WFP Callout Driver Filtering Condition Identifiers (Compact 2013)
3/26/2014
Each WFP callout driver filtering condition identifier is represented by a 128-bit GUID. These identifiers are defined in the following table:
Filtering Condition Identifier |
Description |
---|---|
FWPM_CONDITION_ARRIVAL_INTERFACE_INDEX |
The index of the arrival network interface, as enumerated by the network stack |
FWPM_CONDITION_ARRIVAL_INTERFACE_TYPE |
The type of the arrival network interface, as defined by the Internet Assigned Numbers Authority (IANA). |
FWPM_CONDITION_ARRIVAL_TUNNEL_TYPE |
The encapsulation method that is used by a tunnel if the IfType member of the IP_ADAPTER_ADDRESSES structure is IF_TYPE_TUNNEL. The tunnel type is defined by the IANA. |
FWPM_CONDITION_IP_ARRIVAL_INTERFACE |
The LUID for the network interface that is associated with the arrival IP address |
FWPM_CONDITION_IP_LOCAL_ADDRESS |
The local IP address |
FWPM_CONDITION_IP_REMOTE_ADDRESS |
The remote IP address |
FWPM_CONDITION_IP_SOURCE_ADDRESS |
The source IP address for forwarded packets |
FWPM_CONDITION_IP_DESTINATION_ADDRESS |
The destination IP address for forwarded packets |
FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE |
The local IP address type. The possible condition values are as follows: NlatUnspecified NlatUnicast NlatAnycast NlatMulticast NlatBroadcast |
FWPM_CONDITION_IP_DESTINATION_ADDRESS_TYPE |
The destination IP address type. The possible condition values are as follows: NlatUnspecified NlatUnicast NlatAnycast NlatMulticast NlatBroadcast |
FWPM_CONDITION_IP_LOCAL_INTERFACE |
The LUID for the network interface associated with the local IP address |
FWPM_CONDITION_IP_FORWARD_INTERFACE |
The LUID for the network interface on which the packet being forwarded is to be sent |
FWPM_CONDITION_IP_PROTOCOL |
The IP protocol number, as specified in RFC 1700 |
FWPM_CONDITION_IP_LOCAL_PORT |
The local transport protocol port number |
FWPM_CONDITION_IP_REMOTE_PORT |
The remote transport protocol port number |
FWPM_CONDITION_ICMP_TYPE |
The ICMP type field, as specified in RFC 792 |
FWPM_CONDITION_ICMP_CODE |
The ICMP code field, as specified in RFC 792 |
FWPM_CONDITION_EMBEDDED_LOCAL_ADDRESS_TYPE |
The local IP address type that is embedded in the ICMP packet. The possible condition values are as follows: NlatUnspecified NlatUnicast NlatAnycast NlatMulticast NlatBroadcast |
FWPM_CONDITION_EMBEDDED_REMOTE_ADDRESS |
The remote IP address that is embedded in the ICMP packet |
FWPM_CONDITION_EMBEDDED_PROTOCOL |
The IP protocol number that is embedded in the ICMP packet, as specified in RFC 1700 |
FWPM_CONDITION_EMBEDDED_LOCAL_PORT |
The local transport protocol port number that is embedded in the ICMP packet |
FWPM_CONDITION_EMBEDDED_REMOTE_PORT |
The remote transport protocol port number that is embedded in the ICMP packet |
FWPM_CONDITION_FLAGS |
A bitwise OR of a combination of filtering condition flags. For more information about the possible flags, see WFP Filtering Condition Flags. |
FWPM_CONDITION_DIRECTION |
The direction of the data flow or datagram traffic. The possible condition values are as follows: FWP_DIRECTION_INBOUND FWP_DIRECTION_OUTBOUND |
FWPM_CONDITION_INTERFACE_INDEX |
The index of the network interface, as enumerated by the network stack |
FWPM_CONDITION_INTERFACE_TYPE |
The bus type of the network interface |
FWPM_CONDITION_SUB_INTERFACE_INDEX |
