NFSDK 1.5.2.8

WFP driver 1.5.2.8
- Fixed a security violation of verifier in getProcessName.
- Fixed warnings C4127, C4100, C4189 in 32-bit debug build.
- Added calculation of IP, TCP, UDP checksums on IP filtering path to avoid issues with some network adapters.
- Added a modification to avoid delays on closing TCP connections, in code for handling inbound disconnects after receiving a FIN packet with data.

TDI driver 1.4.8.6
- Fixed a security violation of verifier in getProcessName.

nfapi 1.4.8.6
- Modified the required access rights for service handles.

NFSDK 1.5.2.5

WFP driver 1.5.2.4
- The order of filters modified for compatibility with Kaspersky local redirections of own TCP connections.
- Removed compatibility workarounds for Kaspersky and NOD32.

nfapi 1.4.8.5
- Fixed a leak of TCP contexts of incorrectly redirected connections.

NFSDK 1.5.2.1

WFP driver 1.5.2.1
- The filtering for loopback IPv6 TCP connections works only when [::1] address is specified in rules explicitly.
- Added a workaround for the case when UDP socket closes immediately after sending a datagram.

TDI driver 1.4.8.5
- The driver disables filtering for TCP connections to ports 445, 135, 137, 139, but blocking rules are able to block them.
- The filtering for loopback IPv6 TCP connections works only when [::1] address is specified in rules explicitly.
- Added a workaround for the case when UDP socket closes immediately after sending a datagram.

nfapi 1.4.8.4
- Added a registry value for preference loopback IPv4 instead of IPv6.

NFSDK 1.5.1.8

WFP driver 1.5.1.9
- Added minor changes to avoid antivirus false positives.

NFSDK 1.5.1.7

WFP driver 1.5.1.8
- Added IP filtering layers and support for new rule filtering flags NF_FILTER_AS_IP_PACKETS and NF_READONLY.
- DPC routines are replaced with a kernel thread.
- TCP connections were not blocked immediately after assigning NF_BLOCK in tcpConnectRequest API event.

nfapi 1.4.8.3
- Added functions for filtering IP traffic.
- Performance optimization.

Samples
- HTTP filtering samples block QUIC and SPDY protocols.
- Fixed an issue in TcpRedirector sample with WFP driver. TCP WFP layer doesn't allow injecting outgoing packets until the socket owner process sends a first packet via connection. It is necessary to take this into account in case if a filter needs to send something before other packets.
- Added PassThroughIP sample demonstrating IP filtering.

NFSDK 1.5.1.4

WFP driver 1.5.1.0
- Fixed memory leaks after unloading the driver.
- Added a workaround for compatibility with Sophos antivirus.
- Applied block-reinject method for all packets at TCP layers.
- Disabled the filtering for local IPv6 connections.
- Added a workaround for situations when inbound TCP disconnects are not passed to down level filters.

TDI driver 1.4.8.2
- The driver didn't block TCP sends when a connection is disconnected.
- Fixed BSOD on indicating TCP receives when several TDI level filters are installed in system.
- Disabled the filtering for local IPv6 connections.

NFSDK 1.5.0.8

WFP driver 1.5.0.5
- Fixed an issue with premature close of TCP connections with Windows Defender.

NFSDK 1.5.0.7

WFP driver 1.5.0.4
- The synchronization functions are changed for better performance.
- Added a workaround for compatibility with Windows Defender.
- Fixed an issue in TCP filtering code in case of assigning NF_ALLOW flag to a TCP connection in tcpConnectRequest.
- Fixed BSOD occured in UDP filtering code.
- A workaround for compatibility with NOD32 is enabled only when antivirus drivers are present in system.
- Fixed a compatibility issue with F-Secure.

nfapi 1.4.7.9
- Minor optimization for TCP receive path.
- Fixed an issue occured when nf_unRegisterDriver is called several times without reboot.

NFSDK 1.4.9.5

WFP driver 1.4.7.9
- Fixed compatibility issues with Symantec antivirus in UDP filtering code.

