locked
Modifying stmedit to work off a Hyper-V VSwitch RRS feed

  • Question

  • Hi,

    I have the stmedit working well on a guest vm in my Hyper V environment. My main aim is to do the same thing that stmedit does, but do it on the VSwitch. In essence, if I understand correctly, I need to be able to edit application streams while being resident on the VSwitch. One way I thought it can be done is to modify the layer from 'FWPM_LAYER_STREAM_V4' to something that is supported in the VSwitch. However, I couldn't find any layer identifier that gave such introspection at the stream layer in the VSwitch. Is this supported? If yes, are there any pointers I could look at / or is there another way I can do filtering of application data while being a callout driver? If it is not supported in WFP, do I get such functionality if I write my own NDIS 6.3 based extension for the VSwitch?

    Thanks!

    Wednesday, October 9, 2013 8:18 AM

Answers

  • The closest you will get is to use the Win8 layers {IN/EGRESS}_VSWITCH_ETHERNET.  When you modify / inject, you will need to inject back to INGRESS.  Unfortunately injection isn't supported at VSWITCH_TRANSPORT at this time.

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Sunday, October 13, 2013 2:35 AM
    Moderator
  • Yes.  terminating actions are supported.  injection is not.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, October 29, 2013 5:18 AM
    Moderator

All replies

  • Hi,

    I have the stmedit working well on a guest vm in my Hyper V environment. My main aim is to do the same thing that stmedit does, but do it on the VSwitch. In essence, if I understand correctly, I need to be able to edit application streams while being resident on the VSwitch. One way I thought it can be done is to modify the layer from 'FWPM_LAYER_STREAM_V4' to something that is supported in the VSwitch. However, I couldn't find any layer identifier that gave such introspection at the stream layer in the VSwitch. Is this supported? If yes, are there any pointers I could look at / or is there another way I can do filtering of application data while being a callout driver? If it is not supported in WFP, do I get such functionality if I write my own NDIS 6.3 based extension for the VSwitch?

    I have asked a similar query with more details here in the WFP samples discussion. Look for the discussion with subject line - "Using PerformBasicStreamInjection for inspection".

    Thanks!


    Thursday, October 10, 2013 3:44 AM
  • I think I've got it - WFP currently doesnt seem to support filtering at the stream layer so I am going to try basic packet examination at the transport layer and walk through the NBL(s)...

    Thanks.

    Friday, October 11, 2013 9:27 AM
  • The closest you will get is to use the Win8 layers {IN/EGRESS}_VSWITCH_ETHERNET.  When you modify / inject, you will need to inject back to INGRESS.  Unfortunately injection isn't supported at VSWITCH_TRANSPORT at this time.

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Sunday, October 13, 2013 2:35 AM
    Moderator
  • ok - but I assume that block is supported at the xxxx_VSWITCH_TRANSPORT_xxxx layers?
    Tuesday, October 29, 2013 3:53 AM
  • Yes.  terminating actions are supported.  injection is not.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, October 29, 2013 5:18 AM
    Moderator