SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS Control Code
Description
The SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS control code sets the redirect record to the new TCP socket used for connecting to the final destination for use by a Windows Filtering Platform (WFP) redirect service.
To perform this operation, call the WSAIoctl or WSPIoctl function with the following parameters.
int WSAIoctl(
(socket) s, // descriptor identifying a socket
SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS, // dwIoControlCode
(LPVOID) lpvInputBuffer, // lpvInBuffer
(DWORD) cbInputBuffer, // cbInBuffer
NULL, // output buffer
0, // size of output buffer
(LPDWORD) lpcbBytesReturned, // number of bytes returned
(LPWSAOVERLAPPED) lpOverlapped, // OVERLAPPED structure
(LPWSAOVERLAPPED_COMPLETION_ROUTINE) lpCompletionRoutine, // completion routine
);
int WSPIoctl(
(socket) s, // descriptor identifying a socket
SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS, // dwIoControlCode
(LPVOID) lpvInputBuffer, // lpvInBuffer
(DWORD) cbInputBuffer, // cbInBuffer
NULL, // output buffer
0, // size of output buffer
(LPDWORD) lpcbBytesReturned, // number of bytes returned
(LPWSAOVERLAPPED) lpOverlapped, // OVERLAPPED structure
(LPWSAOVERLAPPED_COMPLETION_ROUTINE) lpCompletionRoutine, // completion routine
(LPWSATHREADID) lpThreadId, // a WSATHREADID structure
(LPINT) lpErrno // a pointer to the error code.
);
Parameters
s
A descriptor identifying a socket.
dwIoControlCode
The control code for the operation. Use SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS for this operation.
lpvInBuffer
A pointer to the input buffer. This parameter contains a pointer to the WFP redirect record associated with the socket.
cbInBuffer
The size, in bytes, of the input buffer.
lpvOutBuffer
A pointer to the output buffer. This parameter is unused for this operation.
cbOutBuffer
The size, in bytes, of the output buffer. This parameter must be set to zero.
lpcbBytesReturned
A pointer to a variable that receives the size, in bytes, of the data stored in the output buffer.
If the output buffer is too small, the call fails, WSAGetLastError returns WSAEINVAL, and the lpcbBytesReturned parameter points to a DWORD value of zero.
If lpOverlapped is NULL, the DWORD value pointed to by the lpcbBytesReturned parameter that is returned on a successful call cannot be zero.
If the lpOverlapped parameter is not NULL for overlapped sockets, operations that cannot be completed immediately will be initiated, and completion will be indicated at a later time. The DWORD value pointed to by the lpcbBytesReturned parameter that is returned may be zero since the size of the data stored can't be determined until the overlapped operation has completed. The final completion status can be retrieved when the appropriate completion method is signaled when the operation has completed.
lpvOverlapped
A pointer to a WSAOVERLAPPED structure.
If socket s was created without the overlapped attribute, the lpOverlapped parameter is ignored.
If s was opened with the overlapped attribute and the lpOverlapped parameter is not NULL, the operation is performed as an overlapped (asynchronous) operation. In this case, lpOverlapped parameter must point to a valid WSAOVERLAPPED structure.
For overlapped operations, the WSAIoctl or WSPIoctl function returns immediately, and the appropriate completion method is signaled when the operation has been completed. Otherwise, the function does not return until the operation has been completed or an error occurs.
lpCompletionRoutine
Type: _In_opt_ LPWSAOVERLAPPED_COMPLETION_ROUTINE
A pointer to the completion routine called when the operation has been completed (ignored for non-overlapped sockets).
lpThreadId
A pointer to a WSATHREADID structure to be used by the provider in a subsequent call to WPUQueueApc. The provider should store the referenced WSATHREADID structure (not the pointer to same) until after the WPUQueueApc function returns.
Note This parameter applies only to the WSPIoctl function.
lpErrno
A pointer to the error code.
Note This parameter applies only to the WSPIoctl function.
Return value
If the operation completes successfully, the WSAIoctl or WSPIoctl function returns zero.
