Windows Dev Center

UDP Packet Flows

This section describes the order in which the layers of the Windows Filtering Platform (WFP) filter engine are traversed during a typical UDP session.

Note  UDP packet flows for IPv6 follow the same pattern as for IPv4.
 
Note  All non-TCP packet flows follow the same pattern as UDP packet flows.
 

UDP Connection Establishment

Server (receiver) performs Passive Open

  • bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
  • bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4

Client (sender) performs Active Open

  • bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
  • bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
  • sendto: FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
  • sendto: FWPM_LAYER_ALE_AUTH_CONNECT_V4
  • FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
  • data: FWPM_LAYER_DATAGRAM_DATA_V4
  • UDP message: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
  • IP datagrams: FWPM_LAYER_OUTBOUND_IPPACKET_V4

Server

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
  • FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
  • data: FWPM_LAYER_DATAGRAM_DATA_V4

UDP Message Received with No One Listening on the Port or Protocol

Server (receiver)

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD
  • ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4
  • ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
  • ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_IPPACKET_V4
Note  UDP with no endpoint is indicated at IPPACKET discard with a specific error condition. Block this packet at IPPACKET discard to cause the stack not to send the corresponding event (ICMP error).
 

Successful Reauthorization of a UDP Packet

Server (receiver)

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
  • UDP message: FWPM_LAYER_DATAGRAM_DATA_V4(INBOUND)

Failed Reauthorization of a UDP Packet

Server (receiver)

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD

UDP Connection Termination

UDP connection termination is not indicated at any WFP layer.

Related topics

ALE Reauthorization
Filtering Layer Identifiers

 

 

Community Additions

ADD
Show:
© 2015 Microsoft