Compartilhar via


FWPS_FILTER0 (Compact 2013)

3/26/2014

This structure defines a run-time filter in the WFP Filter Engine.

Syntax

typedef struct FWPS_FILTER0_ {
  UINT64  filterId;
  FWP_VALUE0  weight;
  UINT16  subLayerWeight;
  UINT16  flags;
  UINT32  numFilterConditions;
  FWPS_FILTER_CONDITION0  *filterCondition;
  FWPS_ACTION0  action;
  UINT64  context;
  FWPM_PROVIDER_CONTEXT0  *providerContext;
} FWPS_FILTER0;

Members

  • filterId
    A run-time identifier that identifies the filter in the filter engine
  • weight
    An FWP_VALUE0 structure that contains a value that specifies the filter's importance in relation to other filters in the filter engine. Filters with a higher weight value are invoked first. The data type specified in the FWP_VALUE0 structure is either FWP_UINT64 or FWP_EMPTY. If the data type specified in the FWP_VALUE0 structure is FWP_EMPTY, the filter engine automatically assigns a weight to the filter that is based on how the filter tests the data compared to the other filters in the filter engine
  • subLayerWeight
    A value that specifies the importance of the filter's sublayer in relation to other sublayers in the filter engine. Filters that are located in a sublayer with a higher subLayerWeight value are invoked first.
  • flags
    Flags that specify actions that a callout's classifyFn callout function should take when it is processing network data. Possible flags are as follows:

    • FWPS_FILTER_FLAG_CLEAR_ACTION_RIGHT: This flag indicates to a callout's classifyFn callout function that it should always clear the FWPS_RIGHT_ACTION_WRITE flag when it returns either FWP_ACTION_BLOCK or FWP_ACTION_PERMIT for the suggested action. If this flag is not set, a callout's classifyFn callout function should clear the FWPS_RIGHT_ACTION_WRITE flag only when it returns FWP_ACTION_BLOCK for the suggested action.
    • FWPS_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED: This flag indicates to a callout's classifyFn callout function that if the callout is not registered, the callout should be treated as a permit filter.
  • numFilterConditions
    The number of FWPS_FILTER_CONDITION0 structures in the array pointed to by the filterCondition member. This member can be zero.
  • filterCondition
    A pointer to an array of FWPS_FILTER_CONDITION0 structures. These structures define the run-time filtering conditions for the filter. If the numFilterConditions member is zero, this pointer will be NULL.
  • action
    An FWPS_ACTION0 structure that specifies the action that the filter should take if all filtering conditions are true
  • context
    A context value that is associated with the filter. A callout can set this member to point to a callout driver-supplied context structure from inside the callout's notifyFn callout function when the filter is added to the filter engine. This context structure, which is opaque to the filter engine, can be used by the callout's classifyFn callout function to preserve any driver-specific data or state information between calls by the filter engine to the callout's classifyFn callout
  • providerContext
    A pointer to the provider context. If the callout has the FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT flag set, the context is the value of the flags member of FWPM_CALLOUT0. Otherwise this parameter is NULL.

Remarks

The filter engine passes a pointer to an FWPS_FILTER0 structure to a callout's notifyFn and classifyFn callout functions.

A filter's action is performed only if all filtering conditions are true. If no filtering conditions are specified in the filter, the specified action is always performed.

The providerContext member provides a mechanism for a callout driver to retrieve provider contexts without calling the base filtering engine (BFE).

Requirements

Header

fwpsk.h

See Also

Reference

WFP Callout Driver Structures
classifyFn
FWPS_ACTION0
FWPS_FILTER_CONDITION0
notifyFn
WFP Callout Driver Reference

Other Resources

FWP_VALUE0
FWPM_CALLOUT0
FWPM_PROVIDER_CONTEXT0