Compartilhar via


FWPS_CLASSIFY_OUT0 (Compact 2013)

3/26/2014

This structure defines the data that is returned to the caller of a callout's classifyFn callout function.

Syntax

typedef struct FWPS_CLASSIFY_OUT0_
{
  FWP_ACTION_TYPE  actionType;
  UINT64  outContext;
  UINT64  filterId;
  UINT32  rights;
  UINT32  flags;
  UINT32  reserved;
} FWPS_CLASSIFY_OUT0;

Members

  • actionType
    An FWP_ACTION_TYPE value that specifies the suggested action to be taken as determined by the callout's classifyFn callout function. A callout driver sets this variable to one of the following values:

    • FWP_ACTION_BLOCK: block the data from being transmitted or received
    • FWP_ACTION_CONTINUE: pass the decision to block or allow the data to the next filter in the filter engine
    • FWP_ACTION_NONE : perform no action on the data
    • FWP_ACTION_NONE_NO_MATCH: perform no action on the data because it does not match the enumerated filter data types
    • FWP_ACTION_PERMIT: allow the data to be transmitted or received

    Write access to this member is controlled by the FWPS_RIGHT_ACTION_WRITE flag in the Rights member. If the FWPS_RIGHT_ACTION_WRITE flag is set, a callout driver can write any of these values to this member. If the FWPS_RIGHT_ACTION_WRITE flag is not set, a callout driver should not write to this member unless it is vetoing an FWP_ACTION_PERMIT action that was previously returned by a higher weight filter in the filter engine. In this case, a callout driver sets this member to FWP_ACTION_BLOCK.

  • outContext
    Reserved for system use. Callout drivers must not use this member.
  • filterId
    Reserved for system use. Callout drivers must not use this member.
  • rights
    Flags that control the write access to other members within this structure. Possible flags are as follows:

    • FWPS_RIGHT_ACTION_WRITE : If this flag is set, a callout driver can write to the actionType member of this structure. If this flag is not set, a callout driver can write to the actionType member of this structure only if it is vetoing an FWP_ACTION_PERMIT action that was previously returned by a higher weight filter in the filter engine.
  • flags
    Flags that specify callout-specific parameters. Possible flags are as follows:

    • FWPS_CLASSIFY_OUT_FLAG_ABSORB: The blocked data is to be silently dropped without any event logging or auditing. This is typically used for packet modification where the original packet is to be absorbed and the modified packet is to be additionally processed.
    • This flag is only applicable at the network and forward layers when the actionType member is set to FWP_ACTION_BLOCK.
    • If this flag is not set, a blocking action will be subject to ordinary event logging and auditing.
    • FWPS_CLASSIFY_OUT_FLAG_BUFFER_LIMIT_REACHED: The filter engine sets this flag when the filter engine's data buffer for stream data is full. This can occur if a callout's classifyFn callout function repeatedly requests more data by setting the streamAction member of the FWPS_STREAM_CALLOUT_IO_PACKET0 structure to FWPS_STREAM_ACTION_NEED_MORE_DATA until the buffer limit is reached. If this flag is set, the callout's classifyFn callout function must either allow or block the entire stream data.
    • This flag is only applicable at the stream layers.
    • FWPS_CLASSIFY_OUT_FLAG_NO_MORE_DATA: Stream data was requested after the stream was disconnected.
  • reserved
    Reserved for system use. Callout drivers must not use this member.

Remarks

The WFP Filter Engine passes a pointer to a FWPS_CLASSIFY_OUT0 structure to a callout's classifyFn callout function. A callout driver uses this structure to return data to the caller.

Requirements

Header

fwpsk.h

See Also

Reference

WFP Callout Driver Structures
classifyFn
FWPS_STREAM_CALLOUT_IO_PACKET0
WFP Callout Driver Reference