Windows Filtering Platform

In Microsoft computer-systems, the Windows Filtering Platform (WFP) comprises a set of system services and an application programming interface first introduced with Windows Vista in 2006/2007. It allows applications to tie into the packet processing and filtering pipeline of the Next Generation TCP/IP network stack. It provides features such as integrated communication, and administrators can configure it to invoke processing logic on a per-application basis. Microsoft intended WFP for use by firewalls and by other packet-processing or connection-monitoring components, such as antivirus and antimalware software and parental controls. Additionally, WFP is used to implement NAT and to store IPSec policy configuration.

Components

The filtering platform includes the following components:

shims, which expose the internal structure of a packet as properties. Different shims exist for protocols at different layers. WFP comes with a set of shims; users can register shims for other protocols using the API. The in-built set of shims includes:
- Application Layer Enforcement (ALE) shim
- Transport Layer Module (TLM) shim
- Network Layer Module (NLM) shim
- RPC Runtime shim
- Internet Control Message Protocol (ICMP) shim
- Stream shim

Since Windows 8 and Windows Server 2012, WFP allows filtering at the second layer of TCP/IP.

filter engine, which spans both kernel-mode and user-mode, providing basic filtering capabilities. It matches the data within a packet - as exposed by the shims - against filtering rules, and either blocks or permits the packet. A callout may implement any other action as required. The filters operate on a per-application basis. To mitigate conflicts between filters, they are given weights (priorities) and grouped into sublayers which also have weights. Filters and callouts may be associated to providers which may be given a name and description and are essentially associated to a particular application or service.
base filtering engine, the module that manages the filtering engine. It accepts filtering rules and enforces the security model of the application. It also maintains statistics for the WFP and logs its state.
callout, a callback function exposed by a filtering driver. The filtering drivers provide filtering capabilities other than the default block/allow. Administrators specify a callout function during registration of a filter rule. When the filter matches, the system invokes the callout, which handles a specified action.

Diagnostics

In Windows 7, functionality was added to the netsh command which allows for rich diagnostics of the internal state of WFP. This functionality is useful to debug and root-cause issues such as packet drops.

Memory leaks and race conditions

MS KB # 979223 documents a serious memory leak, affecting Vista through Windows 7. Because of this and of some other issues, all deployments of WFP should include MS hotfix rollup # 981889. Windows 7 SP1 or for Vista SP3 (when it comes out) or newer do not require fixes.

Note that other problems persist regarding use of multiple Network Buffer Lists.

External links

Microsoft APIs and frameworks

Graphics	Desktop Window Manager Direct2D Direct3D D3D (extensions) GDI / GDI+ WPF Silverlight WinRT XAML Windows Color System Windows Image Acquisition Windows Imaging Component DirectX Graphics Infrastructure (DXGI) Windows Advanced Rasterization Platform WinG

Audio	DirectMusic DirectSound DirectX plugin XACT Speech API XAudio2

Multimedia	DirectX Media Objects Video Acceleration Xinput DirectInput DirectShow Image Mastering API Managed DirectX Media Foundation XNA Windows Media Video for Windows

Web	MSHTML RSS Platform JScript VBScript BHO XDR SideBar Gadgets TypeScript

Data access	Data Access Components (MDAC) ADO ADO.NET ODBC OLE DB Extensible Storage Engine Entity Framework Sync Framework Jet Engine MSXML OPC

Networking	Winsock LSP Winsock Kernel Filtering Platform NDIS Windows Rally BITS P2P API MSMQ MS MPI DirectPlay

Communication	Messaging API Telephony API WCF

Administration and management	Win32 console Windows Script Host WMI (extensions) PowerShell Task Scheduler Offline Files Shadow Copy Windows Installer Error Reporting Event Log Common Log File System

Component model	COM COM+ ActiveX Distributed Component Object Model .NET Framework

Libraries	Framework Class Library Microsoft Foundation Classes (MFC) Active Template Library (ATL) Windows Template Library (WTL)

Device drivers	WDM WDF KMDF UMDF WDDM NDIS UAA BDA VxD

Security	Crypto API CAPICOM Windows CardSpace Data Protection API Security Support Provider Interface (SSPI)

.NET	ASP.NET ADO.NET Remoting Silverlight TPL WCF WCS WPF WF

Software factories	EFx Factory Enterprise Library Composite UI CCF CSF

IPC	MSRPC Dynamic Data Exchange (DDE) Remoting WCF

Accessibility	Active Accessibility UI Automation

Text and multilingual support	DirectWrite Text Services Framework Text Object Model Input method editor Language Interface Pack Multilingual User Interface Uniscribe

This article is issued from Wikipedia - version of the 9/21/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.

Windows Filtering Platform

Components

Diagnostics

Memory leaks and race conditions

See also

External links