The index of the logical network interface, as enumerated by the network stack |
FWPM_CONDITION_SOURCE_INTERFACE_INDEX |
The index of the source network interface for forwarded packets, as enumerated by the network stack |
FWPM_CONDITION_SOURCE_SUB_INTERFACE_INDEX |
The index of the source logical network interface for forwarded packets, as enumerated by the network stack |
FWPM_CONDITION_DESTINATION_INTERFACE_INDEX |
The index of the destination network interface for forwarded packets, as enumerated by the network stack |
FWPM_CONDITION_DESTINATION_SUB_INTERFACE_INDEX |
The index of the destination logical network interface for forwarded packets, as enumerated by the network stack |
FWPM_CONDITION_ALE_APP_ID |
The full path of the application |
WPM_CONDITION_ALE_USER_ID |
The identification of the local user |
FWPM_CONDITION_ALE_REMOTE_USER_ID |
The identification of the remote user |
FWPM_CONDITION_ALE_PROMISCUOUS_MODE |
The raw socket mode that is allowed or denied. The possible condition values are as follows: SIO_RCVALL SIO_RCVALL_IGMPMCAST SIO_RCVALL_MCAST |
FWPM_CONDITION_ALE_SIO_FIREWALL_SYSTEM_PORT |
Reserved. |
FWPM_CONDITION_ALE_NAP_CONTEXT |
Reserved. |
FWPM_CONDITION_REMOTE_USER_TOKEN |
The identification of the remote user |
FWPM_CONDITION_RPC_IF_UUID |
The UUID of the RPC interface |
FWPM_CONDITION_RPC_IF_VERSION |
The version of the RPC interface |
FWPM_CONDITION_RCP_IF_FLAG |
Reserved. |
FWPM_CONDITION_DCOM_APP_ID |
The identification of the COM application |
FWPM_CONDITION_IMAGE_NAME |
The name of the application |
FWPM_CONDITION_RPC_PROTOCOL |
The RPC protocol. The possible condition values are as follows: RPC_PROTSEQ_TCP RPC_PROTSEQ_HTTP RPC_PROTSEQ_NMP |
FWPM_CONDITION_RPC_AUTH_TYPE |
The authentication service type |
FWPM_CONDITION_RPC_AUTH_LEVEL |
The authentication service level |
FWPM_CONDITION_SEC_ENCRYPT_ALGORITHM |
The certificate based security service provider interface (SSPI) encryption algorithm |
FWPM_CONDITION_SEC_KEY_SIZE |
The certificate based security service provider interface (SSPI) encryption key size |
FWPM_CONDITION_IP_LOCAL_ADDRESS_V4 |
The local IPv4 address |
FWPM_CONDITION_IP_LOCAL_ADDRESS_V6 |
The local IPv6 address |
FWPM_CONDITION_PIPE |
The name of the remote named pipe |
FWPM_CONDITION_IP_REMOTE_ADDRESS_V4 |
The remote IPv4 address |
FWPM_CONDITION_IP_REMOTE_ADDRESS_V6 |
The remote IPv6 address |
FWPM_CONDITION_PROCESS_WITH_RPC_IF_UUID |
The UUID of the process with the RPC interface |
FWPM_CONDITION_RPC_EP_VALUE |
Reserved. |
FWPM_CONDITION_RPC_EP_FLAGS |
Reserved. |
FWPM_CONDITION_CLIENT_TOKEN |
The identification of the client when it uses RpcProxy |
FWPM_CONDITION_RPC_SERVER_NAME |
The name of the RPC server when it uses RpcProxy |
FWPM_CONDITION_RPC_SERVER_PORT |
The port on the RPC server when it uses RpcProxy |
FWPM_CONDITION_RPC_PROXY_AUTH_TYPE |
The RPC proxy authentication service type |
FWPM_CONDITION_TUNNEL_TYPE |
The encapsulation method that is used by a tunnel |
FWPM_CONDITION_CLIENT_CERT_KEY_LENGTH |
The secure socket layer (SSL) key length in the client certificate |
FWPM_CONDITION_CLIENT_CERT_OID |
The object identifier (also known as OID) in the client certificate |
See Also
Reference
WFP Callout Driver Filtering Conditions
LUID
WFP Callout Driver Filtering Condition Flags
WFP Callout Driver Filtering Condition Data Types
WFP Callout Driver Filtering Conditions Available at Each Filtering Layer
WFP Callout Driver Constants