classifyFn1 routine

The filter engine calls a callout's classifyFn1 callout function whenever there is data to be processed by the callout.

Note  classifyFn1 is the specific version of classifyFn used in Windows 7 and later. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 8, classifyFn2 is available. For Windows Vista, classifyFn0 is available.

Syntax


void NTAPI FWPS_CALLOUT_CLASSIFY_FN1 classifyFn1;

void NTAPI classifyFn1(
  _In_     const FWPS_INCOMING_VALUES0          *inFixedValues,
  _In_     const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues,
  _Inout_        void                           *layerData,
  _In_opt_ const void                           *classifyContext,
  _In_     const FWPS_FILTER1                   *filter,
  _In_           UINT64                         flowContext,
  _Inout_        FWPS_CLASSIFY_OUT0             *classifyOut
)
{ ... }

Parameters

inFixedValues [in]

A pointer to an FWPS_INCOMING_VALUES0 structure. This structure contains the values for each of the data fields in the layer being filtered.

inMetaValues [in]

A pointer to an FWPS_INCOMING_METADATA_VALUES0 structure. This structure contains the values for each of the metadata fields in the layer being filtered.

layerData [in, out]

A pointer to a structure that describes the raw data in the layer being filtered. This parameter might be NULL, depending on the layer being filtered and the conditions under which the classifyFn1 callout function is called. For the stream layer, this parameter points to an FWPS_STREAM_CALLOUT_IO_PACKET0 structure. For all of the other layers, this parameter points to a NET_BUFFER_LIST structure if it is not NULL.

classifyContext [in, optional]

A pointer to context data associated with the callout driver by the filter engine.

filter [in]

A pointer to an FWPS_FILTER1 structure. This structure describes the filter that specifies the callout for the filter's action.

flowContext [in]

A UINT64-typed variable that contains the context associated with the data flow. If no context is associated with the data flow, then this parameter is zero. If the callout is added to the filter engine at a filtering layer that does not support data flows, the classifyFn1 callout function should ignore this parameter.

classifyOut [in, out]

A pointer to an FWPS_CLASSIFY_OUT0 structure that receives any data that the classifyFn1 callout function returns to the caller.

Return value

None.

Remarks

A callout driver registers a callout's callout functions with the filter engine by calling the FwpsCalloutRegister1 function.

The filter engine calls a callout's classifyFn1 callout function with data to be processed whenever all of the test conditions are true for a filter in the filter engine that specifies the callout for the filter's action.

A callout's classifyFn1 callout function should clear the FWPS_RIGHT_ACTION_WRITE flag in the rights member of the FWPS_CLASSIFY_OUT0 structure in any of the following situations:

  • When the classifyFn1 callout function sets the actionType member of the FWPS_CLASSIFY_OUT0 structure to FWP_ACTION_BLOCK.

  • When the classifyFn1 callout function sets the actionType member of the FWPS_CLASSIFY_OUT0 structure to FWP_ACTION_PERMIT and the FWPS_FILTER_FLAG_CLEAR_ACTION_RIGHT flag is set in the Flags member of the FWPS_FILTER1 structure.

  • When a callout has indicated that it intends to modify the clone net buffer list by setting the intendToModify parameter to TRUE in a call to the FwpsReferenceNetBufferList0 function.

Requirements

Target platform

Desktop

Version

Available starting with Windows 7.

IRQL

<= DISPATCH_LEVEL

See also

classifyFn
classifyFn0
classifyFn2
FwpsCalloutRegister1
FwpsReferenceNetBufferList0
FWPS_CALLOUT0
FWPS_CLASSIFY_OUT0
FWPS_FILTER1
FWPS_INCOMING_METADATA_VALUES0
FWPS_INCOMING_VALUES0
NET_BUFFER_LIST
Associating Context with a Data Flow
Callout Driver Callout Functions
Data Logging
Packet Modification Examples
Registering Callouts with the Filter Engine
Using a Callout for Deep Inspection
Using a Callout for Deep Inspection of Stream Data

 

 

Send comments about this topic to Microsoft

Show:
© 2015 Microsoft