Creating a Filter Hook
A filter hook is created by implementing a function of type PacketFilterExtensionPtr.
When a filter-hook driver registers its filter hook's entry point with the system-supplied IP filter driver, the filter-hook driver supplies the address of its filter hook. Because a filter-hook driver supplies the address, and not the name, of its filter hook entry point, the name of the filter hook can be any name that the driver writer chooses. However, it is good programming practice to choose a name that describes the filter hook's basic functionality.
A filter hook performs the following actions on incoming and outgoing packets:
Compares specific information with information that the IP filter driver passed to the filter hook to determine how packets should be further processed.
After the filter hook inspects packets, returns with one of the following response codes that direct the IP filter driver:
PF_FORWARD
Returns the forward response immediately to the IP stack.For local packets, IP forwards them up the stack. If the destination for packets is another computer and routing is enabled, IP routes them accordingly.
PF_DROP
Returns the drop response immediately to the IP stack. IP should drop the packet.PF_PASS
Filters packets and return the resulting response to the IP stack. Continue to filter packets as defined by the Packet Filtering API.The filter hook returns this pass response if it determined that it should not process the packet but should allow the IP filter driver to filter the packet.
Note On Microsoft Windows Server 2003 and earlier, a filter hook might incompletely receive packets that are sent or received over the network.