FwpsInjectTransportSendAsync0 function

The FwpsInjectTransportSendAsync0 function injects packet data from the transport, datagram data, or ICMP error layers into the send data path.

Note  FwpsInjectTransportSendAsync0 is the specific version of FwpsInjectTransportSendAsync used in Windows Vista and later. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 7, FwpsInjectTransportSendAsync1 is available.
 

Syntax

NTSTATUS FwpsInjectTransportSendAsync0(
  HANDLE                      injectionHandle,
  HANDLE                      injectionContext,
  UINT64                      endpointHandle,
  UINT32                      flags,
  FWPS_TRANSPORT_SEND_PARAMS0 *sendArgs,
  ADDRESS_FAMILY              addressFamily,
  COMPARTMENT_ID              compartmentId,
  NET_BUFFER_LIST             *netBufferList,
  FWPS_INJECT_COMPLETE0       completionFn,
  HANDLE                      completionContext
);

Parameters

injectionHandle

An injection handle that was previously created by a call to the FwpsInjectionHandleCreate0 function.

injectionContext

An optional handle to the injection context. If specified, it can be obtained by calling the FwpsQueryPacketInjectionState0 function when the packet injection state FWPS_PACKET_INJECTION_STATE is FWPS_PACKET_INJECTED_BY_SELF or FWPS_PACKET_PREVIOUSLY_INJECTED_BY_SELF.

endpointHandle

A handle that indicates the stack transport endpoint in the send data path into which the packet is to be injected. This endpoint handle is provided to a callout through the transportEndpointHandle member of the FWPS_INCOMING_METADATA_VALUES0 structure that is passed to the callout driver's classifyFn callout function. Callout drivers should use the provided handle to inject cloned packets back into the data path as soon as possible, before the socket associated with the stack endpoint is closed and the handle becomes no longer valid.

flags

Reserved. Callout drivers must set this parameter to zero.

sendArgs

A pointer to a FWPS_TRANSPORT_SEND_PARAMS0 structure that specifies the properties of the current outbound packet. Can be NULL only if the net buffer list to be injected contains an IP header (for example, if the packet is sent via a raw socket).

addressFamily

One of the following address families:

AF_INET

The IPv4 address family.

AF_INET6

The IPv6 address family.

compartmentId

The identifier of the routing compartment into which the packet data is injected, specified as a COMPARTMENT_ID type. This identifier is provided to a callout through the compartmentId member of the FWPS_INCOMING_METADATA_VALUES0 structure that is passed to the callout driver's classifyFn callout function. If the compartmentId member is available to callouts, FWPS_METADATA_FIELD_COMPARTMENT_ID will be set in the currentMetadataValues member. Otherwise, set this parameter to UNSPECIFIED_COMPARTMENT_ID.

netBufferList

A pointer to a NET_BUFFER_LIST structure that describes the packet data that is being injected. A callout driver allocates a NET_BUFFER_LIST structure to use to inject packet data by calling either the FwpsAllocateCloneNetBufferList0 function or the FwpsAllocateNetBufferAndNetBufferList0 function.

completionFn

A pointer to a completionFn callout function provided by the callout driver. The filter engine calls this function after the packet data, described by the netBufferList parameter, has been injected into the network stack.

completionContext

A pointer to a callout driver-provided context that is passed to the callout function pointed to by the completionFn parameter. This parameter is optional and can be NULL.

Return Value

The FwpsInjectNetworkSendAsync0 function returns one of the following NTSTATUS codes.

Return code Description
STATUS_SUCCESS
The packet data injection was initiated successfully. The filter engine will call the completion function after the filter engine has completed injecting the packet data into the network stack, or when an error occurred subsequently. In case of an error, the Status member of the completed NET_BUFFER_LIST structure will indicate the reason for failure.
STATUS_FWP_TCPIP_NOT_READY
The TCP/IP network stack is not ready to accept injection of packet data.
STATUS_FWP_INJECT_HANDLE_CLOSING
The injection handle is being closed.
Other status codes
An error occurred.

Remarks

A callout driver calls the FwpsInjectNetworkSendAsync0 function to inject packet data from the transport, datagram data, or ICMP error layers into the send data path. At these layers, the IP header might not yet be formed, and when IPsec policy is active, the packet data is not encrypted or signed. Therefore, this function is ideal to use for packet inspection in an IPsec-enabled environment.

This function can execute asynchronously.

If the return value is not STATUS_SUCCESS, the completion function will not be called. In this case, the net buffer list pointed to by netBufferList needs to be freed by a call to FwpsFreeNetBufferList0 or FwpsFreeCloneNetBufferList0.

Callout drivers normally inject data into the network stack when they modify packet data. For more information about how a callout driver can modify packet data, see Callout Driver Operations.

Due to the TCP protocol locking semantics, TCP can only be injected Out of Band at any transport layer or equivalent layer, so FwpsInjectTransportReceiveAsync0 and FwpsInjectTransportSendAsync0 must be queued and run by a DPC.

The injected packet can be indicated to the callout driver again. To prevent infinite looping, the driver should first call the FwpsQueryPacketInjectionState0 function before calling the classifyFn callout function, and permit packets that have the injection state FWPS_PACKET_INJECTION_STATE set to FWPS_PACKET_INJECTED_BY_SELF or FWPS_PACKET_PREVIOUSLY_INJECTED_BY_SELF.

The endpointHandle parameter, as well as members declared in the FWPS_TRANSPORT_SEND_PARAMS0 structure pointed to by the sendArgs parameter, are provided to callouts from the following network layers:

FWPS_LAYER_OUTBOUND_TRANSPORT_V4
FWPS_LAYER_OUTBOUND_TRANSPORT_V6
FWPS_LAYER_DATAGRAM_DATA_V4 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)
FWPS_LAYER_DATAGRAM_DATA_V6 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)
FWPS_LAYER_OUTBOUND_ICMP_ERROR_V4
FWPS_LAYER_OUTBOUND_ICMP_ERROR_V6

The datagram belongs to a raw socket if both of the following are true:

At the following network layers, if the datagram belongs to a raw socket, the net buffer list pointed to by netBufferList must be adjusted to start at the IP header (which must be prepended to the net buffer list):

  • FWPS_LAYER_DATAGRAM_DATA_V4 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)
  • FWPS_LAYER_DATAGRAM_DATA_V6 (when outbound direction is specified with FWP_DIRECTION_OUTBOUND)

Requirements

   
Minimum supported client Available starting with Windows Vista.
Target Platform Universal
Header fwpsk.h (include Fwpsk.h)
Library Fwpkclnt.lib
IRQL "<= DISPATCH_LEVEL"

See Also

FWPS_INCOMING_METADATA_VALUES0

FWPS_PACKET_INJECTION_STATE

FWPS_TRANSPORT_SEND_PARAMS0

FwpsAllocateCloneNetBufferList0 FwpsAllocateNetBufferAndNetBufferList0

FwpsFreeCloneNetBufferList0

FwpsFreeNetBufferList0

FwpsInjectTransportSendAsync1

FwpsInjectionHandleCreate0

FwpsInjectionHandleDestroy0

FwpsQueryPacketInjectionState0

NET_BUFFER_LIST

classifyFn

completionFn