Struct WfpEngine 

pub struct WfpEngine { /* private fields */ }

WFP Engine session with RAII handle management

Opens a session to the Windows Filtering Platform on creation and automatically closes it on drop.

Examples

use windows_wfp::WfpEngine;

let engine = WfpEngine::new()?;
// Use engine for filter operations
// Session automatically closed when engine goes out of scope

Implementations

impl WfpEngine

pub fn new() -> WfpResult<Self>

Open a new WFP engine session

Requires administrator privileges.

Errors

Returns WfpError::EngineOpenFailed if:

• Insufficient permissions (not running as admin)
• WFP service not available
• Session creation failed

Examples

use windows_wfp::WfpEngine;

let engine = WfpEngine::new()?;

Examples found in repository

examples/simple_block.rs (line 29)

fn main() -> WfpResult<()> {
    println!("windows-wfp - Simple Block Demo\n");

    // Initialize WFP
    println!("Opening WFP Engine...");
    let engine = WfpEngine::new()?;
    println!("Engine opened\n");

    println!("Registering provider...");
    initialize_wfp(&engine)?;
    println!("Provider registered\n");

    // Block notepad.exe outbound connections
    println!("Adding block filter for notepad.exe...");
    let notepad_rule = FilterRule::new("Block Notepad", Direction::Outbound, Action::Block)
        .with_weight(FilterWeight::UserBlock)
        .with_app_path(r"C:\Windows\System32\notepad.exe");

    let filter_id = FilterBuilder::add_filter(&engine, &notepad_rule)?;
    println!("Filter added (ID: {})\n", filter_id);

    println!("Filter active for 10 seconds...");
    println!("   (Try opening notepad.exe and accessing network)\n");

    for i in (1..=10).rev() {
        println!("   {} seconds remaining...", i);
        thread::sleep(Duration::from_secs(1));
    }

    println!("\nRemoving filter...");
    FilterBuilder::delete_filter(&engine, filter_id)?;
    println!("Filter removed\n");

    println!("Demo complete!");
    Ok(())
}

examples/list_filters.rs (line 19)

fn main() -> WfpResult<()> {
    println!("WFP Filter Enumeration\n");

    let engine = WfpEngine::new()?;
    let filters = FilterEnumerator::all(&engine)?;

    println!(
        "{:<10} {:<40} {:<15} {:<15} {:<60}",
        "Filter ID", "Name", "Action", "Weight", "App Path"
    );
    println!("{:-<140}", "");

    for filter in &filters {
        let action = match filter.action {
            FilterAction::Block => "BLOCK",
            FilterAction::Permit => "PERMIT",
            FilterAction::CalloutTerminating => "CALLOUT_TERM",
            FilterAction::CalloutInspection => "CALLOUT_INSP",
            FilterAction::CalloutUnknown => "CALLOUT_UNK",
            FilterAction::Other(_) => "OTHER",
        };

        let name: String = if filter.name.chars().count() > 40 {
            let truncated: String = filter.name.chars().take(37).collect();
            format!("{}...", truncated)
        } else {
            filter.name.clone()
        };

        let app = filter
            .app_path
            .as_ref()
            .map(|p| p.to_string_lossy().to_string())
            .unwrap_or_default();

        println!(
            "{:<10} {:<40} {:<15} {:<15} {:<60}",
            filter.id, name, action, filter.weight, app
        );
    }

    println!("{:-<140}", "");
    println!("\nTotal filters: {}", filters.len());

    Ok(())
}

examples/live_demo.rs (line 48)

fn main() -> WfpResult<()> {
    println!("windows-wfp - Live WFP Demo");
    println!("================================\n");

    // Check for admin privileges
    if !is_elevated() {
        eprintln!("ERROR: This demo requires Administrator privileges!");
        eprintln!("   Please run: cargo run --example live_demo --release");
        eprintln!("   from an Administrator command prompt.\n");
        std::process::exit(1);
    }

    println!("Running with Administrator privileges\n");

    // Step 1: Initialize WFP Engine
    println!("Step 1: Opening WFP Engine session...");
    let engine = WfpEngine::new()?;
    println!("   Engine session opened\n");

    // Step 2: Register Provider & Sublayer
    println!("Step 2: Registering WFP provider & sublayer...");
    initialize_wfp(&engine)?;
    println!("   Provider & sublayer registered\n");

    // Step 3: Subscribe to network events
    println!("Step 3: Subscribing to network events...");
    let event_subscription = WfpEventSubscription::new(&engine)?;
    println!("   Event subscription active\n");

    // Step 4: Add blocking filter for curl.exe
    println!("Step 4: Adding block filter for curl.exe...");
    let curl_path = find_curl_path();
    println!("   Target: {}", curl_path.display());

    let block_rule = FilterRule::new("Block curl.exe", Direction::Outbound, Action::Block)
        .with_weight(FilterWeight::UserBlock)
        .with_app_path(curl_path.clone());

    let filter_id = FilterBuilder::add_filter(&engine, &block_rule)?;
    println!("   Filter added (ID: {})\n", filter_id);

    // Step 5: Monitor events
    println!("Step 5: Monitoring network events...");
    println!("   Press Ctrl+C to stop\n");
    println!("TIP: In another terminal, run:");
    println!("   > curl https://google.com");
    println!("   You should see the connection BLOCKED below!\n");
    println!("===================================================\n");

    let start_time = std::time::Instant::now();
    let mut event_count = 0;

    loop {
        match event_subscription.try_recv() {
            Ok(event) => {
                event_count += 1;
                print_event(&event, event_count);
            }
            Err(std::sync::mpsc::TryRecvError::Empty) => {
                thread::sleep(Duration::from_millis(100));
            }
            Err(std::sync::mpsc::TryRecvError::Disconnected) => {
                println!("\nEvent channel disconnected!");
                break;
            }
        }

        // Auto-stop after 60 seconds for demo
        if start_time.elapsed() > Duration::from_secs(60) {
            println!("\nDemo timeout (60s) - stopping...");
            break;
        }
    }

    // Cleanup
    println!("\nCleaning up...");
    FilterBuilder::delete_filter(&engine, filter_id)?;
    println!("   Filter removed");
    drop(event_subscription);
    println!("   Event subscription closed");
    drop(engine);
    println!("   Engine session closed\n");

    println!("Demo complete! {} events captured.", event_count);
    Ok(())
}

pub fn new_with_flags(flags: u32) -> WfpResult<Self>

Open a new WFP engine session with custom flags

Arguments

• flags - Session flags (e.g., FWPM_SESSION_FLAG_DYNAMIC for automatic cleanup)

Errors

Returns WfpError::EngineOpenFailed if session creation fails.

pub fn handle(&self) -> HANDLE

Get raw handle to WFP engine session

Safety

The handle is only valid while this WfpEngine instance is alive. Do not close the handle manually - it will be closed automatically on drop.

pub fn is_valid(&self) -> bool

Check if session is valid

Trait Implementations

impl Debug for WfpEngine

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Drop for WfpEngine

fn drop(&mut self)

Automatically close WFP engine session when dropped

impl Send for WfpEngine