Novità di Windows Filtering Platform

Windows 8 e Windows Server 2012 introducono nuovi elementi di programmazione di Windows Filtering Platform. Le nuove funzionalità includono quanto segue:

• Filtro di livello 2: consente l'accesso al livello L2 (MAC), consentendo il filtro del traffico a tale livello.
• Filtro vSwitch: consente di controllare e/o modificare i pacchetti che attraversano un vSwitch. I filtri o i callout del WFP possono essere usati in ingresso e uscita vSwitch.
• Gestione dei contenitori di app: consente l'accesso alle informazioni sui contenitori di app e sui problemi di connettività dell'isolamento di rete.
• Aggiornamenti IPsec: funzionalità IPsec estese, tra cui il monitoraggio dello stato della connessione, la selezione dei certificati e la gestione delle chiavi.

Windows Driver Kit include anche informazioni sulle modifiche del WFP per Windows 8.

aggiornamenti dell'API Windows 8

Sono state aggiunte molte nuove API per Windows 8 e Windows Server 2012.

Nuove funzioni

• FWPM_NET_EVENT_CALLBACK1
• FwpmConnectionCreateEnumHandle0
• FwpmConnectionDestroyEnumHandle0
• FwpmConnectionEnum0
• FwpmConnectionGetById0
• FwpmConnectionGetSecurityInfo0
• FwpmConnectionSetSecurityInfo0
• FwpmConnectionSubscribe0
• FwpmConnectionSubscriptionsGet0
• FwpmConnectionUnsubscribe0
• FwpmIPsecTunnelAdd2
• FwpmNetEventEnum2
• FwpmNetEventSubscribe1
• FwpmProviderContextAdd2
• FwpmProviderContextEnum2
• FwpmProviderContextGetById2
• FwpmProviderContextGetByKey2
• FwpmvSwitchEventsGetSecurityInfo0
• FwpmvSwitchEventsSetSecurityInfo0
• FwpmvSwitchEventSubscribe0
• FwpmvSwitchEventUnsubscribe0
• IkeextSaEnum2
• IkeextSaGetById2
• IPSEC_KEY_MANAGER_KEY_DICTATION_CHECK0
• IPSEC_KEY_MANAGER_DICTATE_KEY0
• IPSEC_KEY_MANAGER_NOTIFY_KEY0
• IPSEC_SA_CONTEXT_CALLBACK0
• IPsecKeyManagerAddAndRegister0
• IPsecKeyManagerGetSecurityInfoByKey0
• IPsecKeyManagerSetSecurityInfoByKey0
• IPsecKeyManagersGet0
• IPsecKeyManagerUnregisterAndDelete0
• IPsecSaContextSubscribe0
• IPsecSaContextSubscriptionsGet0
• IPsecSaContextUnsubscribe0
• NetworkIsolationDiagnoseConnectFailureAndGetInfo
• NetworkIsolationEnumAppContainers
• NetworkIsolationEnumerateAppContainerRules
• NetworkIsolationFreeAppContainers
• NetworkIsolationGetAppContainerConfig
• NetworkIsolationRegisterForAppContainerChanges
• NetworkIsolationSetAppContainerConfig
• NetworkIsolationSetupAppContainerBinaries
• PAC_CHANGES_CALLBACK_FN

Nuove strutture

• IKEEXT_AUTHENTICATION_METHOD2
• IKEEXT_CERT_EKUS0
• IKEEXT_CERT_NAME0
• IKEEXT_CERTIFICATE_AUTHENTICATION2
• IKEEXT_CERTIFICATE_CRITERIA0
• IKEEXT_EM_POLICY2
• IKEEXT_KERBEROS_AUTHENTICATION1
• IKEEXT_POLICY2
• IPSEC_KEY_MANAGER0
• IPSEC_KEY_MANAGER_CALLBACKS0
• IPSEC_KEYING_POLICY1
• IPSEC_SA_CONTEXT_CHANGE0
• IPSEC_SA_CONTEXT_SUBSCRIPTION0
• IPSEC_TRANSPORT_POLICY2
• IPSEC_TUNNEL_ENDPOINT0
• IPSEC_TUNNEL_ENDPOINTS2
• IPSEC_TUNNEL_POLICY2
• FWPM_CONNECTION0
• FWPM_CONNECTION_ENUM_TEMPLATE0
• FWPM_CONNECTION_SUBSCRIPTION0
• FWPM_NET_EVENT2
• FWPM_NET_EVENT_CAPABILITY_ALLOW0
• FWPM_NET_EVENT_CAPABILITY_DROP0
• FWPM_NET_EVENT_CLASSIFY_ALLOW0
• FWPM_NET_EVENT_CLASSIFY_DROP2
• FWPM_NET_EVENT_CLASSIFY_DROP_MAC0
• FWPM_NET_EVENT_HEADER2
• FWPM_PROVIDER_CONTEXT2
• FWPM_VSWITCH_EVENT0
• FWPM_VSWITCH_EVENT_SUBSCRIPTION0