NFSDK 1.4.9.4

nfapi 1.4.7.3
- Fixed an issue with hanging TCP connections waiting for remote disconnect.

NFSDK 1.4.9.3

WFP driver 1.4.7.8
- Fixed a race condition on detaching from driver.

NFSDK 1.4.9.1

nfapi 1.4.7.2
- Fixed an issue occured during filtering fast connections.

NFSDK 1.4.8.9

WFP driver 1.4.7.6
- Added a fix to avoid filtering UDP traffic of the attached process.

WFP driver 1.4.7.5
- Fixed a compatibility issue with Anhlab WFP filter.
- Fixed several issues in UDP filtering code.
- Fixed a compatibility issue with Quick Heal antivirus.

TDI driver 1.4.8.0
- Fixed an issue in code for processing TCP packets.

nfapi 1.4.7.0
- Fixed filtering loops during handling incoming packets.

TDI driver 1.4.7.9
- Fixed an issue with TCP disconnects on Windows 10.

WFP driver 1.4.7.1
- Fixed a compatibility issue with Anhlab WFP filter.

TDI driver 1.4.7.8
- Fixed a reference counting error for file objects of UDP sockets.
- Fixed an issue with object reference counting in TCP filtering code.
- Fixed a deadlock in TCP filtering code.
- Fixed compatibility issues with latest versions of Avast.

WFP driver 1.4.7.0
- Fixed a BSOD, occured on attempt to send IPv4 UDP datagram via IPv6 socket.
- Added missing scope id field for IPv6 UDP remote addresses.
- Fixed an issue with filtering IPv6 UDP.

nfapi 1.4.6.9
- Added a fix for correct work of TCP reinject requests from TDI driver.

nfapi 1.4.6.8
- Added a separate thread for handling outgoing packets, for better performance with both drivers, and for better compatibility of WFP driver with other WFP filters.
- Fixed possible race condition in tcpConnectRequest and udpConnectRequest events.

WFP driver 1.4.6.8
- Fixed several minor bugs.
- Added a fix to allow sending the generated UDP responses as demonstrated in DnsRedirector.

TDI driver 1.4.7.4
- Fixed a race condition in UDP filtering code.
- Fixed a memory override bug in nf_packet_alloc.

WFP driver 1.4.6.6
- Added a workaround to avoid blocking by firewalls the redirected UDP traffic.
- Fixed a compatibility issue with VipNet Client.

TDI driver 1.4.7.1
- Fixed an issue with TCP sends.
- Fixed a reference counting error for file objects of UDP sockets.

nfapi 1.4.6.6
- nf_tcpClose didn't close connections from tcpConnected.

WFP driver 1.4.6.4
- Fixed an issue with redirecting UDP DNS traffic.

TDI driver 1.4.6.8
- The code for preventing issues with closed UDP sockets is changed to avoid hangs of Google Chrome.
- Fixed an incompatibility with F5 VPN.
- Fixed an issue occured when UDP socket closes prematurely.

nfapi 1.4.6.5
- Added function nf_getProcessNameFromKernel - analogue of nf_getProcessNameW, which doesn't require administrative privileges.
- nf_tcpDisableFiltering disables only indicating packets via events.
- nf_disableFiltering is removed.
- Fixed an issue with pending data packets.
- Fixed an issue in thread pool code.

WFP driver 1.4.6.3
- Added support for function nf_getProcessNameFromKernel.
- The order of filters is changed for compatibility of SSL filtering with latest versions of Bitdefender and Avast.

TDI driver 1.4.4.7
- Added support for function nf_getProcessNameFromKernel.

WFP driver 1.4.6.1
- Fixed a bug in TCP context handling code.

WFP driver 1.4.5.9
- Added a workaround for an issue with breaking TCP connections prematurely when a server sends RST packet immediately after FIN.
- Added a workaround for a case when TCP connections hang after disabling the filtering for them.

nfapi 1.4.5.2
- Fixed an issue with corrupted packets when WFP driver and other WFP filters are installed.

WFP driver 1.4.5.2
- Fixed a double release of TCP context in some cases.

nfapi 1.4.5.0
- Fixed a hang of TCP connection occured in some cases when the filtering is disabled.

WFP driver 1.4.4.9
- Improved the filtering performance.
- Fixed an issue with blocking fast TCP connections.

nfapi 1.4.4.9
- Added a flag NF_PEND_CONNECT_REQUEST allowing to defer the processing of tcpConnectRequest/udpConnectRequest events. The deferred requests must be resumed later using the functions nf_completeTCPConnectRequest/nf_completeUDPConnectRequest.
- Added new functions:
/**
* Set the number of worker threads and initialization flags.
* The function should be called before nf_init.
* By default nThreads = 1 and flags = 0
* @param nThreads Number of worker threads for NF_EventHandler events
* @param flags A combination of flags from NF_FLAGS
**/
NFAPI_API void NFAPI_CC
nf_setOptions(DWORD nThreads, DWORD flags);

/**
* Complete TCP connect request pended using flag NF_PEND_CONNECT_REQUEST.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_completeTCPConnectRequest(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo);

/**
* Complete UDP connect request pended using flag NF_PEND_CONNECT_REQUEST.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_completeUDPConnectRequest(ENDPOINT_ID id, PNF_UDP_CONN_REQUEST pConnInfo);

/**
* Returns in pConnInfo the properties of TCP connection with specified id.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_getTCPConnInfo(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo);

/**
* Returns in pConnInfo the properties of UDP socket with specified id.
**/
NFAPI_API NF_STATUS NFAPI_CC
nf_getUDPConnInfo(ENDPOINT_ID id, PNF_UDP_CONN_INFO pConnInfo);

TDI driver 1.4.4.6
- Added a new flag NF_DISABLE_REDIRECT_PROTECTION, allowing to disable blocking indicating connect requests for outgoing connections of local proxies.
- Added a function nf_tcpIsProxy to nfapi. It returns TRUE if the specified process acts as a local proxy, accepting the redirected TCP connections.
- Implemented more correct handling of cancelled IRPs.
- Fixed a bug with blocking some F5 VPN connections.
- Fixed a random BSOD in case of low memory.
- Fixed an issue in nf_init function of nfapi code.

WFP driver 1.4.4.6
- Added a new flag NF_DISABLE_REDIRECT_PROTECTION, allowing to disable blocking indicating connect requests for outgoing connections of local proxies.
- Added a function nf_tcpIsProxy to nfapi. It returns TRUE if the specified process acts as a local proxy, accepting the redirected TCP connections.
- Scope id field is specified for IPv6 addresses.
- Fixed a compatibility issue with the latest versions of NOD32.
- Fixed a random BSOD in case of low memory.
- Added an exception in driver for compatibility with Avast.
- Fixed an issue related to suspending TCP receives for compatibility with some antiviruses.

WFP driver 1.4.3.9
- Fixed an issue with filtering received broadcast UDP datagrams.
- Windows 7 and Windows 8 versions of WFP driver are now located in different folders. Windows 8 version requires the latest WDK with Windows 8 headers, and must be built using MSVC 2012/2013. The project file is driver_wfp\Win8\Win8.vcxproj.
- Fixed blocking of TCP connections redirected to local proxy in the same process with filter on Windows 8.

WFP driver 1.4.3.6
- Implemented support for nfapi functions nf_disableFiltering, nf_tcpDisableFiltering, nf_udpDisableFiltering.

WFP driver 1.4.3.5
- Fixed an incompatibility with Kaspersky 2014 on Windows 8.1.
- If remote address and port are not changed in tcpConnectRequest, the driver doesn't update the connection properties to avoid blocking local connections on Windows 8. When a connection is redirected to local address Windows 8 requires process id of local proxy.

WFP driver 1.4.3.4
- WFP driver doesn't call tcpConnectRequest for local proxy processes.

