What's New in Windows Filtering Platform

Windows 8 and Windows Server 2012 introduce new Windows Filtering Platform programming elements. New functionality includes the following:

  • Layer 2 filtering: Provides access to the L2 (MAC) layer, allowing filtering of traffic at that layer.
  • vSwitch filtering: Allows packets traversing a vSwitch to be inspected and/or modified. WFP filters or callouts can be used at the vSwitch ingress and egress.
  • App container management: Allows access to information about app containers and network isolation connectivity issues.
  • IPsec updates: Extended IPsec functionality including connection state monitoring, certificate selection, and key management.

The Windows Driver Kit also includes information on WFP Changes for Windows 8.

Windows 8 API updates

Many new APIs have been added for Windows 8 and Windows Server 2012.

New functions

New structures

New enumerated types

New filtering layer identifiers

Filtering Layer Identifiers:

  • FWPM_LAYER_INBOUND_MAC_FRAME_ETHERNET
  • FWPM_LAYER_OUTBOUND_MAC_FRAME_ETHERNET
  • FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE
  • FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE
  • FWPM_LAYER_INGRESS_VSWITCH_ETHERNET
  • FWPM_LAYER_EGRESS_VSWITCH_ETHERNET
  • FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4 / FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V6
  • FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V4 / FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V6

New filtering condition identifiers

Filtering Condition Identifiers:

  • FWPM_CONDITION_INTERFACE_MAC_ADDRESS
  • FWPM_CONDITION_MAC_LOCAL_ADDRESS
  • FWPM_CONDITION_MAC_REMOTE_ADDRESS
  • FWPM_CONDITION_ETHER_TYPE
  • FWPM_CONDITION_VLAN_ID
  • FWPM_CONDITION_NDIS_PORT
  • FWPM_CONDITION_NDIS_MEDIA_TYPE
  • FWPM_CONDITION_NDIS_PHYSICAL_MEDIA_TYPE
  • FWPM_CONDITION_L2_FLAGS
  • FWPM_CONDITION_MAC_LOCAL_ADDRESS_TYPE
  • FWPM_CONDITION_MAC_REMOTE_ADDRESS_TYPE
  • FWPM_CONDITION_ALE_PACKAGE_ID
  • FWPM_CONDITION_MAC_SOURCE_ADDRESS
  • FWPM_CONDITION_MAC_DESTINATION_ADDRESS
  • FWPM_CONDITION_MAC_SOURCE_ADDRESS_TYPE
  • FWPM_CONDITION_MAC_DESTINATION_ADDRESS_TYPE
  • FWPM_CONDITION_IP_SOURCE_PORT
  • FWPM_CONDITION_IP_DESTINATION_PORT
  • FWPM_CONDITION_VSWITCH_ID
  • FWPM_CONDITION_VSWITCH_NETWORK_TYPE
  • FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_ID
  • FWPM_CONDITION_VSWITCH_DESTINATION_INTERFACE_ID
  • FWPM_CONDITION_VSWITCH_SOURCE_VM_ID
  • FWPM_CONDITION_VSWITCH_DESTINATION_VM_ID
  • FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_TYPE
  • FWPM_CONDITION_VSWITCH_TENANT_NETWORK_ID

New filtering condition flags

Filtering Condition Flags:

  • FWP_CONDITION_FLAG_IS_PROXY_CONNECTION
  • FWP_CONDITION_FLAG_IS_APPCONTAINER_LOOPBACK
  • FWP_CONDITION_FLAG_IS_NON_APPCONTAINER_LOOPBACK
  • FWP_CONDITION_FLAG_IS_HONORING_POLICY_AUTHORIZE
  • FWP_CONDITION_L2_IS_NATIVE_ETHERNET
  • FWP_CONDITION_L2_IS_WIFI
  • FWP_CONDITION_L2_IS_MOBILE_BROADBAND
  • FWP_CONDITION_L2_IS_WIFI_DIRECT_DATA
  • FWP_CONDITION_L2_IS_VM2VM
  • FWP_CONDITION_L2_IS_MALFORMED_PACKET
  • FWP_CONDITION_L2_IS_IP_FRAGMENT_GROUP
  • FWP_CONDITION_L2_IF_CONNECTOR_PRESENT

Windows 7 updates to the Windows Filtering Platform

The document [What's New in Windows Filtering Platform](http://download.microsoft.com/download/5/2/0/520FB22A-4374-45FC-B62B-B556E749AEE0/WFP - What's New in Win7-V1.1.docx) details many of the updates made for Windows 7. Information is also available in the Windows Driver Kit on WFP Changes for Windows 7.