FWPM_FILTER0 (Compact 2013)

3/26/2014

This structure stores the state associated with a filter.

Syntax

typedef struct FWPM_FILTER0_ {
  GUID filterKey;
  FWPM_DISPLAY_DATA0 displayData;
  UINT32 flags;
  GUID* providerKey;
  FWP_BYTE_BLOB providerData;
  GUID layerKey;
  GUID subLayerKey;
  FWP_VALUE0 weight;
  UINT32 numFilterConditions;
  FWPM_FILTER_CONDITION0* filterCondition;
  FWPM_ACTION0 action;
  union {
    UINT64 rawContext;
    GUID providerContextKey;
  };
  GUID* reserved;
  UINT64 filterId;
  FWP_VALUE0 effectiveWeight;
} FWPM_FILTER0;

Members

• filterKey
  Uniquely identifies the session.

  If the GUID is initialized to zero in the call to FwpmFilterAdd0, the Base Filtering Engine (BFE) will generate one.

• displayData
  A FWPM_DISPLAY_DATA0 structure that contains human-readable annotations associated with the filter. The name member of the FWPM_DISPLAY_DATA0 structure is required.

• flags
  A combination of the values listed in the Remarks section below.

• providerKey
  Optional GUID of the policy provider that manages this filter. See topic WFP Built-in Provider Identifiers for a list of pre-defined policy providers.

• providerData
  A FWP_BYTE_BLOB structure that contains optional provider-specific data used by providers to store additional context information with the object.

• layerKey
  GUID of the layer where the filter resides. See topic WFP Filtering Layer Identifiers for a list of possible values.

• subLayerKey
  GUID of the sub-layer where the filter resides. See topic WFP Filtering Sublayer Identifiers for a list of built-in sub-layers.

  If this is set to IID_NULL, the filter is added to the default sublayer.

• weight
  A FWP_VALUE0 structure that specifies the weight of the filter. Possible type values for weight are listed in the Remarks section below.

  See topic WFP Filter Weight Identifiers for built-in constants that may be used to compute the filter weight.

• numFilterConditions
  Number of filter conditions.

• filterConditions
  Array of FWPM_FILTER_CONDITION0 structures that contain all the filtering conditions. All must be true for the action to be performed. In other words, the conditions are evaluated using the AND operator. If no conditions are specified, the action is always performed.

• action
  A FWPM_ACTION0 structure that specifies the action to be performed if all the filter conditions are true.

• rawContext
  Available when the filter does not have provider context information, that is, flags does not contain FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT. See topic WFP Filter Context Identifiers for a list of built-in possible values.

  The rawContext is placed 'as is' in the context member of the corresponding FWPS_FILTER0 structure, which is documented in the Windows Driver Kit.

• providerContextKey
  Available when the filter has provider context information, that is, flags contains FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT. See topic WFP Built-in Provider Context Identifiers for a list of pre-defined policy provider contexts.

  The LUID of the provider context specified by the providerContextKey is used to fill in the context member of the corresponding FWPS_FILTER0 structure, which is documented in the Windows Driver Kit.

• reserved
  Reserved.

• filterId
  LUID identifying the filter. This is also the LUID of the corresponding FWPS_FILTER0 structure, which is documented in the Windows Driver Kit.

• effectiveWeight
  An FWP_VALUE0 structure that contains the weight assigned to FWPS_FILTER0, which is documented in the Windows Driver Kit.

Remarks

The first ten members of this structure contain information supplied when adding objects.

The last members, filterId and effectiveWeight, provides additional information when getting/enumerating objects.

The following is a list of the possible values for the flags data member:

Value	Meaning
FWPM_FILTER_FLAG_NONE	Default
FWPM_FILTER_FLAG_PERSISTENT	Filter is persistent, that is, it survives across BFE stop/start. Note: This flag cannot be set together with FWPM_FILTER_FLAG_BOOTTIME.
FWPM_FILTER_FLAG_BOOTTIME	Filter is enforced at boot-time, even before BFE starts. Note: This flag cannot be set together with FWPM_FILTER_FLAG_PERSISTENT.
FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT	Filter references a provider context.
FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT	Clear filter action right.
FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED	If the callout is not registered, the filter is treated as a permit filter. Note: This flag can be set only if the action type is FWP_ACTION_CALLOUT_TERMINATING or FWP_ACTION_CALLOUT_UNKNOWN.
FWPM_FILTER_FLAG_DISABLED	Filter is disabled. A provider's filters are disabled when the BFE starts if the provider has no associated Windows service name, or if the associated service is not set to auto-start. Note: This flag cannot be set when adding new filters. It can only be returned by BFE when getting or enumerating filters.

The following is a list of the possible values for the weight data member:

Value	Meaning
FWP_UINT64	BFE will use the supplied value as the filter's weight.
FWP_UINT8 0 - 15	BFE will use the supplied value as a weight range index and will compute the filter's weight in that range.
FWP_EMPTY	BFE will automatically assign a weight based on the filter conditions.

Requirements

Header

fwpmu.h

See Also

Reference

WFP Management Structures

Other Resources

Windows Filtering Platform