Add WFP listen hook simulation for sock_addr listen testing#306
Conversation
Rename usersim listen hook test functions from sock_ops naming to cgroup_inet naming to match the sock_addr-based listen hook design: - usersim_fwp_sock_ops_listen_v4 -> usersim_fwp_cgroup_inet4_listen - usersim_fwp_sock_ops_listen_v6 -> usersim_fwp_cgroup_inet6_listen - test_sock_ops_listen_v4 -> test_cgroup_inet4_listen - test_sock_ops_listen_v6 -> test_cgroup_inet6_listen Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
mikeagun
force-pushed
the
sockops-listen-hook
branch
from
10f9e5c to
40562a6
Compare
| { | ||
| FWPS_INCOMING_VALUE0 incoming_value[FWPS_FIELD_ALE_AUTH_LISTEN_V4_MAX] = {}; | ||
| incoming_value[FWPS_FIELD_ALE_AUTH_LISTEN_V4_IP_LOCAL_ADDRESS].value.uint32 = parameters->destination_ipv4_address; | ||
| incoming_value[FWPS_FIELD_ALE_AUTH_LISTEN_V4_IP_LOCAL_PORT].value.uint16 = parameters->destination_port; |
There was a problem hiding this comment.
nit: should we rename destination_ipv4_address and destination_port to a more accurate name, like local_ip and remote_ip?
There was a problem hiding this comment.
Could you clarify - are you thinking to alias them inside this function to more intuitive names?
These are the existing classify parameters (for listen the destination address/port are the local ones we are listening on), so renaming the actual fields would break existing callers.
There was a problem hiding this comment.
I meant renaming the fields in fwp_classify_parameters_t struct. This is just a test struct defined in fwp_test.h.
Agree that some code will need to be updated in ebpf repo when the latest commit of usersim is consumed.
There was a problem hiding this comment.
Created a follow-up issue (#308) for this renaming.
2 participants
Add usersim_fwp_cgroup_inet4_listen and usersim_fwp_cgroup_inet6_listen to simulate WFP ALE_AUTH_LISTEN_V4/V6 layer classify calls. These enable unit testing of the
new cgroup/listen4 and cgroup/listen6 sock_addr attach types in ebpf-for-windows.
The functions populate FWPS_FIELD_ALE_AUTH_LISTEN_V4/V6 incoming values (local address, port, compartment ID, interface LUID, app ID) and invoke the registered WFP callout via test_callout.