locked
How to apply filter to a specified network interface in WFP RRS feed

  • Question

  • Hi,

    I am new to WFP. I would like to know how to apply filter only to a specified network interface in WFP. I was able to block all incoming UDP traffic on all interfaces but this is not what I want. I only want to block all incoming UDP traffic on a specified interface. Any help would be appreciate.

    Thanks

    Monday, April 5, 2010 7:16 PM

Answers

  • Daniel,

    I have figured out what I did wrong. Instead of NET_LUID *LUID, I should use NET_LUID ID and use &ID.Value in Condition[1].conditionValue.uint64.

    Thank you for all your help.

    • Marked as answer by leewan100 Tuesday, April 6, 2010 4:01 PM
    Tuesday, April 6, 2010 4:00 PM

All replies

  • You can use sourceInterfaceIndex and destinationInterfaceIndex from the FWPS_INCOMING_METADATA_VALUES in your classifyFn.

     

    Are you trying to do this in a callout driver?

    Monday, April 5, 2010 8:55 PM
  • Hi Daniel,

    I was actually trying to add a second condition like below after I set the first condition to block all UDP traffic. However, I am having hard time to get the conditionValue. Any idea how I can get the conditionValue?

    Condition[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;

    Condition[0].matchType = FWP_MATCH_EQUAL;

    Condition[0].conditionValue.type = FWP_UINT8;

    Condition[0].conditionValue.uint8 = IPPROTO_UDP;

    Condition[1].fieldKey = FWPM_CONDITION_IP_LOCAL_INTERFACE;

    Condition[1].matchType = FWP_MATCH_EQUAL;

     

    Condition[1].conditionValue.type = FWP_UINT64;

     

    Condition[1].conditionValue.uint64 = ???

    Thanks

    Monday, April 5, 2010 9:44 PM
  • Try GetAdaptersAddresses to enumerate them or ConvertInterfaceNameToLuidW to get a specific one.

    (Sorry for the annoying fonts.  I think it's a "feature" of this forum software.)

    Monday, April 5, 2010 9:52 PM
  • Hi Daniel,

    Thanks for the advise. The ConvertInterfaceNameToLuidW requires Unicode string containing the network interface name. What exactly does it need? In the network and sharing center 2008, my interface name shows as PCIe 1A. I have tried something like below but once I executed my program, it crashed. Can you give me an example how to use this function?

    DWORD error;

    NET_LUID *LUID;

     

    wchar_t * name = L"PCIe 1A";

    error = ConvertInterfaceNameToLuidW(name, LUID);

    Thanks,

    Tuesday, April 6, 2010 3:13 PM
  • Hi Daniel,

    Instead of using ConvertInterfaceNameToLuidW, I tried to use

    ConvertInterfaceIndexToLuid after I got the index using

    GetInterfaceInfo function. Now, how do I apply the result from the ConvertInterfaceIndexToLuid to Condition[1].conditionValue.uint64. This is what my code looks like:

    IP_INTERFACE_INFO * interfaceInfo; 

    ...skipped detail for GetInterfaceInfo


    DWORD error;

    NET_LUID *LUID;

    error = ConvertInterfaceIndexToLuid(interfaceInfo->Adapter[0].Index, LUID);

    if (error == NO_ERROR )

    {

     
    Condition[1].fieldKey = FWPM_CONDITION_IP_LOCAL_INTERFACE;

    Condition[1].matchType = FWP_MATCH_EQUAL;

    Condition[1].conditionValue.type = FWP_UINT64;

    Condition[1].conditionValue.uint64 = ???;

    }

    Thanks,

    Tuesday, April 6, 2010 3:44 PM
  • Daniel,

    I have figured out what I did wrong. Instead of NET_LUID *LUID, I should use NET_LUID ID and use &ID.Value in Condition[1].conditionValue.uint64.

    Thank you for all your help.

    • Marked as answer by leewan100 Tuesday, April 6, 2010 4:01 PM
    Tuesday, April 6, 2010 4:00 PM