Share via


WFP Callout Driver Filtering Condition Flags (Compact 7)

3/12/2014

Each WFP callout driver filtering condition flag is represented by a bit field. These identifiers are defined in the following table:

Filtering Condition Flag Description

FWP_CONDITION_FLAG_IS_LOOPBACK

Tests if the network traffic is loopback traffic. This flag is applicable at the following filtering layers:

FWPM_LAYER_INBOUND_IPPACKET_V4

FWPM_LAYER_INBOUND_IPPACKET_V6

FWPM_LAYER_OUTBOUND_IPPACKET_V4

FWPM_LAYER_OUTBOUND_IPPACKET_V6

FWPM_LAYER_INBOUND_TRANSPORT_V4

FWPM_LAYER_INBOUND_TRANSPORT_V6

FWPM_LAYER_OUTBOUND_TRANSPORT_V4

FWPM_LAYER_OUTBOUND_TRANSPORT_V6

FWPM_LAYER_DATAGRAM_DATA_V4

FWPM_LAYER_DATAGRAM_DATA_V6

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6

FWPM_LAYER_STREAM_V4

FWPM_LAYER_STREAM_V6

FWPM_LAYER_ALE_AUTH_CONNECT_V4

FWPM_LAYER_ALE_AUTH_CONNECT_V6

FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4

FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6

FWPM_LAYER_INBOUND_ICMP_ERROR_V4

FWPM_LAYER_INBOUND_ICMP_ERROR_V6

FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4

FWPM_LAYER_OUTBOUND_ICMP_ERROR_V6

FWP_CONDITION_FLAG_IS_IPSEC_SECURED

Tests if the network traffic is protected by IPsec. This flag is applicable at the following filtering layers:

FWPM_LAYER_INBOUND_IPPACKET_V4

FWPM_LAYER_INBOUND_IPPACKET_V6

FWPM_LAYER_INBOUND_TRANSPORT_V4

FWPM_LAYER_INBOUND_TRANSPORT_V6

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6

FWPM_LAYER_ALE_AUTH_CONNECT_V4

FWPM_LAYER_ALE_AUTH_CONNECT_V6

FWP_CONDITION_FLAG_IS_REAUTHORIZE

Tests for a policy change as opposed to a new connection. This flag is applicable at the following filtering layers:

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6

FWPM_LAYER_ALE_AUTH_CONNECT_V4

FWPM_LAYER_ALE_AUTH_CONNECT_V6

FWP_CONDITION_FLAG_IS_WILDCARD_BIND

Tests if the application specified a wildcard address when binding to a local network address. This flag is applicable at the following filtering layers:

FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4

FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6

FWP_CONDITION_FLAG_IS_RAW_ENDPOINT

Tests if the local endpoint that is sending and receiving traffic is a raw endpoint. This flag is applicable at the following filtering layers:

FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4

FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4

FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6

FWPM_LAYER_ALE_AUTH_CONNECT_V4

FWPM_LAYER_ALE_AUTH_CONNECT_V6

FWPM_LAYER_DATAGRAM_DATA_V4

FWPM_LAYER_DATAGRAM_DATA_V6

FWPM_LAYER_INBOUND_TRANSPORT_V4

FWPM_LAYER_INBOUND_TRANSPORT_V6

FWPM_LAYER_OUTBOUND_TRANSPORT_V4

FWPM_LAYER_OUTBOUND_TRANSPORT_V6

FWPM_LAYER_INBOUND_ICMP_ERROR_V4

FWPM_LAYER_INBOUND_ICMP_ERROR_V6

FWP_CONDITION_FLAG_IS_FRAGMENT

Tests if the NET_BUFFER_LIST structure passed to a callout driver is an IP packet fragment. This flag is applicable at the following filtering layers:

FWPM_LAYER_INBOUND_IPPACKET_V4

FWPM_LAYER_INBOUND_IPPACKET_V6

FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD

FWPM_LAYER_INBOUND_IPPACKET_V6_DISCARD

FWP_CONDITION_FLAG_IS_FRAGMENT_GROUP

Tests if the NET_BUFFER_LIST structure passed to a callout driver describes a linked list of packet fragments. This flag is applicable at the following filtering layers:

FWPM_LAYER_IPFORWARD_V4

FWPM_LAYER_IPFORWARD_V6

FWP_CONDITION_FLAG_IS_REASSEMBLED

Tests if the packet has been reassembled from a group of fragments. This flag is applicable at the following filtering layers:

FWPM_LAYER_INBOUND_IPPACKET_V4

FWPM_LAYER_INBOUND_IPPACKET_V6

See Also

Reference

WFP Callout Driver Filtering Conditions
WFP Callout Driver Filtering Condition Identifiers
WFP Callout Driver Filtering Condition Data Types
WFP Callout Driver Filtering Conditions Available at Each Filtering Layer
WFP Callout Driver Constants