This question refers to the filter.cpp sample code.
1. What is the exact purpose of the following filter:
// 3. Pass all packets (skipped by previous filters) without processing in user mode
// Common values
pFilters->m_StaticFilters.m_Adapter.QuadPart = 0; // applied to all adapters
pFilters->m_StaticFilters.m_ValidFields = 0;
pFilters->m_StaticFilters.m_FilterAction = FILTER_PACKET_PASS;
pFilters->m_StaticFilters.m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;
2. What happens if one has set several filters and does not terminate the filter table with such an entry?
3. What happens if the filter table contains one valid entry, then an all zeros entry, and then one more valid entries, assuming one has set
pFilters->m_TableSize = 3;
4. Will the first and the third entries still be processed?
1) This is so called default filter which defines the action for the packets which were not selected by other filters.
2) The default action in this case is FILTER_PACKET_REDIRECT
3) All zeroes entry will be skipped.