Edit

Share via

UDP Packet Flows

  • Article

This section describes the order in which the layers of the Windows Filtering Platform (WFP) filter engine are traversed during a typical UDP session.

Note

UDP packet flows for IPv6 follow the same pattern as for IPv4.

 

Note

All non-TCP packet flows follow the same pattern as UDP packet flows.

 

UDP Connection Establishment

Server (receiver) performs Passive Open
  • bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
  • bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4

Client (sender) performs Active Open

  • bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
  • bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
  • sendto: FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
  • sendto: FWPM_LAYER_ALE_AUTH_CONNECT_V4
  • FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
  • data: FWPM_LAYER_DATAGRAM_DATA_V4
  • UDP message: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
  • IP datagrams: FWPM_LAYER_OUTBOUND_IPPACKET_V4

Server

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
  • FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
  • data: FWPM_LAYER_DATAGRAM_DATA_V4

UDP Message Received with No One Listening on the Port or Protocol

Server (receiver)

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD
  • ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4
  • ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
  • ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_IPPACKET_V4

Note

UDP with no endpoint is indicated at IPPACKET discard with a specific error condition. Block this packet at IPPACKET discard to cause the stack not to send the corresponding event (ICMP error).

 

Successful Reauthorization of a UDP Packet

Server (receiver)

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
  • UDP message: FWPM_LAYER_DATAGRAM_DATA_V4(INBOUND)

Failed Reauthorization of a UDP Packet

Server (receiver)

  • IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
  • UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
  • UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD

UDP Connection Termination

UDP connection termination is not indicated at any WFP layer.

ALE Reauthorization

Filtering Layer Identifiers