locked
How to filter Sockets Direct Protocol on Windows RRS feed

  • Question

  • I'd like to ask how I can filter the Sockets Direct Protocol(SDP) on Windows. Can I use Windows Filtering Platform? Thanks.

    Friday, February 15, 2013 5:38 AM

Answers

  • Direct Sockets (RDMA) will not be visible @ ALE. This technology bypasses the stack and gets the buffers directly from the NIC.

    You mention SDP, this has been marked for deprecation and replaced by RDMA.  In the case of SDP however, you will see invocations @ ALE_RESOURCE_ASSIGNMENT and ALE_AUTH_LISTEN.  Once Winsock realizes there is a direct data path to use, the stack then gets bypassed.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Thursday, February 21, 2013 7:57 PM
    Moderator

All replies

  • Direct sockets (RDMA) bypasses most of WFP.  I would expect to see this traffic @ FWPM_LAYER_MAC_FRAME_{NATIVE | ETHERNET}(available in Win8+), at which point you could filter the traffic (essentially an NDIS filter).

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Friday, February 15, 2013 10:17 PM
    Moderator
  • Thank you very much, Dusty. Can I filter Application Layer Enforcement(ALE)  to creat the flow context for Direct sockets?
    Friday, February 15, 2013 10:51 PM
  • Hi Dusty, I am interested in this too. Is there anyway I can force it to go through WFP during ALE enforcement? Thanks.

    Wednesday, February 20, 2013 1:18 AM
  • Direct Sockets (RDMA) will not be visible @ ALE. This technology bypasses the stack and gets the buffers directly from the NIC.

    You mention SDP, this has been marked for deprecation and replaced by RDMA.  In the case of SDP however, you will see invocations @ ALE_RESOURCE_ASSIGNMENT and ALE_AUTH_LISTEN.  Once Winsock realizes there is a direct data path to use, the stack then gets bypassed.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Thursday, February 21, 2013 7:57 PM
    Moderator