Hyper-V Guest VM network packets control from the host

[andreytmk]

Currently, netebpfext is implemented as a callout driver. The callout hooks do not allow control of Guest Virtual Machine network packets from the host.

If we implement the driver as an NDIS filter driver, we will get several advantages:

• Clear interface for the administrator. A filter driver will appear in the properties of the network card, which can be enabled or disabled by clicking on the checkbox.

• The filter driver can be activated together with the Hyper-V Extensible Virtual Switch protocol driver and in this case it will be possible to control the traffic of virtual machines.

Examples of tasks that can be solved:

• Protect Guest Virtual Machines from RDP brute force.

• Protect Guest Virtual Machines from unnecessary broadcast network packets.

• Prevent Guest Virtual Machines from Broadcast Flooding to External Networks.

Disadvantages:

• It is not possible to use tspip.sys functionality

Have you ever considered implementing an NDIS filter driver instead of a callout driver?

[andreytmk]

This issue has the same idea: #125

The xdp-for-windows project is implemented the way I expected. Besides it has a release version in Aug 2023. Probably, it should be mentioned in the documentation: https://github.com/microsoft/xdp-for-windows