Partager via


WFP Callout Driver Filtering Condition Identifiers (Compact 2013)

3/26/2014

Each WFP callout driver filtering condition identifier is represented by a 128-bit GUID. These identifiers are defined in the following table:

Filtering Condition Identifier

Description

FWPM_CONDITION_ARRIVAL_INTERFACE_INDEX

The index of the arrival network interface, as enumerated by the network stack

FWPM_CONDITION_ARRIVAL_INTERFACE_TYPE

The type of the arrival network interface, as defined by the Internet Assigned Numbers Authority (IANA).

FWPM_CONDITION_ARRIVAL_TUNNEL_TYPE

The encapsulation method that is used by a tunnel if the IfType member of the IP_ADAPTER_ADDRESSES structure is IF_TYPE_TUNNEL. The tunnel type is defined by the IANA.

FWPM_CONDITION_IP_ARRIVAL_INTERFACE

The LUID for the network interface that is associated with the arrival IP address

FWPM_CONDITION_IP_LOCAL_ADDRESS

The local IP address

FWPM_CONDITION_IP_REMOTE_ADDRESS

The remote IP address

FWPM_CONDITION_IP_SOURCE_ADDRESS

The source IP address for forwarded packets

FWPM_CONDITION_IP_DESTINATION_ADDRESS

The destination IP address for forwarded packets

FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE

The local IP address type. The possible condition values are as follows:

NlatUnspecified

NlatUnicast

NlatAnycast

NlatMulticast

NlatBroadcast

FWPM_CONDITION_IP_DESTINATION_ADDRESS_TYPE

The destination IP address type. The possible condition values are as follows:

NlatUnspecified

NlatUnicast

NlatAnycast

NlatMulticast

NlatBroadcast

FWPM_CONDITION_IP_LOCAL_INTERFACE

The LUID for the network interface associated with the local IP address

FWPM_CONDITION_IP_FORWARD_INTERFACE

The LUID for the network interface on which the packet being forwarded is to be sent

FWPM_CONDITION_IP_PROTOCOL

The IP protocol number, as specified in RFC 1700

FWPM_CONDITION_IP_LOCAL_PORT

The local transport protocol port number

FWPM_CONDITION_IP_REMOTE_PORT

The remote transport protocol port number

FWPM_CONDITION_ICMP_TYPE

The ICMP type field, as specified in RFC 792

FWPM_CONDITION_ICMP_CODE

The ICMP code field, as specified in RFC 792

FWPM_CONDITION_EMBEDDED_LOCAL_ADDRESS_TYPE

The local IP address type that is embedded in the ICMP packet. The possible condition values are as follows:

NlatUnspecified

NlatUnicast

NlatAnycast

NlatMulticast

NlatBroadcast

FWPM_CONDITION_EMBEDDED_REMOTE_ADDRESS

The remote IP address that is embedded in the ICMP packet

FWPM_CONDITION_EMBEDDED_PROTOCOL

The IP protocol number that is embedded in the ICMP packet, as specified in RFC 1700

FWPM_CONDITION_EMBEDDED_LOCAL_PORT

The local transport protocol port number that is embedded in the ICMP packet

FWPM_CONDITION_EMBEDDED_REMOTE_PORT

The remote transport protocol port number that is embedded in the ICMP packet

FWPM_CONDITION_FLAGS

A bitwise OR of a combination of filtering condition flags. For more information about the possible flags, see WFP Filtering Condition Flags.

FWPM_CONDITION_DIRECTION

The direction of the data flow or datagram traffic. The possible condition values are as follows:

FWP_DIRECTION_INBOUND

FWP_DIRECTION_OUTBOUND

FWPM_CONDITION_INTERFACE_INDEX

The index of the network interface, as enumerated by the network stack

FWPM_CONDITION_INTERFACE_TYPE

The bus type of the network interface

FWPM_CONDITION_SUB_INTERFACE_INDEX

The index of the logical network interface, as enumerated by the network stack

FWPM_CONDITION_SOURCE_INTERFACE_INDEX

The index of the source network interface for forwarded packets, as enumerated by the network stack

