WFP-драйвер
В этой статье рассказывается об AdGuard для Windows — многофункциональном блокировщике рекламы, который защищает ваше устройство на системном уровне. Чтобы увидеть, как он работает, скачайте приложение AdGuard
Для фильтрации сетевого трафика AdGuard использует сетевой драйвер. Существует два варианта: драйвер TDI и драйвер WFP. Хотя драйвер WFP, как правило, предпочтительнее и включен по умолчанию для всех новых версий ОС Windows (Windows 8 и новее), он потенциально может вызвать проблемы совместимости, особенно с некоторыми антивирусными программами. Подобные ошибки могут выражаться совершенно по-разному, это зависит от конкретного случая.
Если вы столкнулись с проблемой, которая предположительно была связана с совместимостью, вы всегда можете перейти на более старый, но более стабильный сетевой драйвер TDI. Для этого:
- Перейдите в Настройки → Сеть.
- Отключите драйвер WFP, как показано ниже:
Introduction to Windows Filtering Platform Callout Drivers
This section introduces Windows Filtering Platform callout drivers.
For more information about the Windows Filtering Platform, see the Windows Filtering Platform documentation in the Microsoft Windows SDK.
Purpose of Callout Drivers
A callout driver implements one or more callouts. Callouts extend the capabilities of the Windows Filtering Platform by processing TCP/IP-based network data in ways that are beyond the scope of the simple filtering functionality. Callouts are typically used to do the following tasks:
Deep Inspection
Perform complex inspection of the network data to determine which data should be blocked, which data should be permitted, and which data should be passed to another filter. An antivirus product, for example, could look for virus signatures.
Packet Modification
Perform modification and reinjection of the network packet headers or data, or both. A network address translation (NAT) product, for example, could modify the headers on IPv4 packets.
Stream Modification
Perform modification and reinjection of the network data in a stream. A parental control product, for example, could remove or replace specific words or phrases in a data stream.
Data Logging
Log of network traffic data. A network monitoring product, for example, could count the number of data packets that are discarded for a specific reason.
In addition to processing network data, callout drivers can perform other Windows Filtering Platform management tasks, such as adding filters to the base filtering engine. For more information about other tasks that a callout driver can perform, see Calling Other Windows Filtering Platform Functions.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Windows driver documentation
Windows Filtering Platform Architecture Overview
This section provides a brief overview of the Windows Filtering Platform architecture. For a more thorough discussion of the Windows Filtering Platform architecture, see the Windows Filtering Platform documentation in the Microsoft Windows SDK.
The following figure shows the basic architecture of the Windows Filtering Platform.
The filter engine is the core of the Windows Filtering Platform. The filter engine performs all the filtering operations on the TCP/IP-based network data. At key points in the TCP/IP stack there are filtering layers where network data is passed to the filter engine for processing. If the filtering conditions for a filter of the filtering layer are all true, the filter engine applies the filter’s action.
Callout drivers provide additional filtering functionality by registering one or more callouts with the filter engine. Filters in the filter engine can specify a callout for the filter’s action. In this case, the filter engine passes the network data to the specified callout for additional processing.
The Windows Filtering Platform includes several built-in callouts. See Built-in Callout Identifiers for a description of each of these callouts.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Windows driver documentation
Porting Packet-Processing Drivers and Apps to WFP
Windows Filtering Platform (WFP) enables TCP/IP packet filtering, inspection, and modification, connection monitoring or authorization, IPsec rules and processing, and RPC filtering. Generally, you must convert your TCP/IP filtering or connection monitoring component in Windows XP and Windows Server 2003 to use a WFP user-mode application or service, a WFP kernel-mode callout driver, or both for Windows Vista and Windows Server 2008 and later. The following table lists the existing methods for packet processing in Windows XP and Windows Server 2003 and how you must change them in Windows Vista and Windows Server 2008 and later to use WFP.
Note As of Windows 8, the Transport Driver Interface (TDI) feature and Layered Service Providers (LSPs) feature are deprecated.
Transport layer, Stream layer, and/or ALE callout driver and optional user-mode application or service that uses the WFP Win32 API
For TCP connection management: ALE callout driver and optional user-mode application or service that uses the WFP Win32 API.
For TCP proxying:
- In Windows Vista: Packet modification callout driver.
- In Windows 7 and later: ALE_REDIRECT layer callout driver.
For MAC-level filtering:
- In Windows 8 and later: MAC_FRAME layer callout driver.
- In Windows Vista and Windows 7: NDIS lightweight filter driver.
For UDP traffic management: Stream or Datagram Data layer callout driver and optional user-mode application or service that uses the WFP Win32 API.
IP layer, ALE, Transport (such as Datagram Data), or Stream layer callout driver and optional user-mode application or service that uses the WFP Win32 API.
For IP-based filtering: User-mode application or service that uses the WFP Win32 API.
For MAC-based filtering:
- In Windows 8 and later: MAC_FRAME layer callout driver.
- In Windows Vista and Windows 7: NDIS lightweight filter driver.
TCP connection management: ALE callout driver and optional user-mode application or service that uses the WFP Win32 API.
UDP traffic management: ALE or Transport layer callout driver and optional user-mode application or service that uses the WFP Win32 API.
In Windows 8 and later: MAC_FRAME layer callout driver.
In Windows Vista and Windows 7: NDIS lightweight filter driver.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Windows driver documentation