Hi, I was a bit confused about weights for sub-layers (and filters within a
sub-layer) after reading the docs in MSDN about filter arbitration.
So I have the following questions:
- When I evaluate all the filters in my system and dump out their weights
(specifically FWPM_FILTER0->weight obtained through FwpmFilterEnum0), I see
some of the entries have weights of 2^64 -1. Most others have 0 and very
few have 1. What exactly is this weight - is this the filter weight within
a sublayer or the sublayer’s weight within a layer?
Eg.
csatdi Datagram V4 filter
Descr: CSA Datagram V4 Filter
Flags: 1
LayerKey: {3D08BF4E-45F6-4930-A922-417098E20027}
SubLayerKey: {68FD3D1A-7B6B-4E90-AC17-9FF82F676EFD}
Weight64: 18446744073709551615
- If the above filter wants to block packets and let’s say I have another
datagram filter registered in my own sublayer with FWP_EMPTY, will my
datagram filter ever get a chance to block & absorb packets given the above
has such the max weight? If so, is there a way for me to ensure I can
exceed this csatdi’s weight?