One of our software engineers offers a high level overview of the MAP and how we integrate this technology into our products.
What is WFP?
WFP is Microsoft's API to the network stack. It stands for "Windows Filtering Platform."
The primary organizational unit within WFP is the concept of Layer . When network traffic passes through the network stack in Windows, it follows conceptually way through a set of layers where the path is determined by the type of traffic it is.
connecting the layers Cales or components that move traffic between layers and act on screening decisions made in the core layers. It is the decision of the blocks that determine the layers of a particular packet of network traffic through.
In the layers are Filters that match specific traffic based on a set of conditions, and flag traffic to be allowed or blocked at the exit of the current layer.
Filters are organized in layers and sub-layers. underlayers can be considered as the components of a layer that actually hold filters, or as a filter attribute from the undercoat is registered globally rather than a base layer. Either way you want to see when traffic is measured in a particular layer in each sub-layer is evaluated, and if all the indicators of the undercoat traffic to block, it is abandoned by the hold on his way out layer.
In an underlay all filters are guaranteed to be evaluated. Specifically, they are evaluated in order of highest weight to lowest weight, where weight is a given value of the filter when it is created. If flags filter traffic to be blocked or allowed, that is the decision of this underlayer and no other filters in the underlayer are evaluated.
How Golden Frog uses WFP
Golden Frog WFP uses for his Kill switch, protection against leaks DNS and IPv6 features protection against leakage. That's what we do.
We make a custom layer for each function. This means that if a feature does block traffic will be blocked even if explicitly authorized by another function or permitted by other software (such as Windows Firewall).
We priority filters to allow traffic, we want to allow. They are the exception, and apply to the types of traffic that we want to afford even if they fit the general description of the traffic that we block. For example: for IPv6 loopback traffic in the IPv6 filter protection against leakage, which allows connections to our VPN and DHCP servers in the Switch Kill function, allowing connection your VPN DNS server specified in the DNS leakage protection function.
We put a lower priority filter to block traffic that we want to block. These are the main case. Kill has filters that block all traffic, protection against DNS leak has filters that block all traffic and IPv6 DNS leakage protection has filters that block all IPv6 traffic.
Since we use our own sub-layers, if the end result of these filters is to block traffic, it is abandoned by the hold when leaving this layer. Then all that remains is to choose the layers where we can do all these filters and intercept all traffic.
Like this post? Leave a comment below. And be sure to keep an eye on other technical blogs of our development team to come soon!
Read more about the product Golden Frog VyprVPN.
0 Komentar