UDP Packet Flows
This section describes the order in which the layers of the Windows Filtering Platform (WFP) filter engine are traversed during a typical UDP session.
Note
UDP packet flows for IPv6 follow the same pattern as for IPv4.
Note
All non-TCP packet flows follow the same pattern as UDP packet flows.
UDP Connection Establishment
- Server (receiver) performs Passive Open
- bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
- bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
- bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
- bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
- sendto: FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
- sendto: FWPM_LAYER_ALE_AUTH_CONNECT_V4
- FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
- data: FWPM_LAYER_DATAGRAM_DATA_V4
- UDP message: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
- IP datagrams: FWPM_LAYER_OUTBOUND_IPPACKET_V4
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
- FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
- data: FWPM_LAYER_DATAGRAM_DATA_V4
Client (sender) performs Active Open
Server
UDP Message Received with No One Listening on the Port or Protocol
Server (receiver)
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD
- ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4
- ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
- ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_IPPACKET_V4
Note
UDP with no endpoint is indicated at IPPACKET discard with a specific error condition. Block this packet at IPPACKET discard to cause the stack not to send the corresponding event (ICMP error).
Successful Reauthorization of a UDP Packet
Server (receiver)
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
- UDP message: FWPM_LAYER_DATAGRAM_DATA_V4(INBOUND)
Failed Reauthorization of a UDP Packet
Server (receiver)
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD
UDP Connection Termination
UDP connection termination is not indicated at any WFP layer.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for