推荐答案
对入站数据进行打包(拆分为正确的MTU和标题)添加)。因此,您指示的数据是数据包有效负载的大小。在出站时,数据尚未打包,因此表示整个金额超过到套接字调用。
On inbound the data has been packetized (split into the proper MTUs, and headers added). so the data you are indicated are the sizes from the packet payloads. on outbound, the data has not been packetized yet, so you are indicated the whole amount passed to the socket call.
如果你需要更多的入站字节来执行操作,您可以使用FWPS_STREAM_ACTION_NEED_MORE_DATA。此标志将导致更多数据提供给下一个callout调用。
If you need more bytes on inbound to act on, you can use the FWPS_STREAM_ACTION_NEED_MORE_DATA. This flag will cause more data to be provided to the next callout invocation.
msdn.microsoft/en-us/library/windows/hardware/ff570891(v=vs.85).aspx
希望这会有所帮助,
更多推荐
传递更多数据时在FWPM
发布评论