locked
Control order of filters inWFP RRS feed

  • Question

  • We are developing a VPN product using a driver in the WFP. Our approach is to filter packets and redirect the ones we should be transporting to the internal network. We have however run into problems where another driver filters and swallows our packets. Apparently they take priority over us.


    We need however to approach this somehow and the question is how priority is decided in WFP?
    Is is first installed first served or is there anyway to control this?

    /Nyman


    Nyman
    Thursday, January 26, 2012 10:30 AM

Answers

  • You are asking about filter arbitration.  http://msdn.microsoft.com/en-us/library/windows/desktop/aa364008(v=vs.85).aspx

    Essentially for every layer the packet traverses, the filters for each sublayer are analyzed for a decision within that sublayer.  This allows one sublayer to return BLOCK and another to return PERMIT.  In this case, the more secure method of BLOCK is enforced.

    We recommend each WFP provider to implement their own sublayer(s).  This way they are guaranteed to have their input into the final decision.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, January 26, 2012 4:14 PM
    Moderator