Callout API [Filtering]

To allow for specialized filtering, Windows Filtering Platform (WFP) allows callout modules to register at each of its layers.

These callout modules do more than the basic actions of Block and Permit. The filter engine will provide some built-in callout modules to perform IPSec and Network Address Translation processing. Third party, or value-add callout modules can also be supplied, such as an HTTP Parental Control callout or an IDS callout.

Once a callout module is registered with the filter engine, it can start receiving traffic (packets, streams, or events depending on the layer) to process. An application or firewall agent causes traffic to be passed to a callout module by adding a filter whose action is "Callout" and whose callout ID is that module. Callout modules can instruct the filter engine to return "Block" or "Permit" to the shim, which makes filtering decisions by classifying against a filtering engine. Callouts can also return "Continue" to allow other filters to process the packet.

Callout modules specialize the filtering in the system.