Using Virtual Switch Filtering

Virtual Switch Filtering is supported in Windows 8 and later versions of Windows.

This WFP feature allows filtering on fields of the MAC header, IP header, and upper protocol ports as well as virtual switch specific fields such as virtual port (VPort) and virtual machine identifier (VM ID). These layers are invoked on a per-packet basis for all packets traversing the virtual switch. These layers are accessed from a virtual switch extension filter—a type of NDIS lightweight filter (LWF) driver.

A callout driver calls the FwpsvSwitchEventsSubscribe0 function to register callback entry points for virtual switch layer events.

The entry points for the callback notification functions are specified in an FWPS_VSWITCH_EVENT_DISPATCH_TABLE0 structure. The callback functions that are available include:

FWPS_VSWITCH_FILTER_ENGINE_REORDER_CALLBACK0
FWPS_VSWITCH_INTERFACE_EVENT_CALLBACK0
FWPS_VSWITCH_LIFETIME_EVENT_CALLBACK0
FWPS_VSWITCH_POLICY_EVENT_CALLBACK0
FWPS_VSWITCH_PORT_EVENT_CALLBACK0
FWPS_VSWITCH_RUNTIME_STATE_RESTORE_CALLBACK0
FWPS_VSWITCH_RUNTIME_STATE_SAVE_CALLBACK0

The FWPS_VSWITCH_EVENT_TYPE enumeration defines the values for the eventType parameter of the virtual switch notification functions.

The callout driver must eventually call FwpsvSwitchEventsUnsubscribe0 to free the system resources.

If a callout driver returns STATUS_PENDING from a WFP notification function, WFP will return STATUS_PENDING to the OID request handler. The callout driver must call the FwpsvSwitchNotifyComplete0 function to complete the pending operation. After the FwpsvSwitchNotifyComplete0 call, WFP calls the NdisFOidRequestComplete function to complete the OID for the virtual switch.

Callbacks should not add or delete WFP filters synchronously in the context of the notification functions. In addition, if the notification function allows the callback to return STATUS_PENDING, and the callout returns STATUS_PENDING, the callout should not add or delete WFP filters before completing the notification.

WFP Virtual Switch Filter Layer and Fields

Run-time Filtering Layer Identifiers for virtual switch filtering include:

FWPS_LAYER_INGRESS_VSWITCH_ETHERNET

FWPS_LAYER_EGRESS_VSWITCH_ETHERNET

FWPS_LAYER_INGRESS_VSWITCH_TRANSPORT_V4

FWPS_LAYER_INGRESS_VSWITCH_TRANSPORT_V6

FWPS_LAYER_EGRESS_VSWITCH_TRANSPORT_V4

FWPS_LAYER_EGRESS_VSWITCH_TRANSPORT_V6

Data Field Identifiers for virtual switch filtering include:

FWPS_FIELDS_EGRESS_VSWITCH_ETHERNET

FWPS_FIELDS_EGRESS_VSWITCH_TRANSPORT_V4

FWPS_FIELDS_EGRESS_VSWITCH_TRANSPORT_V6

FWPS_FIELDS_INGRESS_VSWITCH_ETHERNET

FWPS_FIELDS_INGRESS_VSWITCH_TRANSPORT_V4

FWPS_FIELDS_INGRESS_VSWITCH_TRANSPORT_V6

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft