Processing Classify Callouts

The filter engine calls a callout's classifyFn callout function when there is network data to be processed by the callout. This occurs when all the filtering conditions are true for a filter that specifies the callout for the filter's action. If such a filter has no filtering conditions, the filter engine always calls the callout's classifyFn callout function.

The filter engine passes several different data items to a callout's classifyFn callout function. These data items include fixed data values, metadata values, raw network data, filter information, and any flow context. The particular data items that the filter engine passes to the callout depend on the specific filtering layer and the conditions under which classifyFn is called. A classifyFn function can use any combination of these data items to make its filtering decisions.

The implementation of a callout's classifyFn callout function depends on what the callout is designed to do. The following sections provide examples of some the more typical functions of a callout:

Using a Callout for Deep Inspection

Using a Callout for Deep Inspection of Stream Data

Inspecting Packet and Stream Data

Modifying Stream Data

Data Logging

Associating Context with a Data Flow

Processing Classify Callouts Asynchronously

Using Bind or Connect Redirection

ALE Endpoint Lifetime Management

Using Packet Tagging

The actual implementation of a particular callout's classifyFn callout function can be based on a combination of these examples.

For callouts that process data at a filtering layer that supports data flows, the callout's classifyFn callout function can associate a context with each of the data flows. The classifyFn function can use this context to save state information for the next time that it is called by the filter engine for that data flow. For more information about how a callout function can associate a context with a data flow, see Associating Context with a Data Flow.

WFP supports asynchronous processing of the classifyFn callout function. For more information about asynchronous processing, see Processing Classify Callouts Asynchronously.

 

 

Send comments about this topic to Microsoft

Anzeigen:
© 2014 Microsoft