Client side components
NetFilter SDK is a framework for transparent filtering the data packets transmitted via network. This is a high performance proxy-less solution, compatible with all antiviruses/firewalls/other network filters. It allows filtering the transmitted packets without redirecting connections to proxy. The SDK suits for developing the content filters, basic application level firewalls, traffic analyzers/shapers, other software that requires viewing and modifying TCP/UDP traffic on Windows.SDK consists of kernel mode and user mode parts. TDI and WFP level kernel drivers are used to filter the transmitted packets. The drivers have a simple user level API, which can be used from C/C++/.NET/Delphi code. TDI level driver suits for Windows 7 and lower, WFP level driver works on Windows 7 and higher.
Key features:
- The solution allows filtering incoming/outgoing TCP connections and UDP datagrams in user mode application. It is possible to filter the specified subset of connections/datagrams, restricted by filtering rules. The outgoing TCP connections can be redirected to different address.
- The filtering is fully transparent, because the driver allows viewing and changing TCP/UDP data without redirecting the traffic to proxy and modifying the addresses. There are no conflicts with antiviruses, firewalls and other filters.
- The filtering driver operates on transport level, in front of TCP/IP stack. In effect it automatically supports all kinds of TCP/IP capable network adapters: Ethernet, Dial-up/DSL/Cable modems, wireless adapters including Wi-Fi and Bluetooth, virtual adapters like loopback or VPN.
- Both IPv6 and IPv4 are supported.
- The process context (as process identifier) is available for all network activity.
- The driver user level interface (API) is easy in use, but powerful. There is no need to deal with the packet headers (like in NDIS level packet filters) or complicated WinSock interfaces.
- There are no problems with the high-speed connections, because the driver operates on transport level, between the applications and TCP/IP stack. It is possible to control the speed of data transmission.
- TDI filter driver works similarly on 32-bit and 64-bit Windows operating systems starting from Windows NT. WFP filter driver works on Windows 7/8/2008/2012. On Windows 8 TDI level filters are disabled for Metro applications. WFP level driver filters all processes, including Metro applications running in AppContainers.
- The same API is used with both TDI and WFP drivers. It is possible to use 32-bit API with 32-bit or 64-bit driver.
- WFP driver allows filtering any IP based protocols (e.g. ICMP).
System requirements:
Windows 7/8/10/11, x86/x64.
Limitations:
The driver must be signed with a code signing digital certificate to work
properly on 64-bit operating systems starting from Windows Vista. More details are provided here.
Server side components
nfsrvfilter is a server side driver, allowing to control access and filter IP traffic on a gateway host. TCP connections and UDP packets directed to other hosts via gateway with installed driver can be filtered by redirecting them to local proxy using network address translation. When the filtering is enabled for TCP and UDP, the solution works as a transparent proxy for the filtered traffic.Key features:
- The solution allows filtering (modifying) incoming/outgoing TCP connections and UDP datagrams. It is possible to filter the specified subset of connections/datagrams, restricted by filtering rules.
- The filtering driver is implemented as WFP filter on the top of TCP/IP stack. In effect it automatically supports all kinds of TCP/IP capable network adapters: Ethernet, Dial-up/DSL/Cable modems, wireless adapters including Wi-Fi and Bluetooth, virtual adapters like loopback or VPN.
- Both IPv6 and IPv4 are supported.
- It is possible to control the speed of data transmission and count the traffic using flow control contexts.
- The driver works in the same way on all 32-bit and 64-bit Windows operating systems starting from Windows 8. It is possible to use 32-bit API with 64-bit driver.
Windows 8/10/2012/2016 x86/x64
Limitations:
The driver must be signed with a code signing digital certificate. More details are provided here.