function. If the compartmentId member is available to callouts, FWPS_METADATA_FIELD_COMPARTMENT_ID will be set in the currentMetadataValues member. Otherwise, set this parameter to UNSPECIFIED_COMPARTMENT_ID.

netBufferList [in, out]

A pointer to a NET_BUFFER_LIST structure that describes the packet data that is being injected. A callout driver allocates a NET_BUFFER_LIST structure to use to inject packet data by calling either the FwpsAllocateCloneNetBufferList0 function or the FwpsAllocateNetBufferAndNetBufferList0 function.

completionFn [in]

A pointer to a completionFn callout function provided by the callout driver. The filter engine calls this function after the packet data, described by the netBufferList parameter, has been injected into the network stack.

completionContext [in, optional]

A pointer to a callout driver-provided context that is passed to the callout function pointed to by the completionFn parameter. This parameter is optional and can be NULL.

Return value

The FwpsInjectNetworkSendAsync0 function returns one of the following NTSTATUS codes.

Return codeDescription
STATUS_SUCCESS

The packet data injection was initiated successfully. The filter engine will call the completion function after the filter engine has completed injecting the packet data into the network stack, or when an error occurred subsequently. In case of an error, the Status member of the completed NET_BUFFER_LIST structure will indicate the reason for failure.

STATUS_FWP_TCPIP_NOT_READY

The TCP/IP network stack is not ready to accept injection of packet data.

STATUS_FWP_INJECT_HANDLE_CLOSING

The injection handle is being closed.

Other status codes

An error occurred.

 

Remarks

A callout driver calls the FwpsInjectNetworkSendAsync0 function to inject packet data from the transport, datagram data, or ICMP error layers into the send data path. At these layers, the IP header might not yet be formed, and when IPsec policy is active, the packet data is not encrypted or signed. Therefore, this function is ideal to use for packet inspection in an IPsec-enabled environment.

This function can execute asynchronously.

If the return value is not STATUS_SUCCESS, the completion function will not be called. In this case, the net buffer list pointed to by netBufferList needs to be freed by a call to FwpsFreeNetBufferList0 or FwpsFreeCloneNetBufferList0.

Callout drivers normally inject data into the network stack when they modify packet data. For more information about how a callout driver can modify packet data, see Callout Driver Operations.

The injected packet can be indicated to the callout driver again. To prevent infinite looping, the driver should first call the FwpsQueryPacketInjectionState0 function before calling the classifyFn callout function, and permit packets that have the injection state FWPS_PACKET_INJECTION_STATE set to FWPS_PACKET_INJECTED_BY_SELF or FWPS_PACKET_PREVIOUSLY_INJECTED_BY_SELF.

The endpointHandle parameter, as well as members declared in the FWPS_TRANSPORT_SEND_PARAMS0 structure pointed to by the sendArgs parameter, are provided to callouts from the following network layers:

FWPS_LAYER_OUTBOUND_TRANSPORT_V4

FWPS_LAYER_OUTBOUND_TRANSPORT_V6

FWPS_LAYER_DATAGRAM_DATA_V4 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)

FWPS_LAYER_DATAGRAM_DATA_V6 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)

FWPS_LAYER_OUTBOUND_ICMP_ERROR_V4

FWPS_LAYER_OUTBOUND_ICMP_ERROR_V6

The datagram belongs to a raw socket if both of the following are true:

At the following network layers, if the datagram belongs to a raw socket, the net buffer list pointed to by netBufferList must be adjusted to start at the IP header (which must be prepended to the net buffer list):

  • FWPS_LAYER_DATAGRAM_DATA_V4 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)

  • FWPS_LAYER_DATAGRAM_DATA_V6 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)

Requirements

Version

Available starting with Windows Vista.

Header

Fwpsk.h (include Fwpsk.h)

IRQL

<= DISPATCH_LEVEL

See also

classifyFn
completionFn
FWPS_INCOMING_METADATA_VALUES0
FWPS_PACKET_INJECTION_STATE
FWPS_TRANSPORT_SEND_PARAMS0
FwpsAllocateCloneNetBufferList0
FwpsAllocateNetBufferAndNetBufferList0
FwpsFreeCloneNetBufferList0
FwpsFreeNetBufferList0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsInjectTransportSendAsync1
FwpsQueryPacketInjectionState0
NET_BUFFER_LIST

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft