FWPS_CALLOUT_CLASSIFY_FN1 callback function

The filter engine calls a callout's classifyFn1 callout function whenever there is data to be processed by the callout.

Note classifyFn1 is the specific version of classifyFn used in Windows 7 and later. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 8, classifyFn2 is available. For Windows Vista, classifyFn0 is available.

Syntax

FWPS_CALLOUT_CLASSIFY_FN1 FwpsCalloutClassifyFn1;

void FwpsCalloutClassifyFn1(
  const FWPS_INCOMING_VALUES0 *inFixedValues,
  const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues,
  void *layerData,
  const void *classifyContext,
  const FWPS_FILTER1 *filter,
  UINT64 flowContext,
  FWPS_CLASSIFY_OUT0 *classifyOut
)
{...}

Parameters

*inFixedValues

A pointer to an FWPS_INCOMING_VALUES0 structure. This structure contains the values for each of the data fields in the layer being filtered.

*inMetaValues

A pointer to an FWPS_INCOMING_METADATA_VALUES0 structure. This structure contains the values for each of the metadata fields in the layer being filtered.

*layerData

A pointer to a structure that describes the raw data in the layer being filtered. This parameter might be NULL, depending on the layer being filtered and the conditions under which the classifyFn1 callout function is called. For the stream layer, this parameter points to an FWPS_STREAM_CALLOUT_IO_PACKET0 structure. For all of the other layers, this parameter points to a NET_BUFFER_LIST structure if it is not NULL.

*classifyContext

A pointer to context data associated with the callout driver by the filter engine.

*filter

A pointer to an FWPS_FILTER1 structure. This structure describes the filter that specifies the callout for the filter's action.

flowContext

A UINT64-typed variable that contains the context associated with the data flow. If no context is associated with the data flow, then this parameter is zero. If the callout is added to the filter engine at a filtering layer that does not support data flows, the classifyFn1 callout function should ignore this parameter.

*classifyOut

A pointer to an FWPS_CLASSIFY_OUT0 structure that receives any data that the classifyFn1 callout function returns to the caller.

Return Value

None.

Remarks

A callout driver registers a callout's callout functions with the filter engine by calling the FwpsCalloutRegister1 function.

The filter engine calls a callout's classifyFn1 callout function with data to be processed whenever all of the test conditions are true for a filter in the filter engine that specifies the callout for the filter's action.

A callout's classifyFn1 callout function should clear the FWPS_RIGHT_ACTION_WRITE flag in the rights member of the FWPS_CLASSIFY_OUT0 structure in any of the following situations:

  • When the classifyFn1 callout function sets the actionType member of the FWPS_CLASSIFY_OUT0 structure to FWP_ACTION_BLOCK.
  • When the classifyFn1 callout function sets the actionType member of the FWPS_CLASSIFY_OUT0 structure to FWP_ACTION_PERMIT and the FWPS_FILTER_FLAG_CLEAR_ACTION_RIGHT flag is set in the Flags member of the FWPS_FILTER1 structure.
  • When a callout has indicated that it intends to modify the clone net buffer list by setting the intendToModify parameter to TRUE in a call to the FwpsReferenceNetBufferList0 function.

Requirements

   
Windows version Available starting with Windows 7.
Target Platform Windows
Header fwpsk.h (include Fwpsk.h)
IRQL "<= DISPATCH_LEVEL"

See Also

Associating Context with a Data Flow

Callout Driver Callout Functions

Data Logging

FWPS_CALLOUT0

FWPS_CLASSIFY_OUT0

FWPS_FILTER1

FWPS_INCOMING_METADATA_VALUES0

FWPS_INCOMING_VALUES0

FwpsCalloutRegister1

FwpsReferenceNetBufferList0

NET_BUFFER_LIST

Packet Modification Examples

Registering Callouts with the Filter Engine

Using a Callout for Deep Inspection of Stream Data

Using a Callout for Deep Inspection

classifyFn

classifyFn0

classifyFn2