Redigera

Dela via


Introduction to Windows Filtering Platform (WFP) Callout Drivers

This section introduces WFP callout drivers.

For more information about the WFP, see the Windows Filtering Platform documentation in the Microsoft Windows SDK.

For WFP reference information, see Windows Filtering Platform Callout Drivers.

Purpose of Callout Drivers

A callout driver implements one or more callouts. Callouts extend the capabilities of the Windows Filtering Platform by processing TCP/IP-based network data in ways that are beyond the scope of the simple filtering functionality. Callouts are typically used to do the following tasks:

Deep Inspection
Perform complex inspection of the network data to determine which data should be blocked, which data should be permitted, and which data should be passed to another filter. An antivirus product, for example, could look for virus signatures.

Packet Modification
Perform modification and reinjection of the network packet headers or data, or both. A network address translation (NAT) product, for example, could modify the headers on IPv4 packets.

Stream Modification
Perform modification and reinjection of the network data in a stream. A parental control product, for example, could remove or replace specific words or phrases in a data stream.

Data Logging
Log of network traffic data. A network monitoring product, for example, could count the number of data packets that are discarded for a specific reason.

In addition to processing network data, callout drivers can perform other Windows Filtering Platform management tasks, such as adding filters to the base filtering engine. For more information about other tasks that a callout driver can perform, see Calling Other Windows Filtering Platform Functions.