Neuerungen in der Windows-Filterplattform
Windows 8 und Windows Server 2012 neue Programmierelemente der Windows-Filterplattform einführen. Die neuen Funktionen umfassen Folgendes:
- Filterung der Ebene 2: Bietet Zugriff auf die L2-Ebene (MAC), sodass der Datenverkehr auf dieser Ebene gefiltert werden kann.
- vSwitch-Filterung: Ermöglicht die Überprüfung und/oder Änderung von Paketen, die einen vSwitch durchlaufen. WFP-Filter oder -Legenden können beim Ein- und Ausgehenden vSwitch verwendet werden.
- App-Containerverwaltung: Ermöglicht den Zugriff auf Informationen zu App-Containern und Konnektivitätsproblemen mit der Netzwerkisolation.
- IPsec-Updates: Erweiterte IPsec-Funktionen, einschließlich Überwachung des Verbindungszustands, Zertifikatauswahl und Schlüsselverwaltung.
Das Windows Driver Kit enthält auch Informationen zu WFP-Änderungen für Windows 8.
Windows 8-API-Updates
Für Windows 8 und Windows Server 2012 wurden viele neue APIs hinzugefügt.
Neue Funktionen
- FWPM_NET_EVENT_CALLBACK1
- FwpmConnectionCreateEnumHandle0
- FwpmConnectionDestroyEnumHandle0
- FwpmConnectionEnum0
- FwpmConnectionGetById0
- FwpmConnectionGetSecurityInfo0
- FwpmConnectionSetSecurityInfo0
- FwpmConnectionSubscribe0
- FwpmConnectionSubscriptionsGet0
- FwpmConnectionUnsubscribe0
- FwpmIPsecTunnelAdd2
- FwpmNetEventEnum2
- FwpmNetEventSubscribe1
- FwpmProviderContextAdd2
- FwpmProviderContextEnum2
- FwpmProviderContextGetById2
- FwpmProviderContextGetByKey2
- FwpmvSwitchEventsGetSecurityInfo0
- FwpmvSwitchEventsSetSecurityInfo0
- FwpmvSwitchEventSubscribe0
- FwpmvSwitchEventUnsubscribe0
- IkeextSaEnum2
- IkeextSaGetById2
- IPSEC_KEY_MANAGER_KEY_DICTATION_CHECK0
- IPSEC_KEY_MANAGER_DICTATE_KEY0
- IPSEC_KEY_MANAGER_NOTIFY_KEY0
- IPSEC_SA_CONTEXT_CALLBACK0
- IPsecKeyManagerAddAndRegister0
- IPsecKeyManagerGetSecurityInfoByKey0
- IPsecKeyManagerSetSecurityInfoByKey0
- IPsecKeyManagersGet0
- IPsecKeyManagerUnregisterAndDelete0
- IPsecSaContextSubscribe0
- IPsecSaContextSubscriptionsGet0
- IPsecSaContextUnsubscribe0
- NetworkIsolationDiagnoseConnectFailureAndGetInfo
- NetworkIsolationEnumAppContainers
- NetworkIsolationEnumerateAppContainerRules
- NetworkIsolationFreeAppContainers
- NetworkIsolationGetAppContainerConfig
- NetworkIsolationRegisterForAppContainerChanges
- NetworkIsolationSetAppContainerConfig
- NetworkIsolationSetupAppContainerBinaries
- PAC_CHANGES_CALLBACK_FN
Neue Strukturen
- IKEEXT_AUTHENTICATION_METHOD2
- IKEEXT_CERT_EKUS0
- IKEEXT_CERT_NAME0
- IKEEXT_CERTIFICATE_AUTHENTICATION2
- IKEEXT_CERTIFICATE_CRITERIA0
- IKEEXT_EM_POLICY2
- IKEEXT_KERBEROS_AUTHENTICATION1
- IKEEXT_POLICY2
- IPSEC_KEY_MANAGER0
- IPSEC_KEY_MANAGER_CALLBACKS0
- IPSEC_KEYING_POLICY1
- IPSEC_SA_CONTEXT_CHANGE0
- IPSEC_SA_CONTEXT_SUBSCRIPTION0
- IPSEC_TRANSPORT_POLICY2
- IPSEC_TUNNEL_ENDPOINT0
- IPSEC_TUNNEL_ENDPOINTS2
- IPSEC_TUNNEL_POLICY2
- FWPM_CONNECTION0
- FWPM_CONNECTION_ENUM_TEMPLATE0
