Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

WFP: Bypass application specific traffic from Wireguard interface without changing wireguard code

Pandapqr123Pandapqr123 Member Posts: 2

We have a requirement to bypass application/domain specific traffic from the Wireguard VPN interface without modifying the Wireguard code.
How can we achieve this using the WFP framework?

Wireguard internally creates its own interface & routes this traffic to its interface and sends all the traffic to the Wireguard server using this interface.
Now we want some applications/domains to not use wireguard VPN and go directly to the internet.
We are parsing DNS requests to get an IP address for the domain using FWPS_LAYER_DATAGRAM_DATA_V4 | FWPS_LAYER_DATAGRAM_DATA_V6 classify routine.

How can we prevent that matching application/domain not to going through wireguard VPN tunnel?


  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,716

    You can use the "route" command to do this. No programming is required.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Pandapqr123Pandapqr123 Member Posts: 2

    We can only add an IP address there. How can we add an application/domain?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,716

    If you know the domain name, then you know the IP. Right?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • MBond2MBond2 Member Posts: 629

    what you are talking about is called policy routing. Normal IP routing considers only the destination IP address and finds the next hop, and egress interface, for each packet based on a single routing table. This is true for both IPv4 and IPv6.

    With policy routing, additional factors extend the route lookup process. Typically, protocol, port and source IP. But other factors like the time of day are also considered by some implementations.

    For server versions of Windows, the network policy server feature implements some policy routing. I'm not aware of any other support in Windows for policy routing. Typically windows hosts leave most routing decisions to network devices like firewalls and routers

    to implement a policy routing filter, you first need to EXACTLY quantify the kind of policy that you plan to support, and then think about how you will obtain the required information to inform policy decisions

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 26 Feb - 1 Mar 2024 Live, Online