Divert icon indicating copy to clipboard operation
Divert copied to clipboard

Published 20 hours ago verified publisher icon basil00

Filter “outbound and !loopback” not effective at WINDIVERT_LAYER_SOCKET

Open BruceMok opened this issue 4 years ago • 1 comments

Base on socketdump.c, i set filter like "outbound and !loopback". It seems like filter not effective because i still receive loopback event.

CLOSE pid=17796 program=msedge.exe endpoint=1208670 parent=1208662 protocol=TCP local=[127.0.0.1]:51128 remote=[127.0.0.1]:5021

BruceMok avatar Jan 27 '21 03:01 BruceMok

I can confirm this problem. It seems to only occur for "close" events.

Looking at the code, it is not obvious what the cause is. The WinDivert driver considers the event to be loopback if the FWP_CONDITION_FLAG_IS_LOOPBACK flag is set for FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_FLAGS. So it seems the flag is not set.

basil00 avatar Feb 09 '21 00:02 basil00