- FWPM_CONNECTION_SUBSCRIPTION0
- FWPM_NET_EVENT2
- FWPM_NET_EVENT_CAPABILITY_ALLOW0
- FWPM_NET_EVENT_CAPABILITY_DROP0
- FWPM_NET_EVENT_CLASSIFY_ALLOW0
- FWPM_NET_EVENT_CLASSIFY_DROP2
- FWPM_NET_EVENT_CLASSIFY_DROP_MAC0
- FWPM_NET_EVENT_HEADER2
- FWPM_PROVIDER_CONTEXT2
- FWPM_VSWITCH_EVENT0
- FWPM_VSWITCH_EVENT_SUBSCRIPTION0
Neue Enumerierte Typen
- FWP_VSWITCH_NETWORK_TYPE
- FWPM_APPC_NETWORK_CAPABILITY_TYPE
- FWPM_CONNECTION_EVENT_TYPE
- FWPM_VSWITCH_EVENT_TYPE
- IKEEXT_CERT_CRITERIA_NAME_TYPE
- IPSEC_SA_CONTEXT_EVENT_TYPE0
Neue Filterebenenbezeichner
Filtern von Ebenenbezeichnern:
- FWPM_LAYER_INBOUND_MAC_FRAME_ETHERNET
- FWPM_LAYER_OUTBOUND_MAC_FRAME_ETHERNET
- FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE
- FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE
- FWPM_LAYER_INGRESS_VSWITCH_ETHERNET
- FWPM_LAYER_EGRESS_VSWITCH_ETHERNET
- FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4/FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V6
- FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V4/FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V6
Neue Filterbedingungsbezeichner
Filtern von Bedingungsbezeichnern:
- FWPM_CONDITION_INTERFACE_MAC_ADDRESS
- FWPM_CONDITION_MAC_LOCAL_ADDRESS
- FWPM_CONDITION_MAC_REMOTE_ADDRESS
- FWPM_CONDITION_ETHER_TYPE
- FWPM_CONDITION_VLAN_ID
- FWPM_CONDITION_NDIS_PORT
- FWPM_CONDITION_NDIS_MEDIA_TYPE
- FWPM_CONDITION_NDIS_PHYSICAL_MEDIA_TYPE
- FWPM_CONDITION_L2_FLAGS
- FWPM_CONDITION_MAC_LOCAL_ADDRESS_TYPE
- FWPM_CONDITION_MAC_REMOTE_ADDRESS_TYPE
- FWPM_CONDITION_ALE_PACKAGE_ID
- FWPM_CONDITION_MAC_SOURCE_ADDRESS
- FWPM_CONDITION_MAC_DESTINATION_ADDRESS
- FWPM_CONDITION_MAC_SOURCE_ADDRESS_TYPE
- FWPM_CONDITION_MAC_DESTINATION_ADDRESS_TYPE
- FWPM_CONDITION_IP_SOURCE_PORT
- FWPM_CONDITION_IP_DESTINATION_PORT
- FWPM_CONDITION_VSWITCH_ID
- FWPM_CONDITION_VSWITCH_NETWORK_TYPE
- FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_ID
- FWPM_CONDITION_VSWITCH_DESTINATION_INTERFACE_ID
- FWPM_CONDITION_VSWITCH_SOURCE_VM_ID
- FWPM_CONDITION_VSWITCH_DESTINATION_VM_ID
- FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_TYPE
- FWPM_CONDITION_VSWITCH_TENANT_NETWORK_ID
Neue Filterbedingungsflags
- FWP_CONDITION_FLAG_IS_PROXY_CONNECTION
- FWP_CONDITION_FLAG_IS_APPCONTAINER_LOOPBACK
- FWP_CONDITION_FLAG_IS_NON_APPCONTAINER_LOOPBACK
- FWP_CONDITION_FLAG_IS_HONORING_POLICY_AUTHORIZE
- FWP_CONDITION_L2_IS_NATIVE_ETHERNET
- FWP_CONDITION_L2_IS_WIFI
- FWP_CONDITION_L2_IS_MOBILE_BROADBAND
- FWP_CONDITION_L2_IS_WIFI_DIRECT_DATA
- FWP_CONDITION_L2_IS_VM2VM
- FWP_CONDITION_L2_IS_MALFORMED_PACKET
- FWP_CONDITION_L2_IS_IP_FRAGMENT_GROUP
- FWP_CONDITION_L2_IF_CONNECTOR_PRESENT
Windows 7-Updates für die Windows-Filterplattform
Das Dokument Neuerungen in der Windows-Filterplattform enthält viele der Updates, die für Windows 7 vorgenommen wurden. Informationen finden Sie auch im Windows Driver Kit zu WFP-Änderungen für Windows 7.