PF_FilterFlags
Generic flags:
FF_DONT_FILTER_IN
Passthrough incoming objects without filtering.
FF_DONT_FILTER_OUT
Passthrough outgoing objects without filtering.
FF_READ_ONLY_IN
Filter incoming objects in read-only mode. The filters with this flag passthrough the incoming packets to destination immediately, and indicate classified objects with read-only flag.
FF_READ_ONLY_OUT
Filter outgoing objects in read-only mode. The filters with this flag passthrough the outgoing packets to destination immediately, and indicate classified objects with read-only flag.
SSL filter flags:
FF_SSL_TLS
Decode SSL TLS sessions. For example this flag should be used during filtering POP3 and SMTP protocols after STARTTLS command.
FF_SSL_SELF_SIGNED_CERTIFICATE
Generate self-signed certificates instead of using root CA. By default the library generates chained certificates during filtering SSL sessions, signed by a root certificate with a subject specified in pf_setRootSSLCertSubject call (default root - NetFilterSDK). This flag instructs the library to generate self signed certificates and add them to Windows storage automatically.
FF_SSL_INDICATE_HANDSHAKE_REQUESTS
Indicate OT_SSL_HANDSHAKE_OUTGOING/OT_SSL_HANDSHAKE_INCOMING via dataPartAvailable
FF_SSL_TLS_AUTO
Try to detect TLS handshake automatically in first 8 kilobytes of packets.
FF_SSL_COMPATIBILITY
Use RC4 for SSL sessions with local and remote endpoints
FF_SSL_VERIFY
Verify server certificates and don't filter SSL if the certificate is not valid
FF_SSL_SUPPORT_CLIENT_CERTIFICATES
Filter SSL connections in case when server requests a client certificate.
This method requires appropriate client certificates to be in
Windows certificate storage with exportable private key.
FF_SSL_INDICATE_SERVER_CERTIFICATES
Indicate OT_SSL_SERVER_CERTIFICATE via dataPartAvailable
FF_SSL_INDICATE_EXCEPTIONS
Indicate OT_SSL_EXCEPTION via dataPartAvailable
FF_SSL_ENABLE_ALPN
Support ALPN TLS extension for negotiating next protocols (HTTP/2,SPDY)
FF_SSL_INDICATE_CLIENT_CERT_REQUESTS
Indicate OT_SSL_CLIENT_CERT_REQUEST via dataPartAvailable
FF_SSL_DECODE_ONLY
Don't encode the traffic between proxy and server
FF_SSL_KEEP_SERIAL_NUMBERS
Instructs to copy serial numbers from original server certificates.
FF_SSL_DONT_IMPORT_SELF_SIGNED
Don't import the generated self signed certificates to trusted storages
FF_SSL_DISABLE_TLS_1_0
Disable TLS 1.0 protocol support for the connection with remote servers
FF_SSL_DISABLE_TLS_1_1
Disable TLS 1.1 protocol support for the connection with remote servers
FF_SSL_TLS_COMPATIBILITY
Enable automatic switching to old protocol TLS 1.0 when server doesn't support newer versions
FF_SSL_STRICT_VERIFICATION
Use strict rules when FF_SSL_VERIFY flag is enabled
FF_SSL_SCT_VERIFICATION
Enables Signed Certificate Timestamps verification for server certificates when FF_SSL_VERIFY flag is enabled
FF_SSL_INDICATE_ALPN_SELECT_PROTOCOL
The flag FF_SSL_INDICATE_ALPN_SELECT_PROTOCOL enables indication of each ALPN protocol offered by client via dataPartAvailable as OT_SSL_HANDSHAKE_OUTGOING_PROTOCOL objects
HTTP filter flags:
FF_HTTP_KEEP_PIPELINING
By default the filter sends pipelined requests by one, after receiving a response
from server for a previous request. This flag instructs the filter to send all pipelined
requests as-is.
FF_HTTP_INDICATE_SKIPPED_OBJECTS
Indicate via dataAvailable the objects of types OT_HTTP_SKIPPED_REQUEST_COMPLETE
and OT_HTTP_SKIPPED_RESPONSE_COMPLETE. When a filtering application returns DPCR_BYPASS
or DPCR_BYPASS or DPCR_BLOCK from dataPartAvailable, or specify flags FF_DONT_FILTER_IN/FF_DONT_FILTER_OUT
for HTTP filter, the filter doesn't save the contents of transmitted HTTP objects,
but indicates the completion of skipped HTTP objects as OT_HTTP_SKIPPED_REQUEST_COMPLETE/OT_HTTP_SKIPPED_RESPONSE_COMPLETE.
The objects of these types contain only two streams: HS_STATUS and HS_HEADER.
FF_HTTP_BLOCK_SPDY
Block SPDY protocol
FF_HTTP_FILTER_WEBSOCKET
This flag is required to filter WebSocket data
Requirements
|
Header |
PFFilterDefs.h
|
|
Library |
ProtocolFilters.lib |