WFP Callout Driver Run-time Filtering Layer Identifiers (Compact 2013)
3/26/2014
The run-time filtering layer identifiers are used by kernel-mode callout drivers and are represented by a 64-bit LUID. These identifiers are constant values in the FWPS_BUILTIN_LAYERS enumeration that is defined in Fwpsk.h. These identifiers are defined as follows:
Run-time Filtering Layer Identifier |
Filtering Layer Description |
|---|---|
FWPS_LAYER_INBOUND_IPPACKET_V4 FWPS_LAYER_INBOUND_IPPACKET_V6 |
This filtering layer is located in the receive path, directly after the IP header of a received packet is parsed but before any IP header processing occurs. No IPsec decryption or reassembly has occurred. |
FWPS_LAYER_INBOUND_IPPACKET_V4_DISCARD FWPS_LAYER_INBOUND_IPPACKET_V6_DISCARD |
This filtering layer is located in the receive path for processing any received packets that were discarded at the network layer. |
FWPS_LAYER_OUTBOUND_IPPACKET_V4 FWPS_LAYER_OUTBOUND_IPPACKET_V6 |
This filtering layer is located in the send path directly before the sent packet is evaluated for fragmentation. All IP header processing is complete and all extension headers are in place. Any IPsec authentication and encryption has already occurred. |
FWPS_LAYER_OUTBOUND_IPPACKET_V4_DISCARD FWPS_LAYER_OUTBOUND_IPPACKET_V6_DISCARD |
This filtering layer is located in the send path for processing any sent packets that were discarded at the network layer. |
FWPS_LAYER_IPFORWARD_V4 FWPS_LAYER_IPFORWARD_V6 |
This filtering layer is located in the forwarding path at the point where a received packet is forwarded. |
FWPS_LAYER_IPFORWARD_V4_DISCARD FWPS_LAYER_IPFORWARD_V6_DISCARD |
This filtering layer is located in the forwarding path for processing any forwarded packets that were discarded at the forward layer. |
FWPS_LAYER_INBOUND_TRANSPORT_V4 FWPS_LAYER_INBOUND_TRANSPORT_V6 |
This filtering layer is located in the receive path directly after a received packet's header is parsed by the network stack at the transport layer, but before any transport layer processing occurs. |
FWPS_LAYER_INBOUND_TRANSPORT_V4_DISCARD FWPS_LAYER_INBOUND_TRANSPORT_V6_DISCARD |
This filtering layer is located in the receive path for processing any received packets that were discarded at the transport layer. |
FWPS_LAYER_OUTBOUND_TRANSPORT_V4 FWPS_LAYER_OUTBOUND_TRANSPORT_V6 |
This filtering layer is located in the send path directly after a sent packet is passed to the network layer for processing but before any network layer processing occurs. This filtering layer is located at the top of the network layer instead of at the bottom of the transport layer so that any packets that are sent by third-party transports or as raw packets are filtered at this layer. |
FWPS_LAYER_OUTBOUND_TRANSPORT_V4_DISCARD FWPS_LAYER_OUTBOUND_TRANSPORT_V6_DISCARD |
This filtering layer is located in the send path for processing any sent packets that were discarded at the transport layer. |
FWPS_LAYER_STREAM_V4 FWPS_LAYER_STREAM_V6 |
This filtering layer is located in the stream data path. This layer allows for processing network data on a per stream basis. At the stream layer, the network data is bidirectional. |
FWPS_LAYER_STREAM_V4_DISCARD FWPS_LAYER_STREAM_V6_DISCARD |
This filtering layer is reserved. |
FWPS_LAYER_DATAGRAM_DATA_V4 FWPS_LAYER_DATAGRAM_DATA_V6 |
This filtering layer is located in the datagram data path. This layer allows for processing network data on a per datagram basis. At the datagram layer, the network data is bidirectional. |
FWPS_LAYER_DATAGRAM_DATA_V4_DISCARD FWPS_LAYER_DATAGRAM_DATA_V6_DISCARD |
This filtering layer is located in the datagram data path for processing any discarded datagrams. |
FWPS_LAYER_INBOUND_ICMP_ERROR_V4 FWPS_LAYER_INBOUND_ICMP_ERROR_V6 |
This filtering layer is located in the receive path for processing received ICMP messages for the transport protocol. |
FWPS_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD FWPS_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD |
This filtering layer is located in the receive path for processing received and discarded ICMP messages. |
FWPS_LAYER_OUTBOUND_ICMP_ERROR_V4 FWPS_LAYER_OUTBOUND_ICMP_ERROR_V6 |
This filtering layer is located in the send path for processing sent ICMP messages for the transport protocol. |
