WFP Callout Driver Filtering Condition Flags (Compact 7)
3/12/2014
Each WFP callout driver filtering condition flag is represented by a bit field. These identifiers are defined in the following table:
Filtering Condition Flag | Description |
---|---|
FWP_CONDITION_FLAG_IS_LOOPBACK |
Tests if the network traffic is loopback traffic. This flag is applicable at the following filtering layers: FWPM_LAYER_INBOUND_IPPACKET_V4 FWPM_LAYER_INBOUND_IPPACKET_V6 FWPM_LAYER_OUTBOUND_IPPACKET_V4 FWPM_LAYER_OUTBOUND_IPPACKET_V6 FWPM_LAYER_INBOUND_TRANSPORT_V4 FWPM_LAYER_INBOUND_TRANSPORT_V6 FWPM_LAYER_OUTBOUND_TRANSPORT_V4 FWPM_LAYER_OUTBOUND_TRANSPORT_V6 FWPM_LAYER_DATAGRAM_DATA_V4 FWPM_LAYER_DATAGRAM_DATA_V6 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6 FWPM_LAYER_STREAM_V4 FWPM_LAYER_STREAM_V6 FWPM_LAYER_ALE_AUTH_CONNECT_V4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6 FWPM_LAYER_INBOUND_ICMP_ERROR_V4 FWPM_LAYER_INBOUND_ICMP_ERROR_V6 FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4 FWPM_LAYER_OUTBOUND_ICMP_ERROR_V6 |
FWP_CONDITION_FLAG_IS_IPSEC_SECURED |
Tests if the network traffic is protected by IPsec. This flag is applicable at the following filtering layers: FWPM_LAYER_INBOUND_IPPACKET_V4 FWPM_LAYER_INBOUND_IPPACKET_V6 FWPM_LAYER_INBOUND_TRANSPORT_V4 FWPM_LAYER_INBOUND_TRANSPORT_V6 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6 FWPM_LAYER_ALE_AUTH_CONNECT_V4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 |
FWP_CONDITION_FLAG_IS_REAUTHORIZE |
Tests for a policy change as opposed to a new connection. This flag is applicable at the following filtering layers: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6 FWPM_LAYER_ALE_AUTH_CONNECT_V4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 |
FWP_CONDITION_FLAG_IS_WILDCARD_BIND |
Tests if the application specified a wildcard address when binding to a local network address. This flag is applicable at the following filtering layers: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 |
FWP_CONDITION_FLAG_IS_RAW_ENDPOINT |
Tests if the local endpoint that is sending and receiving traffic is a raw endpoint. This flag is applicable at the following filtering layers: FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6 FWPM_LAYER_ALE_AUTH_CONNECT_V4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 FWPM_LAYER_DATAGRAM_DATA_V4 FWPM_LAYER_DATAGRAM_DATA_V6 FWPM_LAYER_INBOUND_TRANSPORT_V4 FWPM_LAYER_INBOUND_TRANSPORT_V6 FWPM_LAYER_OUTBOUND_TRANSPORT_V4 FWPM_LAYER_OUTBOUND_TRANSPORT_V6 FWPM_LAYER_INBOUND_ICMP_ERROR_V4 FWPM_LAYER_INBOUND_ICMP_ERROR_V6 |
FWP_CONDITION_FLAG_IS_FRAGMENT |
Tests if the NET_BUFFER_LIST structure passed to a callout driver is an IP packet fragment. This flag is applicable at the following filtering layers: FWPM_LAYER_INBOUND_IPPACKET_V4 FWPM_LAYER_INBOUND_IPPACKET_V6 FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD FWPM_LAYER_INBOUND_IPPACKET_V6_DISCARD |
FWP_CONDITION_FLAG_IS_FRAGMENT_GROUP |
Tests if the NET_BUFFER_LIST structure passed to a callout driver describes a linked list of packet fragments. This flag is applicable at the following filtering layers: FWPM_LAYER_IPFORWARD_V4 FWPM_LAYER_IPFORWARD_V6 |
FWP_CONDITION_FLAG_IS_REASSEMBLED |
Tests if the packet has been reassembled from a group of fragments. This flag is applicable at the following filtering layers: FWPM_LAYER_INBOUND_IPPACKET_V4 FWPM_LAYER_INBOUND_IPPACKET_V6 |
See Also
Reference
WFP Callout Driver Filtering Conditions
WFP Callout Driver Filtering Condition Identifiers
WFP Callout Driver Filtering Condition Data Types
WFP Callout Driver Filtering Conditions Available at Each Filtering Layer
WFP Callout Driver Constants