WFP过滤图层 [英] WFP Filtering Layers

问题描述

您好

我是WFP的新手，并试图通过Microsoft文档和示例（Stream edit and Inspect）了解该框架。

I'm new to WFP and have trying to understand the framework through Microsoft documentation and samples (Stream edit and Inspect).

让我感到困惑的一件事是按照WFP架构排序图层。

One thing that has left me confused is the ordering of layers as per the WFP Architecture

例如，如果我希望执行内容检查传出数据应该在Stream或Transport Layer使用标注。哪个层位于顶层，它们之间有什么区别。

For instance if I wish to perform content inspection of outgoing data should one use a callout at Stream or Transport Layer. Which layer is on top and what's the difference between them.

此外，我预计ALE会在处理连接时位于顶部，但它会显示在Stream Layer下面。

In addition I would expected the ALE to be on top as it deals with connections, but it's shown below the Stream Layer.

谢谢

推荐答案

STREAM仅限TCP。它超出了TCP状态机制（因此您不必担心ACK和SEQ号。这是您修改TCP有效载荷的理想位置（在ACK / SEQ验证完成之后的入站位置） TCP状态机制，
和outbound，其中尚未创建SEQ和ACK。

STREAM is TCP only. It is beyond the TCP state mechanism (so you don't have to worry about ACKs and SEQ Numbers. This is the ideal place for you to modify the TCP Payload (both inbound where it is after the ACK / SEQ validation is done by the TCP state mechanism, and outbound, where the SEQ and ACKs have yet to be created.

这些层几乎与OSI模型相符。  ALE用于连接的状态（绑定到资源，建立连接等）ALE不用于数据修改。

The layers pretty much line up to the OSI model.  ALE is for the connection's state (binding to a resource, establishing a connection, etc.) ALE is not meant for data modification.

希望这有帮助，

这篇关于WFP过滤图层的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！