Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This section describes the order in which the layers of the Windows Filtering Platform (WFP) filter engine are traversed during a typical UDP session.
Note
UDP packet flows for IPv6 follow the same pattern as for IPv4.
Note
All non-TCP packet flows follow the same pattern as UDP packet flows.
UDP Connection Establishment
- Server (receiver) performs Passive Open
- bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
- bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
- bind: FWPM_LAYER_ALE_BIND_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
- bind: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
- sendto: FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 (Windows 7 / Windows Server 2008 R2 only)
- sendto: FWPM_LAYER_ALE_AUTH_CONNECT_V4
- FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
- data: FWPM_LAYER_DATAGRAM_DATA_V4
- UDP message: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
- IP datagrams: FWPM_LAYER_OUTBOUND_IPPACKET_V4
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
- FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4
- data: FWPM_LAYER_DATAGRAM_DATA_V4
Client (sender) performs Active Open
Server
UDP Message Received with No One Listening on the Port or Protocol
Server (receiver)
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD
- ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4
- ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_TRANSPORT_V4
- ICMP Dest Unreachable: FWPM_LAYER_OUTBOUND_IPPACKET_V4
Note
UDP with no endpoint is indicated at IPPACKET discard with a specific error condition. Block this packet at IPPACKET discard to cause the stack not to send the corresponding event (ICMP error).
Successful Reauthorization of a UDP Packet
Server (receiver)
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
- UDP message: FWPM_LAYER_DATAGRAM_DATA_V4(INBOUND)
Failed Reauthorization of a UDP Packet
Server (receiver)
- IP datagrams: FWPM_LAYER_INBOUND_IPPACKET_V4
- UDP message: FWPM_LAYER_INBOUND_TRANSPORT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
- UDP message: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD
UDP Connection Termination
UDP connection termination is not indicated at any WFP layer.
Related topics