Nuovi tipi enumerati

• FWP_VSWITCH_NETWORK_TYPE
• FWPM_APPC_NETWORK_CAPABILITY_TYPE
• FWPM_CONNECTION_EVENT_TYPE
• FWPM_VSWITCH_EVENT_TYPE
• IKEEXT_CERT_CRITERIA_NAME_TYPE
• IPSEC_SA_CONTEXT_EVENT_TYPE0

Nuovi identificatori del livello di filtro

Filtri degli identificatori del livello:

• FWPM_LAYER_INBOUND_MAC_FRAME_ETHERNET
• FWPM_LAYER_OUTBOUND_MAC_FRAME_ETHERNET
• FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE
• FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE
• FWPM_LAYER_INGRESS_VSWITCH_ETHERNET
• FWPM_LAYER_EGRESS_VSWITCH_ETHERNET
• FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4/FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V6
• FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V4/FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V6

Nuovi identificatori di condizione di filtro

Filtri degli identificatori di condizione:

• FWPM_CONDITION_INTERFACE_MAC_ADDRESS
• FWPM_CONDITION_MAC_LOCAL_ADDRESS
• FWPM_CONDITION_MAC_REMOTE_ADDRESS
• FWPM_CONDITION_ETHER_TYPE
• FWPM_CONDITION_VLAN_ID
• FWPM_CONDITION_NDIS_PORT
• FWPM_CONDITION_NDIS_MEDIA_TYPE
• FWPM_CONDITION_NDIS_PHYSICAL_MEDIA_TYPE
• FWPM_CONDITION_L2_FLAGS
• FWPM_CONDITION_MAC_LOCAL_ADDRESS_TYPE
• FWPM_CONDITION_MAC_REMOTE_ADDRESS_TYPE
• FWPM_CONDITION_ALE_PACKAGE_ID
• FWPM_CONDITION_MAC_SOURCE_ADDRESS
• FWPM_CONDITION_MAC_DESTINATION_ADDRESS
• FWPM_CONDITION_MAC_SOURCE_ADDRESS_TYPE
• FWPM_CONDITION_MAC_DESTINATION_ADDRESS_TYPE
• FWPM_CONDITION_IP_SOURCE_PORT
• FWPM_CONDITION_IP_DESTINATION_PORT
• FWPM_CONDITION_VSWITCH_ID
• FWPM_CONDITION_VSWITCH_NETWORK_TYPE
• FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_ID
• FWPM_CONDITION_VSWITCH_DESTINATION_INTERFACE_ID
• FWPM_CONDITION_VSWITCH_SOURCE_VM_ID
• FWPM_CONDITION_VSWITCH_DESTINATION_VM_ID
• FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_TYPE
• FWPM_CONDITION_VSWITCH_TENANT_NETWORK_ID

Nuovi flag di condizione di filtro

Flag di condizione di filtro:

• FWP_CONDITION_FLAG_IS_PROXY_CONNECTION
• FWP_CONDITION_FLAG_IS_APPCONTAINER_LOOPBACK
• FWP_CONDITION_FLAG_IS_NON_APPCONTAINER_LOOPBACK
• FWP_CONDITION_FLAG_IS_HONORING_POLICY_AUTHORIZE
• FWP_CONDITION_L2_IS_NATIVE_ETHERNET
• FWP_CONDITION_L2_IS_WIFI
• FWP_CONDITION_L2_IS_MOBILE_BROADBAND
• FWP_CONDITION_L2_IS_WIFI_DIRECT_DATA
• FWP_CONDITION_L2_IS_VM2VM
• FWP_CONDITION_L2_IS_MALFORMED_PACKET
• FWP_CONDITION_L2_IS_IP_FRAGMENT_GROUP
• FWP_CONDITION_L2_IF_CONNECTOR_PRESENT

Aggiornamenti di Windows 7 alla piattaforma di filtro di Windows

Il documento What's New in Windows Filtering Platform descrive in dettaglio molti degli aggiornamenti apportati per Windows 7. Le informazioni sono disponibili anche in Windows Driver Kit sulle modifiche del WFP per Windows 7.