locked
Stream Layer question RRS feed

  • Question

  •  

    What exactly is the definition of the Stream Layer? There is no such layer in the OSI model or TCP/IP. What are some concrete examples of the application of filters placed in this particular layer? What kind of traffic should I expect to capture in this layer.

     

    MSDN:

    FWPM_LAYER_STREAM_V4
    FWPM_LAYER_STREAM_V6

     

    This filtering layer is located in the stream data path. This layer allows for inspecting network data on a per stream basis. At the stream layer, the network data is bidirectional.

     

     

    Thanks,

     

    Inq

    Tuesday, August 14, 2007 6:46 PM

Answers

  • You will be indicated TCP data segments at stream layer (no IP nor TCP headers). You can "slice and dice" section of the stream and WFP/tcpip will adjust the seq#/ack# and sliding windows accordingly. One example would be an parental control appliction removing inappropriate contents from an HTTP page and replace it w/ something that's appropriate for kids.

     

    You can review the "Steam Editor" example in the WDK which find and replace arbitary token from a TCP stream.

     

    Hope this helps,

    Biao.W.

    Wednesday, August 15, 2007 4:47 AM