Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter “outbound and !loopback” not effective at WINDIVERT_LAYER_SOCKET #268

Open
BruceMok opened this issue Jan 27, 2021 · 1 comment
Open

Filter “outbound and !loopback” not effective at WINDIVERT_LAYER_SOCKET #268

BruceMok opened this issue Jan 27, 2021 · 1 comment

Comments

@BruceMok
Copy link

Base on socketdump.c, i set filter like "outbound and !loopback". It seems like filter not effective because i still receive loopback event.

CLOSE pid=17796 program=msedge.exe endpoint=1208670 parent=1208662 protocol=TCP local=[127.0.0.1]:51128 remote=[127.0.0.1]:5021
@basil00
Copy link
Owner

basil00 commented Feb 9, 2021

I can confirm this problem. It seems to only occur for "close" events.

Looking at the code, it is not obvious what the cause is. The WinDivert driver considers the event to be loopback if the FWP_CONDITION_FLAG_IS_LOOPBACK flag is set for FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_FLAGS. So it seems the flag is not set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@basil00 @BruceMok