class PFEvents
This is a class in C++ interface and a structure in C interface.
Methods:
void threadStart();
Called immediately after starting the filtering thread. Use this event for thread-specific initialization, e.g. calling CoInitialize() etc.
void threadEnd();
Called before stopping the thread.
void tcpConnectRequest(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo);
Called before establishing an outgoing TCP connection, when NF_INDICATE_CONNECT_REQUESTS flag is enabled in an appropriate rule. It is possible to modify the fields filteringFlag and remoteAddress in pConnInfo structure. The changes are applied to the connection.
void tcpConnected(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo);
Called after establishing incoming or outgoing TCP connection.
void tcpClosed(ENDPOINT_ID id, PNF_TCP_CONN_INFO pConnInfo);
Called after closing a TCP connection.
void udpCreated(ENDPOINT_ID id, PNF_UDP_CONN_INFO pConnInfo);
Called after creating UDP socket.
void udpConnectRequest(ENDPOINT_ID id, PNF_UDP_CONN_REQUEST pConnReq);
Called before establishing an outgoing UDP connection, when NF_INDICATE_CONNECT_REQUESTS flag is enabled in an appropriate rule. It is possible to modify the fields filteringFlag and remoteAddress in pConnInfo structure. The changes are applied to the connection.
void udpClosed(ENDPOINT_ID id, PNF_UDP_CONN_INFO pConnInfo);
Called after closing a socket.
void dataAvailable(ENDPOINT_ID id, PFObject * pObject);
The library calls this function when a new classified object is ready for filtering. After filtering post the object to destination using pf_postObject() function. Do not try to delete pObject. It's contents are destroyed when the function returns. If the object must be filtered in other thread, make a copy of PFObject using clone() method.
PF_DATA_PART_CHECK_RESULT
dataPartAvailable(ENDPOINT_ID id, PFObject * pObject);
This function is called when a part of a large data object is received, when an appropriate filter supports indicating data parts. It is possible to check the available contents, and return a flag, specifying how to filter the rest of object content. The function is not called when full object was received in one packet.
Possible return values:
DPCR_MORE_DATA_REQUIRED -
Continue receiving the data and indicate the same object with more content via dataPartAvailable.
DPCR_FILTER -
Stop calling dataPartAvailable, wait until receiving the full content
and indicate it via dataAvailable.
DPCR_FILTER_READ_ONLY -
Same as DPCR_FILTER, but the content goes to destination immediately,
and the object in dataAvailable will have read-only flag.
DPCR_BYPASS -
Do not call dataPartAvailable or dataAvailable for the current object,
just passthrough it to destination.
DPCR_BLOCK -
Blocks the transmission of the current object.
DPCR_UPDATE_AND_BYPASS -
Post the updated content in PFObject to session and bypass the rest of data as-is.
DPCR_UPDATE_AND_FILTER_READ_ONLY -
Post the updated content in PFObject to session and indicate the full object via dataAvailable in read-only mode.
The following functions are called to post the filtered buffers to destination:
NF_STATUS tcpPostSend(ENDPOINT_ID id, const char * buf, int len);
Assumed a call to nf_tcpPostSend(id, buf, len)
NF_STATUS tcpPostReceive(ENDPOINT_ID id, const char * buf, int len);
Assumed a call to nf_tcpPostReceive(id, buf, len)
NF_STATUS tcpSetConnectionState(ENDPOINT_ID id, int suspended);
Assumed a call to nf_tcpSetConnectionState(id, suspended)
NF_STATUS udpPostSend(ENDPOINT_ID id, const unsigned char * remoteAddress,
const char * buf, int len);
Assumed a call to nf_udpPostSend(id, remoteAddress, buf, len)
NF_STATUS udpPostReceive(ENDPOINT_ID id, const unsigned char * remoteAddress,
const char * buf, int len);
Assumed a call to nf_udpPostReceive(id, remoteAddress, buf, len)
NF_STATUS udpSetConnectionState(ENDPOINT_ID id, int suspended);
Assumed a call to nf_udpSetConnectionState(id, suspended)
Requirements
Header |
PFEvents.h
|
Library |
ProtocolFilters.lib |