FWPM_FILTER0 (Compact 7)
3/12/2014
This structure stores the state associated with a filter.
Syntax
typedef struct FWPM_FILTER0_ {
GUID filterKey;
FWPM_DISPLAY_DATA0 displayData;
UINT32 flags;
GUID* providerKey;
FWP_BYTE_BLOB providerData;
GUID layerKey;
GUID subLayerKey;
FWP_VALUE0 weight;
UINT32 numFilterConditions;
FWPM_FILTER_CONDITION0* filterCondition;
FWPM_ACTION0 action;
union {
UINT64 rawContext;
GUID providerContextKey;
};
GUID* reserved;
UINT64 filterId;
FWP_VALUE0 effectiveWeight;
} FWPM_FILTER0;
Members
filterKey
Uniquely identifies the session.If the GUID is initialized to zero in the call to FwpmFilterAdd0, the Base Filtering Engine (BFE) will generate one.
- displayData
A FWPM_DISPLAY_DATA0 structure that contains human-readable annotations associated with the filter. The name member of the FWPM_DISPLAY_DATA0 structure is required.
- flags
A combination of the values listed in the Remarks section below.
- providerKey
Optional GUID of the policy provider that manages this filter. See topic WFP Built-in Provider Identifiers for a list of pre-defined policy providers.
- providerData
A FWP_BYTE_BLOB structure that contains optional provider-specific data used by providers to store additional context information with the object.
- layerKey
GUID of the layer where the filter resides. See topic WFP Filtering Layer Identifiers for a list of possible values.
subLayerKey
GUID of the sub-layer where the filter resides. See topic WFP Filtering Sublayer Identifiers for a list of built-in sub-layers.If this is set to IID_NULL, the filter is added to the default sublayer.
weight
A FWP_VALUE0 structure that specifies the weight of the filter. Possible type values for weight are listed in the Remarks section below.See topic WFP Filter Weight Identifiers for built-in constants that may be used to compute the filter weight.
- numFilterConditions
Number of filter conditions.
- filterConditions
Array of FWPM_FILTER_CONDITION0 structures that contain all the filtering conditions. All must be true for the action to be performed. In other words, the conditions are evaluated using the AND operator. If no conditions are specified, the action is always performed.
- action
A FWPM_ACTION0 structure that specifies the action to be performed if all the filter conditions are true.
rawContext
Available when the filter does not have provider context information, that is, flags does not contain FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT. See topic WFP Filter Context Identifiers for a list of built-in possible values.The rawContext is placed 'as is' in the context member of the corresponding FWPS_FILTER0 structure, which is documented in the Windows Driver Kit.
providerContextKey
Available when the filter has provider context information, that is, flags contains FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT. See topic WFP Built-in Provider Context Identifiers for a list of pre-defined policy provider contexts.The LUID of the provider context specified by the providerContextKey is used to fill in the context member of the corresponding FWPS_FILTER0 structure, which is documented in the Windows Driver Kit.
- reserved
Reserved.
- filterId
LUID identifying the filter. This is also the LUID of the corresponding FWPS_FILTER0 structure, which is documented in the Windows Driver Kit.
- effectiveWeight
An FWP_VALUE0 structure that contains the weight assigned to FWPS_FILTER0, which is documented in the Windows Driver Kit.
Remarks
The first ten members of this structure contain information supplied when adding objects.
The last members, filterId and effectiveWeight, provides additional information when getting/enumerating objects.
The following is a list of the possible values for the flags data member:
Value | Meaning |
---|---|
FWPM_FILTER_FLAG_NONE |
Default |
FWPM_FILTER_FLAG_PERSISTENT |
Filter is persistent, that is, it survives across BFE stop/start.
Note:
This flag cannot be set together with FWPM_FILTER_FLAG_BOOTTIME.
|
FWPM_FILTER_FLAG_BOOTTIME |
Filter is enforced at boot-time, even before BFE starts.
Note:
This flag cannot be set together with FWPM_FILTER_FLAG_PERSISTENT.
|
FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT |
Filter references a provider context. |
FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT |
Clear filter action right. |
FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED |
If the callout is not registered, the filter is treated as a permit filter.
Note:
This flag can be set only if the action type is FWP_ACTION_CALLOUT_TERMINATING or FWP_ACTION_CALLOUT_UNKNOWN.
|
FWPM_FILTER_FLAG_DISABLED |
Filter is disabled. A provider's filters are disabled when the BFE starts if the provider has no associated Windows service name, or if the associated service is not set to auto-start.
Note:
This flag cannot be set when adding new filters. It can only be returned by BFE when getting or enumerating filters.
|
The following is a list of the possible values for the weight data member:
Value | Meaning |
---|---|
FWP_UINT64 |
BFE will use the supplied value as the filter's weight. |
FWP_UINT8 0 - 15 |
BFE will use the supplied value as a weight range index and will compute the filter's weight in that range. |
FWP_EMPTY |
BFE will automatically assign a weight based on the filter conditions. |
Requirements
Header |
fwpmu.h |