Share via


FwpsPendOperation0 (Compact 7)

3/12/2014

This function suspends packet processing, pending completion of another operation.

Syntax

NTSTATUS NTAPI
  FwpsPendOperation0(
    IN HANDLE  completionHandle,
    OUT HANDLE  *completionContext
    );

Parameters

  • completionHandle
    A completion handle that is required to pend the current filtering operation. This parameter is obtained from the completionHandle member of the FWPS_INCOMING_METADATA_VALUES0 structure that is passed into the callout's classifyFn function.
  • completionContext
    The handle to the completion context of this pend operation. When the callout is ready to resume packet processing, it calls the FwpsCompleteOperation0 function with the value of this parameter.

Return Value

The FwpsPendOperation0 function returns one of the following NTSTATUS codes:

Value Description

STATUS_SUCCESS

Packet processing was successfully pended.

STATUS_FWP_CANNOT_PEND

A call was made to FwpsPendOperation0 in a reauthorization classify operation.

STATUS_FWP_NULL_POINTER

One or more parameters is invalid

STATUS_FWP_TCPIP_NOT_READY

The TCP/IP network stack is not ready to allow this operation

Other status codes

An error occurred

Remarks

The callout should keep the completionContext parameter value until it resumes packet processing. When the operation that prompted the call to this function has finished, the callout should call the FwpsCompleteOperation0 function, passing it the completionContext parameter value.

A callout can call this function to pend a packet that originates from the FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_Xxx, FWPM_LAYER_ALE_AUTH_LISTEN_Xxx, or FWPM_LAYER_ALE_AUTH_CONNECT_Xxx filtering layers only. A callout can pend the current processing operation on a packet when the callout must perform processing on one of these layers that may take a long interval to complete or that should occur at IRQL = PASSIVE_LEVEL if the current IRQL > PASSIVE_LEVEL.

To complete a connection that was previously pended at the FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_Xxx layer, the callout must reinject the packet that was cloned at that layer and call the FwpsCompleteOperation0 function.

To pend packet processing, the callout's classifyFn function should set the actionType member of the FWPS_CLASSIFY_OUT0 structure to FWP_ACTION_BLOCK and the Flags member to FWPS_CLASSIFY_OUT_FLAG_ABSORB.

Pended connections are reauthenticated after the FwpsCompleteOperation0 function executes. TCP connections, if they are allowed, are created by completing the handshake operation. Non-TCP connections create state entries. Any pended packet data is flushed from memory when the FwpsPendOperation0 function is completed. Applications must retransmit those packets after FwpsCompleteOperation0 executes. Callouts can buffer such data and reinject the data on behalf of the applications.

Only an initial ALE flow authorization can be postponed by calling FwpsPendOperation0 and FwpsCompleteOperation0. If an ALE flow is reauthorized, the FWP_CONDITION_FLAG_IS_REAUTHORIZE flag is set. A call to FwpsPendOperation0 from the FWPM_LAYER_ALE_AUTH_CONNECT_Xxx or FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_Xxx filtering layers will fail if the FWP_CONDITION_FLAG_IS_REAUTHORIZE flag is set, and the STATUS_FWP_CANNOT_PEND status code will be returned.

Requirements

Header

fwpsk.h

See Also

Reference

Functions Called by Callout Drivers
FWPS_CLASSIFY_OUT0
FWPS_INCOMING_METADATA_VALUES0
classifyFn
FwpsCompleteOperation0
WFP Callout Driver Functions