If the operation fails or is pending, the WSAIoctl or WSPIoctl function returns SOCKET_ERROR. To get extended error information, call WSAGetLastError.
| Error code | Meaning |
|---|---|
| WSA_IO_PENDING | Overlapped I/O operation is in progress. This value is returned if an overlapped operation was successfully initiated and completion will be indicated at a later time. |
| WSA_OPERATION_ABORTED | The I/O operation has been aborted because of either a thread exit or an application request. This error is returned if an overlapped operation was canceled due to the closure of the socket or the execution of the SIO_FLUSH IOCTL command. |
| WSAEACCES | An attempt was made to access a socket in a way forbidden by its access permissions. This error is returned under several conditions that include the following: the user lacks the required administrative privileges on the local computer or the application is not running in an enhanced shell as the built-in Administrator (RunAs administrator). |
| WSAEFAULT | The system detected an invalid pointer address in attempting to use a pointer argument in a call. This error is returned of the lpvInBuffer, lpvoutBuffer, lpcbBytesReturned, lpOverlapped or lpCompletionRoutine parameter is not totally contained in a valid part of the user address space. |
| WSAEINPROGRESS | A blocking operation is currently executing. This error is returned if the function is invoked when a callback is in progress. |
| WSAEINTR | A blocking operation was interrupted by a call to WSACancelBlockingCall. This error is returned if a blocking operation was interrupted. |
| WSAEINVAL | An invalid argument was supplied. This error is returned if the dwIoControlCode parameter is not a valid command, or a specified input parameter is not acceptable, or the command is not applicable to the type of socket specified. |
| WSAENETDOWN | A socket operation encountered a dead network. This error is returned if the network subsystem has failed. |
| WSAENOTSOCK | An operation was attempted on something that is not a socket. This error is returned if the descriptor s is not a socket. |
| WSAEOPNOTSUPP | The attempted operation is not supported for the type of object referenced. This error is returned if the specified IOCTL command is not supported. This error is also returned if the SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS IOCTL is not supported by the transport provider. |
Remarks
The SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS IOCTL is supported on Windows 8, and Windows Server 2012, and later versions of the operating system.
WFP allows access to the TCP/IP packet processing path, wherein outgoing and incoming packets can be examined or changed before allowing them to be processed further. By tapping into the TCP/IP processing path, independent software vendors (ISVs) can more easily create firewalls, antivirus software, diagnostic software, and other types of applications and services. WFP provides user-mode and kernel-mode components so that third-party ISVs can participate in the filtering decisions that take place at several layers in the TCP/IP protocol stack and throughout the operating system. The WFP connection redirect feature allows a WFP callout kernel driver to redirect a connection locally to a user-mode process, perform content inspection in user-mode, and forward the inspected content using a different connection to the original destination.
The SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS IOCTL and several other related IOCTLS are user-mode components used to allow multiple WFP-based connection proxy applications to inspect the same traffic flow in a cooperative manner. Each inspection agent can safely re-inspect network traffic that has already been inspected by another inspection agent. With the presence of multiple proxies (developed by different ISVs, for example) the connection used by one proxy to communicate with the final destination could in turn be redirected by a second proxy, and that new connection could again be redirected by the original proxy. Without connection tracking, the original connection might never reach its final destination as it gets stuck in an infinite proxy loop.
The SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS IOCTL is used to provide proxied connection tracking on redirected socket connections. This WFP feature facilitates tracking of redirection records from the initial redirect of a connection to the final connection to the destination.
The SIO_QUERY_WFP_CONNECTION_REDIRECT_RECORDS IOCTL is used by a WFP-based redirect service to retrieve the redirect record from the accepted TCP/IP packet connection (the connected socket for a TCP socket or a UDP socket, for example) redirected to it by its companion kernel-mode callout registered at ALE_CONNECT_REDIRECT layers in a kernel-mode driver. The SIO_QUERY_WFP_CONNECTION_REDIRECT_CONTEXT IOCTL retrieves the redirect context for a redirect record, which is used. The redirect context is optional and is used if the current redirection state of a connection is that the connection was redirected by the calling redirect service or the connection was previously redirected by the calling redirect service but later redirected again by a different redirect service.The redirect service transfers the retrieved redirect record to the TCP socket it uses to proxy the original content using the SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS IOCTL.
The application calling the SIO_SET_WFP_CONNECTION_REDIRECT_RECORDS IOCTL does not need to understand the blob containing the redirect record being set. This is an opaque blob of data that the application needs to pass back to the new socket.
See also
SIO_QUERY_WFP_CONNECTION_REDIRECT_CONTEXT
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for