FWPM_CONDITION_SOURCE_SUB_INTERFACE_INDEX

The index of the source logical network interface for forwarded packets, as enumerated by the network stack

FWPM_CONDITION_DESTINATION_INTERFACE_INDEX

The index of the destination network interface for forwarded packets, as enumerated by the network stack

FWPM_CONDITION_DESTINATION_SUB_INTERFACE_INDEX

The index of the destination logical network interface for forwarded packets, as enumerated by the network stack

FWPM_CONDITION_ALE_APP_ID

The full path of the application

WPM_CONDITION_ALE_USER_ID

The identification of the local user

FWPM_CONDITION_ALE_REMOTE_USER_ID

The identification of the remote user

FWPM_CONDITION_ALE_PROMISCUOUS_MODE

The raw socket mode that is allowed or denied. The possible condition values are as follows:

SIO_RCVALL

SIO_RCVALL_IGMPMCAST

SIO_RCVALL_MCAST

FWPM_CONDITION_ALE_SIO_FIREWALL_SYSTEM_PORT

Reserved.

FWPM_CONDITION_ALE_NAP_CONTEXT

Reserved.

FWPM_CONDITION_REMOTE_USER_TOKEN

The identification of the remote user

FWPM_CONDITION_RPC_IF_UUID

The UUID of the RPC interface

FWPM_CONDITION_RPC_IF_VERSION

The version of the RPC interface

FWPM_CONDITION_RCP_IF_FLAG

Reserved.

FWPM_CONDITION_DCOM_APP_ID

The identification of the COM application

FWPM_CONDITION_IMAGE_NAME

The name of the application

FWPM_CONDITION_RPC_PROTOCOL

The RPC protocol. The possible condition values are as follows:

RPC_PROTSEQ_TCP

RPC_PROTSEQ_HTTP

RPC_PROTSEQ_NMP

FWPM_CONDITION_RPC_AUTH_TYPE

The authentication service type

FWPM_CONDITION_RPC_AUTH_LEVEL

The authentication service level

FWPM_CONDITION_SEC_ENCRYPT_ALGORITHM

The certificate based security service provider interface (SSPI) encryption algorithm

FWPM_CONDITION_SEC_KEY_SIZE

The certificate based security service provider interface (SSPI) encryption key size

FWPM_CONDITION_IP_LOCAL_ADDRESS_V4

The local IPv4 address

FWPM_CONDITION_IP_LOCAL_ADDRESS_V6

The local IPv6 address

FWPM_CONDITION_PIPE

The name of the remote named pipe

FWPM_CONDITION_IP_REMOTE_ADDRESS_V4

The remote IPv4 address

FWPM_CONDITION_IP_REMOTE_ADDRESS_V6

The remote IPv6 address

FWPM_CONDITION_PROCESS_WITH_RPC_IF_UUID

The UUID of the process with the RPC interface

FWPM_CONDITION_RPC_EP_VALUE

Reserved.

FWPM_CONDITION_RPC_EP_FLAGS

Reserved.

FWPM_CONDITION_CLIENT_TOKEN

The identification of the client when it uses RpcProxy

FWPM_CONDITION_RPC_SERVER_NAME

The name of the RPC server when it uses RpcProxy

FWPM_CONDITION_RPC_SERVER_PORT

The port on the RPC server when it uses RpcProxy

FWPM_CONDITION_RPC_PROXY_AUTH_TYPE

The RPC proxy authentication service type

FWPM_CONDITION_TUNNEL_TYPE

The encapsulation method that is used by a tunnel

FWPM_CONDITION_CLIENT_CERT_KEY_LENGTH

The secure socket layer (SSL) key length in the client certificate

FWPM_CONDITION_CLIENT_CERT_OID

The object identifier (also known as OID) in the client certificate

See Also

Reference

WFP Callout Driver Filtering Conditions
LUID
WFP Callout Driver Filtering Condition Flags
WFP Callout Driver Filtering Condition Data Types
WFP Callout Driver Filtering Conditions Available at Each Filtering Layer
WFP Callout Driver Constants

Other Resources

WFP Filtering Condition Flags