Reputation: 11
Filtering NDIS-Protocoldrivers with WFP
The issue: When I configure virtualbox or vmware player to work in the bridge network I am unable to prevent them from accessing the internet. I only want the main instance of Windows to be able to access the internet but I need to run them in bridged mode.
What I have tried: I have written a callout-driver to log traffic at the individual layers. The only layer which allows me to block the traffic appears to be "FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE" at which point none of the provided information helps me distinguish the "bridge-traffic" from regular traffic. I have tried tagging the traffic in "FWPM_LAYER_OUTBOUND_MAC_FRAME_ETHERNET" and then filtering it but this would result in a host of issues. Furthermore I have tried using the netbufferlist SourceHandle to no avail(e.g. to call NdisMQueryAdapterInstanceName).
My question: Is there a way to filter this traffic? What am I missing?
Upvotes: 1
Views: 173
Answers (0)
Related Questions
- NDIS LWF driver causing issues for WFP drivers in the network stack?
- Why does NdisFSendNetBufferLists only work when called from FilterSendNetBufferLists?
- How can I send arbitrary packets with a NDIS filter driver?
- How can I read the received packets with a NDIS filter driver?
- Missing packets (Windows NDIS Driver Filter)
- Loading a Windows Driver Class other than NetService to act as an NDIS Filter
- WFP callout and NDIS LWF can't sit inside the same driver binary
- WFP filter: Raw TCP packets dropped when sent via FwpsInjectNetworkSendAsync
- programmatically installing NDIS filter driver
- how to call NdisOpenAdapterEx or the alternative outside the ProtocolBindAdapter routine?