Accessing the IP protocol and UDP header from FWPM_LAYER_INBOUND_IPPACKET_V4 callout RRS feed

  • Question

  • I'm new to Windows drivers - worked mostly Linux and BSD - and need to extend an existing that block specific IP address to  do a little packet inspection and allow DHCP traffic through. My question is how do I access the IP and UDP headers, so I can get the protocol and then the UDP ports? Pointing me to a good tutorial on how WFP is hooked to the lower layers and what is available at the various layers would be great (I'd rather learn how to fish rather than be given a fish).

    Looking more at the other threads and examples, I believe that I've figured out what I need to do for getting IP and UDP headers. Is there a document that show the various callouts and what metadata is available as the packet passes through its stages of processing in the stack?

    • Edited by closso Wednesday, November 5, 2014 9:47 AM
    Wednesday, November 5, 2014 2:18 AM