Introduction to Windows Filtering Platform Callout Drivers

Purpose of Callout Drivers

A callout driver implements one or more callouts. Callouts extend the capabilities of the Windows Filtering Platform by processing TCP/IP-based network data in ways that are beyond the scope of the simple filtering functionality. Callouts are typically used to do the following tasks:

callout driver实现了一个多个callouts,Callouts扩展了WFP的功能,不再是仅仅的过滤,callouts可以执行以下任务:

Deep Inspection
Perform complex inspection of the network data to determine which data should be blocked, which data should be permitted, and which data should be passed to another filter. An antivirus product, for example, could look for virus signatures.
执行复杂的数据检查决定什么数据应该被阻止,什么数据被允许,什么数据被传递到下一个过滤器。例如反病毒产品应该阻止病毒。

Packet Modification
Perform modification and reinjection of the network packet headers or data, or both. A network address translation (NAT) product, for example, could modify the headers on IPv4 packets.
修改或者注入网络数据的头或者数据。例如NAT产品应该修改IPV4数据包的头。

Stream Modification
Perform modification and reinjection of the network data in a stream. A parental control product, for example, could remove or replace specific words or phrases in a data stream.
修改或者注入网络数据流。例如父母控制产品应该移除或者替换数据流中特定的词语。

Data Logging
Log of network traffic data. A network monitoring product, for example, could count the number of data packets that are discarded for a specific reason.

记录网络数据流量,例如网络监控产品应该计算某个特定原因下抛弃的数据包数量。

In addition to processing network data, callout drivers can perform other Windows Filtering Platform management tasks, such as adding filters to the base filtering engine. For more information about other tasks that a callout driver can perform, see Calling Other Windows Filtering Platform Functions.

除了处理网络数据,callout driver还可以执行某些windows过滤平台任务,例如向基本过滤引擎添加过滤。


你可能感兴趣的:(Introduction to Windows Filtering Platform Callout Drivers)