WFP driver 1.4.3.3
- To redirect TCP connections to a local proxy using WFP it is necessary to specify process id of the proxy in NF_TCP_CONN_INFO.processId field from tcpConnectRequest event. The samples TcpRedirector and TcpRedirectorCS are updated accordingly.

WFP driver 1.4.3.2
- It is possible to redirect TCP connections in tcpConnectRequest event, in the same way as with TDI driver.

WFP driver 1.4.3.1
- Fixed an incompatibility with the latest versions of Symantec Endpoint.
- Fixed an issue in nf_init function of nfapi code.

WFP driver 1.4.3.0
- Fixed an incompatibility with NOD32 and Symantec. SSL filtering must be turned off when it is enabled in NOD32. It is possible to detect NOD32 by searching for the registry key: HKLM\SYSTEM\ControlSet\services\epfwwfp

TDI driver 1.4.2.8
- Fixed an issue with filtering OOB packets.

WFP driver 1.4.2.8
- Teredo is disabled on registering or attaching to the driver. The API code updates system registry and the change is applied after reboot.

WFP driver 1.4.2.6
- Reduced memory usage on outgoing TCP data path.
- Fixed a minor issue in packet level filter.
- The weight of a packet level filter is updated to fix issues with Teredo traffic.
- Fixed an incompatibility with NOD32 on Windows 8.

WFP driver 1.4.2.2
- The weights of sublayers are updated for compatibility with Bitdefender and other antiviruses during filtering SSL.
- Fixed a memory leak in UDP filtering code.
- Added protection from unexpected TCP packets.
- Fixed an incompatibility with Avira on Windows 8.
- Fixed BSOD occured in tcpip.sys after trying to send packets via disconnected flow.
- The driver closes filtered connections more correctly when a filtering process detaches.

WFP driver 1.4.1.5
- Implemented a workaround for WFP bug disallowing filtering SSL when several drivers are used to filter TCP simultaneously.
- Fixed an infinite loop occured during filtering UDP when several drivers are used to filter TCP simultaneously.

WFP driver 1.4.1.4
- Implemented a workaround for WFP bug related to deferring inbound traffic. The filtering for NetBios connections is returned back.

build 1.4.1.2
- WFP level driver is added for using on Windows 7 and higher. It has better performance and compatibility with Windows 8.
- The driver uses shared memory for communications with user, for better performance. The new API (nfapi) doesn't work with older drivers, i.e. it is necessary to replace both API and driver, then reboot.
- Fixed an issue with filtering heavy UDP traffic.

build 1.4.1.0
- Fixed crashes on aborting TCP connections.
- Fixed an incompatibility with VIPRE antivirus.

build 1.4.0.7
- Fixed issues with filtering incoming RDP connections.
- Fixed issues with UDP sockets after close of filtering application.
- Fixed hangs in nfapi on server family operating systems.

build 1.4.0.3
- Fixed a race condition occured during closing sockets.
- Fixed incompatibility with Kaspersky during handling incoming TCP connections in driver code.
- Added API function nf_tcpSetSockOpt, allowing to turn off Nagle and set other options for active TCP sockets.
- Real local address, assigned after routing, is indicated in tcpConnected event.
- Fixed a race condition in event handlers in driver code.

build 1.3.9.8
- Fixed issues in driver registration code in nfapi.
- Optimized IO code to reduce the usage of stack in driver.
- Fixed issues in the algorithm that disables filtering for TCP and UDP sockets.
- Added new API function nf_disableFiltering(). If this function is called before nf_free(), the driver tries to detach from filtered connections and avoid breaking them after closing the filtering application. If the packets are filtered asynchronously in a separate thread, make sure that the queue is flushed before a call to nf_disableFiltering().

build 1.3.9.6
- Bugfixes in nfapi code.
- nf_getProcessName uses QueryFullProcessImageName on Vista and later versions of Windows.

build 1.3.9.5
- Fixed a race condition during indicating TCP receives to network applications.
- Optimized the performance of communications between user mode and kernel mode.

build 1.3.9.4
- Fixed a deadlock during removing DPC from queue.

