What is WinpkFilter©?

WinpkFilter is a high performance packet filtering framework for Windows 9x/ME/NT/2000/XP/2003/Vista/2008 that allows developers to transparently filter (view and modify) raw network packets with minimal impact on network activity without having to write low level TDI or NDIS driver code.

WinpkFilter is more than just a firewall development kit for Windows. Wide range of solutions can be implemented using WinpkFilter: custom firewalls, internet connection sharing (NAT), IP shaper, VPN and many other low-level network solutions completely in user-mode using your favorite development environment: Visual C++, Delphi, C++ Builder etc.

Using WinpkFilter requires no experience in kernel mode programming on your behalf since WinpkFilter provides you with powerful user level API. However, if you need to implement your solution (to achieve better performance) in kernel mode you can use well-documented raw IOCTL interface as well.

Product features:

• The easiest way to develop and debug packet filtering/modifying communication applications such as firewalls, sniffers, internet connection sharing, VPN, etc.
• Full portability to all Windows platforms due to the common API.
• Operates on RAS/PPP adapters
• Complete source code for sample applications and wrapper API DLL (registered version only) is available. Source code for helper drivers supplied when you purchase Source Code License ONLY.
• Passive network listening and active filtering (with possible packet modification) modes
• Interface for sending RAW Ethernet packets to network interface (originated by MSTCP) or to MSTCP
• Supports MTU decrement (allows you to set system-wide MTU decrement). This option is required if you plan to add additional headers to IP packets (implement IP in IP packet tunneling, IPSEC based VPN and so on).
• Helper routines in ndisapi.dll for converting internal (NDIS level) network interface names to the user friendly ones (the names you see in Network connections properties)
• 32 bit helper drivers are based on NDIS-hooking and NDIS intermediate driver technology.
• 64 bit helper drivers are based on NDIS intermediate driver technology.

Windows Packet Filter Kit can be used for the wide range of applications. Here are few of them:

• User-mode firewall solutions. That’s right! WinpkFilter allows implementing a firewall completely in user-mode. This is not recommended for high speed connections (over 100Mbit) since filtering network packets in user-mode decreases network performance up to 30-40%, but it is quite useful for dial-up, DSL or even 100MBit Ethernet connections.
• Kernel-mode firewall solutions. You can use RAW IOCTLs for calling helper driver from your kernel mode driver. This requires kernel-mode programming skills while eliminating performance degradation caused by redirecting packets from kernel mode to user mode and back.
• Internet Connection Sharing (Network Address Translation) that can be implemented both in user and kernel modes.
• VPN solution (IPSEC an example) that can also be implemented both in user and kernel modes.
• Packets tunneling. Example: packets captured from the network (or from MSTCP) delivered into the user mode and tunneled to the remote system inside SSL stream. Remote system can indicate them to MSTCP (or send over network) after extracting packets from the SSL stream. Classic approaches like ‘IP in IP’ can also be implemented.
• Packet sniffer. You can inspect all packets sent to (received from) MSTCP.
• IP shaping solutions (when you need to limit bandwidth for Internet users).
• Network traffic count solutions.
• Wireless Firewall Gateways.
  

"The core" of WinpkFilter is composed by following files: