NetFilter SDK WFP driver

NetFilter SDK is a framework for transparent filtering the data packets transmitted via network. This is a high performance proxy-less solution, compatible with antiviruses/firewalls/other network filters. It suits for developing the content filters, basic application level firewalls, traffic analyzers/shapers, other software that requires viewing and modifying TCP/UDP traffic on Windows.

SDK consists of kernel mode and user mode parts. The WFP kernel driver works on the top of TCP/IP stack and filters TCP/UDP protocols. Additionally it is possible to filter any IP based protocols on packet layers. It has a simple user mode API, which can be used from C/C++/.NET/Delphi code.

Key features

  • The solution allows filtering incoming/outgoing TCP connections and UDP datagrams in user mode application. It is possible to filter the specified subset of connections/datagrams, restricted by filtering rules. The outgoing TCP connections can be redirected to different address.

  • By default the filtering is transparent for other filters, because the driver allows viewing and changing TCP/UDP data without redirecting the traffic to proxy and modifying the addresses. It reduces to minimum the probability of conflicts with antiviruses, firewalls and other filters.

  • The filtering driver operates on transport level, on the top of TCP/IP stack. In effect it automatically supports all kinds of TCP/IP capable network adapters: Ethernet, Dial-up/DSL/Cable modems, wireless adapters including Wi-Fi and Bluetooth, virtual adapters like loopback or VPN.

  • Both IPv6 and IPv4 are supported.

  • The process context (as process identifier) is available for all network activity.

  • The driver user level interface (API) is easy in use, but powerful.

  • It is possible to control the speed of data transmission and count the traffic.

  • The driver works in the same way on 32-bit and 64-bit Windows operating systems. It is possible to use 32-bit API for working with 64-bit driver.