locked
Changing filter condition dynamically RRS feed

  • Question

  • I'm trying to find the easiest way to change a filter condition dynamically (based on parameters passed to the driver through ioctl). Can I just get a pointer to it with FwpmFilterGetById0 and modify it? Or do I have to delete the filter and add back the modified filter? If so, any other elements that have to be redone?

    Freddy

    Monday, April 23, 2012 5:59 PM

Answers

  • You will need to call FwpmFilterDeleteBy{Key / Id} and FwpmFilterAdd.  You can get the original filter using FwpmFilterGetById, and then tweak the items you wish to change.  You will need to make sure the flags field is valid (no out only flags like FWPM_FILTER_FLAG_DISABLED) when you re-add it, and likely will want to Zero Out reserved, filterId and effectiveWeight. 

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, April 24, 2012 9:48 PM
    Moderator
  • Correct.  You must delete, modify, and then re-add the filter.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Wednesday, April 25, 2012 11:04 PM
    Moderator

All replies

  • You will need to call FwpmFilterDeleteBy{Key / Id} and FwpmFilterAdd.  You can get the original filter using FwpmFilterGetById, and then tweak the items you wish to change.  You will need to make sure the flags field is valid (no out only flags like FWPM_FILTER_FLAG_DISABLED) when you re-add it, and likely will want to Zero Out reserved, filterId and effectiveWeight. 

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, April 24, 2012 9:48 PM
    Moderator
  • Thanks, Dusty. Just to make sure I understand - while I can get the existing filter, I still need to delete it and add back the modified one?

    Freddy

    Wednesday, April 25, 2012 5:05 PM
  • Correct.  You must delete, modify, and then re-add the filter.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Wednesday, April 25, 2012 11:04 PM
    Moderator