ServerSplit

Microsoft Internet Security and Acceleration Server 2000

ServerSplit

The ServerSplit sample filter demonstrates the use of connection emulation for inbound connections.

The filter begins by binding a socket for TCP Port 3333, and then it waits for connections on this port. When a Firewall client requests to bind Port 3333 on the Firewall service, the filter intercepts the request, and requests to emulate the connection. That is, the service does not attempt to bind a socket to that port in response to that specific client request because such an attempt would fail if more than one client tries to bind to the same port. Instead, the service reports a successful bind to the client. The filter then manages the multiplexing of incoming connections on the socket that was already bound by the filter.

This technique allows internal servers behind the Firewall service to share listening ports and receive incoming connections from external clients.When a connection arrives to the Firewall service on Port 3333 the service notifies the filter by calling the IFWXAcceptCompletion::CompleteAsyncAccept method. The filter then checks its list of emulated connections. If the list is empty, it sends a short message and terminates the connection. Otherwise, it takes the first connection on the list and calls IFWXConnection::EmulateConnection. The class CDataPump provides the data-pump for this connection. That connection is then moved to the end of the queue.

The following illustration summarizes the process followed by the ServerSplit sample.

Note When the external client disconnects, a fwx_ConnectionTerminating event arrives for the accepted connection, but not for the listening connection, if an appropriate ServerBindTcpPorts entry is specified in wspcfg.ini.