This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 59%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Hi all,
I am developing a WFP driver to detect IGMP packets and take a copy of the same for analysis purpose. I am able to filter ICMP but not the IGMP packet, Hope there isn't much change b/w the filter config of IGMP & ICMP. Adding the code snippet of filter config, Is there any specific way to follow for filtering IGMP or any filter config i am missing?..
filter.displayData.name = EXAMPLE_FILTER_NAME;
filter.displayData.description = EXAMPLE_FILTER_DESCRIPTION;
filter.action.type = FWP_ACTION_CALLOUT_INSPECTION;
filter.subLayerKey = EXAMPLE_SUBLAYER_GUID;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = 0xf;
filter.numFilterConditions = 1;
filter.layerKey = FWPM_LAYER_INBOUND_TRANSPORT_V4;
filter.action.calloutKey = EXAMPLE_CALLOUT_GUID;
// IGMP protocol filter condition
fwpConditions[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
fwpConditions[0].matchType = FWP_MATCH_EQUAL;
fwpConditions[0].conditionValue.type = FWP_UINT8;
fwpConditions[0].conditionValue.uint8 = IPPROTO_IGMP;
filter.filterCondition = fwpConditions;
status = FwpmFilterAdd(filter_engine_handle, &filter, NULL, &(example_filter_id));
if (status != STATUS_SUCCESS){
DbgPrint("Failed to register example filter, status 0x%08x", status);
}
else{
DbgPrint("Example filter registered");
}
You question is more related with driver development which our network forum doesn't focus on, I will add the corresponding Windows Driver API related tag and remove network tag. Thank you!