When the filter is matched, the callout is invoked which handles what needs to be done. During registration of a filter rule, the callout function is specified. The filtering drivers are used to provide filtering capabilities other than the default block/allow.
Callout is a callback function exposed by a filtering driver. 
It also maintains statistics for the WFP and logs its state. It accepts filtering rules, and enforces the security model of the application.
Base filtering engine, is the module that manages the filtering engine. The filters are applied on a per-application basis. If any other action is necessary, it can be implemented by means of a callout. It matches the data in packets, exposed by the shims, against filtering rules, and either blocks or permits the packet. Filter engine, which spans across both kernel-mode and user-mode, provides basic filtering capabilities. Internet Control Message Protocol (ICMP) shim. Application Layer Enforcement (ALE) shim. WFP comes with a set of shims, shims for other protocols can be registered using the API. 
The filtering engine filters the packets by verifying the data against the specified set of rules. Different shims exist for protocols at different layers.
Shims, which exposes the internal structure of a packet as properties. It is intended for use by firewalls and other packet-processing or connection monitoring components. It provides features such as integrated communication and it can be configured for invoking processing logic on a per-application basis. Windows Filtering Platform (WFP) is a set of system services and an application programming interface introduced with Windows Vista that allows applications to tie into the packet processing and filtering pipeline of the new network stack.
0 kommentar(er)
