Windows Filtering Platform
   HOME

TheInfoList



Click Here for Items Related To - Windows Filtering Platform
OR:
Windows Filtering Platform on:   [Wikipedia]   [Google]   [Amazon]

Windows Filtering Platform (WFP) is a set of system services in
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
and later that allows Windows software to process and filter network traffic. Microsoft intended WFP for use by
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
s, antimalware software, and parental controls apps. Additionally, WFP is used to implement NAT and to store IPSec policy configuration. WFP relies on Windows Vista's Next Generation TCP/IP stack. It provides features such as integrated communication and per-application processing logic. Since Windows 8 and Windows Server 2012, WFP allows filtering at the second layer of TCP/IP suite.


Components

The filtering platform includes the following components: * Shims, which expose the internal structure of a packet as properties. Different shims exist for
protocols Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...
at different
layers Layer or layered may refer to: Arts, entertainment, and media * ''Layers'' (Kungs album) * ''Layers'' (Les McCann album) * ''Layers'' (Royce da 5′9″ album) *“Layers”, the title track of Royce da 5′9″’s sixth studio album * Layer, a ...
. WFP comes with a set of shims; users can register shims for other protocols using the API. The in-built set of shims includes: ** Application Layer Enforcement (ALE) shim **
Transport Layer In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end c ...
Module (TLM) shim **
Network Layer In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate Router (computing), routers. Functions The network layer provides t ...
Module (NLM) shim **
RPC RPC may refer to: Science and technology * Rational polynomial coefficient * Reactive Plastic Curtain, a carbon-dioxide-absorbing device used in some rebreather breathing sets * Regional Playback Control, a regional lockout technology for DVDs ...
Runtime shim **
Internet Control Message Protocol The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when com ...
(ICMP) shim ** Stream shim * Filtering engine, which spans both kernel-mode and
user-mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
, providing basic filtering capabilities. It matches the data within a packetas exposed by the shimsagainst filtering rules, and either blocks or permits the packet. A ''callout'' (see below) may implement any other action as required. The filters operate on a per-application basis. To mitigate conflicts between filters, they are given ''weights'' (priorities) and grouped into ''sublayers'', which also have weights. Filters and callouts may be associated to ''providers'' which may be given a name and description and are essentially associated to a particular application or service. * Base filtering engine, the module that manages the filtering engine. It accepts filtering rules and enforces the security model of the application. It also maintains statistics for the WFP and logs its state. * Callout, a callback function exposed by a filtering driver. The filtering drivers provide filtering capabilities other than the default block/allow. Administrators specify a callout function during registration of a filter rule. When the filter matches, the system invokes the callout, which handles a specified action.


Diagnostics

Starting with
Windows 7 Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on July 22, 2009, and became generally available on October 22, ...
, the netsh command can diagnose of the internal state of WFP.


Hotfix

Microsoft released three out-of-band hotfixes for WFP in Windows Vista and Windows 7 to address issues that could cause a memory leak, loss of connectivity during a
Remote Desktop Connection Remote Desktop Protocol clients allow users to connect to servers running Remote Desktop Services, Azure Virtual Desktop, or non-Microsoft server software to enable Remote desktop software, remote desktop functionality. Since the release of Remote ...
session, or a
blue screen of death The blue screen of death (BSoD) or blue screen error, blue screen, fatal error, bugcheck, and officially known as a stop erroris a fatal system error, critical error screen displayed by the Microsoft Windows operating systems to indicate a cr ...
. Later, these hotfixes were rolled up into one package.


References

:*


External links


Windows Filtering Platform Architecture Overview
{{Microsoft APIs Windows communication and services Windows Vista Windows Server 2008