R
Rodrigo Ortega Martínez
Guest
Hello.
We have developed a Windows Filtering Platform callout driver. We are trying to obtain de Remote User ID for an incoming connection, considering both TCP and UDP connections.
Three layers have been identified that provide the REMOTE_USER_ID fields:
However, the REMOTE_USER_ID related FWPS_INCOMING_VALUE0_ field is always FWP_EMPTY for the given layers.
Thanks a lot in advance!
Continue reading...
We have developed a Windows Filtering Platform callout driver. We are trying to obtain de Remote User ID for an incoming connection, considering both TCP and UDP connections.
Three layers have been identified that provide the REMOTE_USER_ID fields:
ALE_AUTH_RECV_ACCEPT (FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_REMOTE_USER_ID)
ALE_AUTH_CONNECT (FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_REMOTE_USER_ID)
ALE_FLOW_ESTABLISHED (FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_REMOTE_USER_ID)
However, the REMOTE_USER_ID related FWPS_INCOMING_VALUE0_ field is always FWP_EMPTY for the given layers.
Is this an expected behaviour?
How can we obtain the REMOTE_USER_ID?
Thanks a lot in advance!
Continue reading...