build 1.3.9.2
- Fixed one more incompatibility with AVG.

build 1.3.9.1
- Driver blocks TDI_RECEIVE requests issued for aborted connections.

build 1.3.9.0
- Fixed a race condition in code that executes DPC routines.

build 1.3.8.8
- Fixed an incompatibility with AVG and possibly some other antiviruses.

build 1.3.8.7
[-] Fixes to avoid memory align issues on some x64 systems.

build 1.3.8.5
[*] Added an additional parameter to UDP events and functions.

build 1.3.8.3
[*] The driver loading order is specified explicitly in nfapi code to avoid conflicts.
[-] Fixed an incompatibility with AVG.

build 1.3.7.9
[*] The size of internal buffer for UDP IRPs is increased in driver.

 

build 1.3.7.7

[-] Fixed a race condition in UDP filtering code in driver.
[-] Fixed a problem in driver with closing some TCP connections due to automatic suspending the data flow.
[*] The usage of non-paged memory pool is optimized in driver.

build 1.3.7.4

[*] The driver supports the undocumented TDI flags TDI_SEND_AND_DISCONNECT and TDI_RECEIVE_NO_PUSH, and allows filtering server-side sockets with non-standard behavior, e.g. IIS v6.0+.
[*] Filtering the packets transmitted by NetBT (Netbios) is disabled on the driver level.
[*] Other minor fixes for better compatibility and performance.

build 1.3.3

[+] It is possible to detach from the filtered sockets using new API functions nf_tcpDisableFiltering and nf_udpDisableFiltering.
[-] Fixed an incompatibility with ZoneAlarm.
[+] Added new C++ sample - TrafficShaper.
[*] Minor bugfixes and optimization.

build 1.3.1

[-] Several fixes in driver for compatibility with Windows 7.
[*] The driver detects local proxies and avoids filtering loops by disabling indicating tcpConnectRequest events for proxy process. The protection requires reboot after installing and registering the driver.
[-] The driver ignores zero length TCP sends.
[+] Added ETW tracing to driver (use the switch C_DEFINES=-D_WPPTRACE=1 to turn it on in SOURCES).

build 1.2.5

[+] Added new event udpConnectRequest to allow redirecting UDP traffic, transmitted via connected UDP sockets. The event is called when NF_INDICATE_CONNECT_REQUESTS flag is specified in an appropriate rule. DnsRedirector sample is updated to demonstrate using the event.
[*] Added a parameter for nf_addRule function, allowing to specify where to add new rule in driver rules list.
[-] Minor bugfixes.
[*] All samples are updated according to API changes.
[+] Added a new Delphi sample NetRedirector.

build 1.2.3

[+] It is possible to redirect outgoing TCP connections and change the filtering flags for them dynamically in the new event tcpConnectRequest. The event is called before establishing a new outgoing connection, when NF_INDICATE_CONNECT_REQUESTS flag is specified in an appropriate rule.
[+] Added new C++/C# sample TcpRedirector.
[-] Several bugs are fixed in driver and nfapi.

build 1.2.1

[-] The driver didn't filter some outgoing UDP packets.
[-] UDP packets were not blocked by rules.
[*] The filtering performance and memory usage are optimized.
[-] The driver issues own TDI_SEND and TDI_SEND_DATAGRAM requests from PASSIVE IRQL to avoid compatibility problems.

build 1.1.8

[*] Filtering TCP/UDP outgoing data is optimized.
[-] The driver API client attaches/detaches from driver more correctly.
[-] Fixed a problem with handling TCP inbound packets in driver.
[-] Reduced the size of nfapi internal buffers to avoid the delays during sending large amount of TCP data.
[-] nfapi blocked the filtered UDP packets for the sockets created before API initialization.
[-] Fixed a problem with closing TCP filtered connections.
[-] Minor bugfixes and optimization.

build 1.1

[-] Fixed a problem in UDP filtering driver code to avoid memory leaks in afd.sys.
[*] The memory usage in driver is optimized.