Capture socket application data using WFP RRS feed

  • Question

  • Hii,
             Can I write the user mode application to capture the data from socket application, modify the data and then forward it.
    Tuesday, October 6, 2009 12:42 PM

All replies

  • WFP's user-mode support is for out of the box general filtering needs.  You can think of them as a static filtering mechanism. as they are pre-set conditions that are matched with values extracted from the traffic.  You are basically limited to a permit / block decision based on the extracted values and your filter criteria.

    What you are wanting to do requires a callout which is a kernel mode only mechanism.  This allows you to be more dynamic about how and what you filter, as well as modifying and injecting new data into the packets / flow.

    More information can be found in the DDK: http://msdn.microsoft.com/en-us/library/ms796374.aspx

    Hope this helps

    Dusty Harper [MSFT]
    Microsoft Corporation
    This posting is provided "AS IS", with NO warranties and confers NO rights
    Tuesday, October 6, 2009 9:56 PM