Skip to main content

windows_wfp/
layer.rs

1//! WFP layer selection and filter weight constants
2
3use crate::constants::*;
4use crate::filter::Direction;
5use windows::core::GUID;
6
7/// Select the appropriate WFP layer GUID for a given direction and IP version
8pub fn select_layer(direction: Direction, is_ipv6: bool) -> GUID {
9    match (direction, is_ipv6) {
10        (Direction::Outbound, false) => LAYER_ALE_AUTH_CONNECT_V4,
11        (Direction::Outbound, true) => LAYER_ALE_AUTH_CONNECT_V6,
12        (Direction::Inbound, false) => LAYER_ALE_AUTH_RECV_ACCEPT_V4,
13        (Direction::Inbound, true) => LAYER_ALE_AUTH_RECV_ACCEPT_V6,
14    }
15}
16
17/// Standard filter weight (priority) levels
18///
19/// Higher weight = higher priority (evaluated first by WFP).
20///
21/// # Examples
22///
23/// ```
24/// use windows_wfp::FilterWeight;
25///
26/// assert!(FilterWeight::Blocklist.value() > FilterWeight::UserBlock.value());
27/// assert!(FilterWeight::UserBlock.value() > FilterWeight::DefaultBlock.value());
28/// ```
29#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
30#[repr(u64)]
31pub enum FilterWeight {
32    /// Blocklist filters (highest priority, 9M)
33    Blocklist = 9_000_000,
34    /// Raw socket permit filters (8M)
35    RawSocketPermit = 8_000_000,
36    /// Raw socket block filters (7M)
37    RawSocketBlock = 7_000_000,
38    /// User-defined block filters (6M)
39    UserBlock = 6_000_000,
40    /// User-defined permit filters (5M)
41    UserPermit = 5_000_000,
42    /// Default permit filter (4M)
43    DefaultPermit = 4_000_000,
44    /// Default block filter (lowest priority, 3M)
45    DefaultBlock = 3_000_000,
46}
47
48impl FilterWeight {
49    /// Get the numeric weight value as `u64`
50    pub fn value(self) -> u64 {
51        self as u64
52    }
53}
54
55#[cfg(test)]
56mod tests {
57    use super::*;
58
59    #[test]
60    fn test_layer_selection() {
61        assert_eq!(
62            select_layer(Direction::Outbound, false),
63            LAYER_ALE_AUTH_CONNECT_V4
64        );
65        assert_eq!(
66            select_layer(Direction::Outbound, true),
67            LAYER_ALE_AUTH_CONNECT_V6
68        );
69        assert_eq!(
70            select_layer(Direction::Inbound, false),
71            LAYER_ALE_AUTH_RECV_ACCEPT_V4
72        );
73        assert_eq!(
74            select_layer(Direction::Inbound, true),
75            LAYER_ALE_AUTH_RECV_ACCEPT_V6
76        );
77    }
78
79    #[test]
80    fn test_filter_weight_ordering() {
81        assert!(FilterWeight::Blocklist.value() > FilterWeight::RawSocketPermit.value());
82        assert!(FilterWeight::UserBlock.value() > FilterWeight::UserPermit.value());
83        assert!(FilterWeight::DefaultPermit.value() > FilterWeight::DefaultBlock.value());
84    }
85
86    #[test]
87    fn test_filter_weight_values() {
88        assert_eq!(FilterWeight::Blocklist.value(), 9_000_000);
89        assert_eq!(FilterWeight::DefaultBlock.value(), 3_000_000);
90    }
91}