FWPS_LAYER_OUTBOUND_ICMP_ERROR_V4_DISCARD FWPS_LAYER_OUTBOUND_ICMP_ERROR_V6_DISCARD |
This filtering layer is located in the send path for processing sent discarded ICMP. |
FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 |
This filtering layer allows for authorizing transport port assignments, bind requests, promiscuous mode requests, and raw mode requests. |
FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V4_DISCARD FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V6_DISCARD |
This filtering layer allows for processing the following discarded items: transport port assignments, bind requests, promiscuous mode requests, and raw mode requests. |
FWPS_LAYER_ALE_AUTH_LISTEN_V4 FWPS_LAYER_ALE_AUTH_LISTEN_V6 |
This filtering layer allows for authorizing TCP listen requests. |
FWPS_LAYER_ALE_AUTH_LISTEN_V4_DISCARD FWPS_LAYER_ALE_AUTH_LISTEN_V6_DISCARD |
This filtering layer allows for processing discarded TCP listen requests. |
FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V4 FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V6 |
This filtering layer allows for authorizing accept requests for incoming TCP connections and for authorizing incoming non-TCP traffic based on the first packet received. |
FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V6_DISCARD |
This filtering layer allows for processing accept requests for incoming TCP connections that have been discarded and authorizations for incoming discarded non-TCP traffic. |
FWPS_LAYER_ALE_AUTH_CONNECT_V4 FWPS_LAYER_ALE_AUTH_CONNECT_V6 |
This filtering layer allows for authorizing connect requests for outgoing TCP connections and authorizing outgoing non-TCP traffic based on the first packet sent. |
FWPS_LAYER_ALE_AUTH_CONNECT_V4_DISCARD FWPS_LAYER_ALE_AUTH_CONNECT_V6_DISCARD |
This filtering layer allows for processing connect requests for outgoing discarded TCP connections and processing authorizations for outgoing discarded non-TCP traffic. |
FWPS_LAYER_ALE_FLOW_ESTABLISHED_V4 FWPS_LAYER_ALE_FLOW_ESTABLISHED_V6 |
This filtering layer allows for notification when a TCP connection is established or non-TCP traffic is authorized. |
FWPS_LAYER_ALE_FLOW_ESTABLISHED_V4_DISCARD FWPS_LAYER_ALE_FLOW_ESTABLISHED_V6_DISCARD |
This filtering layer allows for processing when an established TCP connection is discarded at the flow established layer, and when authorized non-TCP traffic is discarded at the flow established layer. |
FWPS_LAYER_IPSEC_KM_DEMUX_V4 FWPS_LAYER_IPSEC_KM_DEMUX_V6 |
This filtering layer determines which keying modules are invoked when the local system is the initiator. This is a user-mode filtering layer. |
FWPS_LAYER_IPSEC_V4 FWPS_LAYER_IPSEC_V6 |
This filtering layer allows the keying module to look up quick-mode policy information when negotiating quick-mode security associations. This is a user-mode filtering layer. |
FWPS_LAYER_IKEEXT_V4 FWPS_LAYER_IKEEXT_V6 |
This filtering layer allows the IKE and authenticated IP modules to look up main-mode policy information when negotiating main-mode security associations. This is a user-mode filtering layer. |
FWPS_LAYER_RPC_UM |
This filtering layer allows for inspecting the RPC data fields that are available in user mode. This is a user-mode filtering layer. |
FWPS_LAYER_RPC_EPMAP |
This filtering layer allows for inspecting the RPC data fields that are available in user mode during endpoint resolution. This is a user-mode filtering layer. |
FWPS_LAYER_RPC_EP_ADD |
This filtering layer allows for inspecting the RPC data fields that are available in user mode when a new endpoint is added. This is a user-mode filtering layer. |
FWPS_LAYER_RPC_PROXY_CONN |
This filtering layer allows for inspecting RpcProxy connection requests. This is a user-mode filtering layer. |
FWPS_LAYER_RPC_PROXY_IF |
This filtering layer allows for inspecting the interface that is used for RpcProxy connections. This is a user-mode filtering layer. |
Remarks
The V4 and V6 suffixes at the end of the callout identifiers indicate whether the callout is for the IPv4 or the IPv6 network stack.
See Also
Reference
WFP Callout Driver Filtering Layer Identifiers
LUID
WFP Callout Driver Management Filtering Layer Identifiers
WFP Callout Driver Constants