locked
What will happen to the rules added by BFE during a disable/enable/change settings operation of an interface card? RRS feed

  • Question

  • I myself did some test:

    If the network interface card is disabled the FwpmFilterAdd0() function with a FWPM_CONDITION_IP_LOCAL_INTERFACE condition will fail.

    If I add the rules when the interface card is enable and then disable it and enable again, the result is the network disconnects with a yellow triangle and an exclamation mark.

    So what exactly is happening when I disable/enable/change settings to an network interface card? Does BFE refresh the rules automatically? If the rules can not refresh themselves, what should we do? How can we know when the network interface card is being changed?

    I have so many questions, but I really want some one can answer all of them. Thanks a lot!

    Saturday, May 14, 2011 1:47 PM

Answers

  • YOu can query the WMI Win32_NetworkAdapter class for disabled interfaces.   The NotifyIpInterfaceChange function should be fine from bein called from within a class.  The callback function though needs to be outside of the class.

     

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Sunday, May 15, 2011 6:16 AM
    Moderator
  • Index

     

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Sunday, May 15, 2011 2:18 PM
    Moderator

All replies

  • What error are you getting from FwpmFilterAdd?  The filters are static.  The only time BFE looks at them are when traffic events occur ( a packet traverses the stack, an app tries to open a socket, etc)  You are responsible for updating the rules.  For example you add a filter for a nic connected to network A with a LOCAL_ADDRESS condition of 1.0.0.1,  when you put that nic to network B and get a new IP (say 2.0.0.1) the original filter is still in place until you remove it and add te new filter.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Saturday, May 14, 2011 6:27 PM
    Moderator
  • Sorry about the error. I checked it again and found that the error threw out was define by myself. Because I retrieve all the interface indices by GetAdaptersAddresses() and then I make a check to the rules before adding them, but the function GetAdaptersAddresses() cannot retrieve the adapter which is disabled. So is there any other functions that can retrieve the adapter index or luid even when it is disabled?

    The second problem I'm still trying to resolve. I used NotifyIpInterfaceChange() trying to get notified when any enable / disable / change parameters operation occurs. But I don't know whether this function can be used in a class. Should I create a new thread to call this function or can I just call it in a member function of my class? If I call this function, will my program stop on the place where I called, waiting for the notify event, or it will go just as normal?

    Thanks a lot.

    Sunday, May 15, 2011 3:02 AM
  • YOu can query the WMI Win32_NetworkAdapter class for disabled interfaces.   The NotifyIpInterfaceChange function should be fine from bein called from within a class.  The callback function though needs to be outside of the class.

     

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Sunday, May 15, 2011 6:16 AM
    Moderator
  • Hi, Dusty Harper:

    Will the WMI query return the LUID or index of the adapter? Thanks a lot.

    Sunday, May 15, 2011 10:03 AM
  • Index

     

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Sunday, May 15, 2011 2:18 PM
    Moderator