WFP Callout Driver Management Filtering Layer Identifiers (Compact 7)
3/12/2014
The management filtering layer identifiers are generally used by user-mode applications and are represented by a 128-bit GUID. These identifiers are defined as follows:
Management Filtering Layer Identifier | Filtering Layer Description |
---|---|
FWPM_LAYER_INBOUND_IPPACKET_V4 FWPM_LAYER_INBOUND_IPPACKET_V6 |
This filtering layer is located in the receive path, directly after the IP header of a received packet is parsed but before any IP header processing occurs. No IPsec decryption or reassembly has occurred. |
FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD FWPM_LAYER_INBOUND_IPPACKET_V6_DISCARD |
This filtering layer is located in the receive path for processing any received packets that were discarded at the network layer. |
FWPM_LAYER_OUTBOUND_IPPACKET_V4 FWPM_LAYER_OUTBOUND_IPPACKET_V6 |
This filtering layer is located in the send path directly before the sent packet is evaluated for fragmentation. All IP header processing is complete and all extension headers are in place. Any IPsec authentication and encryption has already occurred. |
FWPM_LAYER_OUTBOUND_IPPACKET_V4_DISCARD FWPM_LAYER_OUTBOUND_IPPACKET_V6_DISCARD |
This filtering layer is located in the send path for processing any sent packets that were discarded at the network layer. |
FWPM_LAYER_IPFORWARD_V4 FWPM_LAYER_IPFORWARD_V6 |
This filtering layer is located in the forwarding path at the point where a received packet is forwarded. |
FWPM_LAYER_IPFORWARD_V4_DISCARD FWPM_LAYER_IPFORWARD_V6_DISCARD |
This filtering layer is located in the forwarding path for processing any forwarded packets that were discarded at the forward layer. |
FWPM_LAYER_INBOUND_TRANSPORT_V4 FWPM_LAYER_INBOUND_TRANSPORT_V6 |
This filtering layer is located in the receive path directly after a received packet's header is parsed by the network stack at the transport layer, but before any transport layer processing occurs. |
FWPM_LAYER_INBOUND_TRANSPORT_V4_DISCARD FWPM_LAYER_INBOUND_TRANSPORT_V6_DISCARD |
This filtering layer is located in the receive path for processing any received packets that were discarded at the transport layer. |
FWPM_LAYER_OUTBOUND_TRANSPORT_V4 FWPM_LAYER_OUTBOUND_TRANSPORT_V6 |
This filtering layer is located in the send path directly after a sent packet is passed to the network layer for processing but before any network layer processing occurs. This filtering layer is located at the top of the network layer instead of at the bottom of the transport layer so that any packets that are sent by third-party transports or as raw packets are filtered at this layer. |
FWPM_LAYER_OUTBOUND_TRANSPORT_V4_DISCARD FWPM_LAYER_OUTBOUND_TRANSPORT_V6_DISCARD |
This filtering layer is located in the send path for processing any sent packets that were discarded at the transport layer. |
FWPM_LAYER_STREAM_V4 FWPM_LAYER_STREAM_V6 |
This filtering layer is located in the stream data path. This layer allows for processing network data on a per stream basis. At the stream layer, the network data is bidirectional. |
FWPM_LAYER_DATAGRAM_DATA_V4 FWPM_LAYER_DATAGRAM_DATA_V6 |
This filtering layer is located in the datagram data path. This layer allows for processing network data on a per datagram basis. At the datagram layer, the network data is bidirectional. |
FWPM_LAYER_DATAGRAM_DATA_V4_DISCARD FWPM_LAYER_DATAGRAM_DATA_V6_DISCARD |
This filtering layer is located in the datagram data path for processing any discarded datagrams. |
FWPM_LAYER_INBOUND_ICMP_ERROR_V4 FWPM_LAYER_INBOUND_ICMP_ERROR_V6 |
This filtering layer is located in the receive path for processing received ICMP messages for the transport protocol. |
FWPM_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD FWPM_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD |
This filtering layer is located in the receive path for processing received and discarded ICMP messages. |
FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4 FWPM_LAYER_OUTBOUND_ICMP_ERROR_V6 |
This filtering layer is located in the send path for processing sent ICMP messages for the transport protocol. |
FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4_DISCARD FWPM_LAYER_OUTBOUND_ICMP_ERROR_V6_DISCARD |
This filtering layer is located in the send path for processing sent discarded ICMP. |
FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 |
This filtering layer allows for authorizing transport port assignments, bind requests, promiscuous mode requests, and raw mode requests. |
FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4_DISCARD FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6_DISCARD |
This filtering layer allows for processing the following discarded items: transport port assignments, bind requests, promiscuous mode requests, and raw mode requests. |
FWPM_LAYER_ALE_AUTH_LISTEN_V4 FWPM_LAYER_ALE_AUTH_LISTEN_V6 |
This filtering layer allows for authorizing TCP listen requests. |
FWPM_LAYER_ALE_AUTH_LISTEN_V4_DISCARD FWPM_LAYER_ALE_AUTH_LISTEN_V6_DISCARD |
This filtering layer allows for processing discarded TCP listen requests. |
FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6 |
This filtering layer allows for authorizing accept requests for incoming TCP connections and for authorizing incoming non-TCP traffic based on the first packet received. |
FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6_DISCARD |
This filtering layer allows for processing accept requests for incoming TCP connections that have been discarded and authorizations for incoming discarded non-TCP traffic. |
FWPM_LAYER_ALE_AUTH_CONNECT_V4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 |
This filtering layer allows for authorizing connect requests for outgoing TCP connections and authorizing outgoing non-TCP traffic based on the first packet sent. |
FWPM_LAYER_ALE_AUTH_CONNECT_V4_DISCARD FWPM_LAYER_ALE_AUTH_CONNECT_V6_DISCARD |
This filtering layer allows for processing connect requests for outgoing discarded TCP connections and processing authorizations for outgoing discarded non-TCP traffic. |
FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6 |
This filtering layer allows for notification when a TCP connection is established or non-TCP traffic is authorized. |
FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4_DISCARD FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6_DISCARD |
This filtering layer allows for processing when an established TCP connection is discarded at the flow established layer, and when authorized non-TCP traffic is discarded at the flow established layer. |
FWPM_LAYER_IPSEC_KM_DEMUX_V4 FWPM_LAYER_IPSEC_KM_DEMUX_V6 |
This filtering layer determines which keying modules are invoked when the local system is the initiator. This is a user-mode filtering layer. |
FWPM_LAYER_IPSEC_V4 FWPM_LAYER_IPSEC_V6 |
This filtering layer allows the keying module to look up quick-mode policy information when negotiating quick-mode security associations. This is a user-mode filtering layer. |
FWPM_LAYER_IKEEXT_V4 FWPM_LAYER_IKEEXT_V6 |
This filtering layer allows the IKE and authenticated IP modules to look up main-mode policy information when negotiating main-mode security associations. This is a user-mode filtering layer. |
FWPM_LAYER_RPC_UM |
This filtering layer allows for inspecting the RPC data fields that are available in user mode. This is a user-mode filtering layer. |
FWPM_LAYER_RPC_EPMAP |
This filtering layer allows for inspecting the RPC data fields that are available in user mode during endpoint resolution. This is a user-mode filtering layer. |
FWPM_LAYER_RPC_EP_ADD |
This filtering layer allows for inspecting the RPC data fields that are available in user mode when a new endpoint is added. This is a user-mode filtering layer. |
FWPM_LAYER_RPC_PROXY_CONN |
This filtering layer allows for inspecting RpcProxy connection requests. This is a user-mode filtering layer. |
FWPM_LAYER_RPC_PROXY_IF |
This filtering layer allows for inspecting the interface that is used for RpcProxy connections. This is a user-mode filtering layer. |
Remarks
The V4 and V6 suffixes at the end of the callout identifiers indicate whether the callout is for the IPv4 or the IPv6 network stack.
See Also
Reference
WFP Callout Driver Filtering Layer Identifiers
WFP Callout Driver Constants