| Microsoft Internet Security and Acceleration Server 2004 SDK |
After the Microsoft Firewall service calls the IFWXFilter::AttachToSession method, which creates an instance of the filter's session filter object, it notifies the filter about events for which it is registered by calling the IFWXSessionFilter::FirewallEventHandler method.
In the Data Filter sample, the implementation of the IFWXSessionFilter::FirewallEventHandler method obtains a pointer to the connection object in accordance with the type of event. It retrieves the per-rule policy, and then calls the CreateDataFilter helper function. This process is shown in the following code.
STDMETHODIMP CDMSessionFilter::FirewallEventHandler(const FwxFirewallEvent *pProxyEvent )
{
HRESULT hr = S_OK;
IFWXConnection* pConnection = NULL;
CDMPerRulePolicy* pPerRulePolicy = NULL;
switch (pProxyEvent->EventType)
{
case fwx_Connect_Tcp:
{
pConnection = pProxyEvent->Parameters.Connect.piConnection;
pPerRulePolicy = (CDMPerRulePolicy*)pProxyEvent->Parameters.Connect.PerRuleProcessedData;
break;
}
case fwx_AcceptedConnection:
{
pConnection = pProxyEvent->Parameters.Accept.piConnectionAccepted;
pPerRulePolicy = (CDMPerRulePolicy*)pProxyEvent->Parameters.Accept.PerRuleProcessedData;
break;
}
default: // An unexpected event type
ATLASSERT(false);
return E_FAIL;
}
hr = CreateDataFilter(pConnection,pPerRulePolicy);
return hr;
}
The following code implements the CreateDataFilter helper function, which creates a data filter object and attaches it to the current connection.
HRESULT CDMSessionFilter::CreateDataFilter(IFWXConnection* pConnection,
CDMPerRulePolicy* pPerRulePolicy)
{
// Create a data filter for this connection.
HRESULT hr;
CComObject<CDMDataFilter>* pDataFilter;
CHECK_HR(CComObject<CDMDataFilter>::CreateInstance(&pDataFilter));
pDataFilter->AddRef();
// If no per-rule policy was provided, create a default one.
bool fFreePerRulePolicy = false;
if (pPerRulePolicy == NULL)
{
pPerRulePolicy = new CComObject<CDMPerRulePolicy>;
if (pPerRulePolicy == NULL)
{
return E_OUTOFMEMORY;
}
pPerRulePolicy->AddRef();
fFreePerRulePolicy = true;
}
// Initialize and attach to the connection object.
pDataFilter->Initialize(pConnection,pPerRulePolicy, m_spFilter);
hr = pConnection->AttachDataFilter(pDataFilter, fwx_dfpc_Middle, NULL);
if (FAILED(hr))
{
DBGTRACEF(("AttachDataFilter failed, error = %08x\n", hr));
}
if (fFreePerRulePolicy)
{
pPerRulePolicy->Release();
}
// The connection now owns the DataFilter ref-count, so we can release
// it. (or if failed, we still have to release it to avoid leaks)
pDataFilter->Release();
return hr;
}