Connection Objects

Connection objects provide a means for the Firewall service to perform services for a client socket. For those specific services, such as setting up a remote socket for a client socket, the connection object represents the client socket to the Firewall service. When a Firewall client uses bind, connect, or sendto Winsock functions, and the client DLL identifies a remote destination, the Firewall service creates a connection object that resides on the server.

Similarly, a connection object will be generated for a SecureNAT client. In the case of the SecureNAT client, the Firewall service first receives the request from the client, identifies it as originating from a SecureNAT client, and then creates the connection object and proceeds.

Connection objects are also created when BindForClient is called. In this case, an application filter, rather than the Firewall service, identifies that the client called bind.

Connection objects implement the IFWXConnection interface. For examples of how the Firewall service uses the IFWXConnection interface, see IFWXConnection in Basic Filter Interfaces.