Microsoft-Pef-WFP-MessageProvider

19 events across 1 channel

Event ID	Title	Channel
2000	The generic ETW message fragment that ORT can reassemble.	Diagnostic
10001	Driver Load	Diagnostic
10002	Driver Unload	Diagnostic
10003	Callout Register	Diagnostic
10004	Callout Unregister	Diagnostic
10005	Callout Notify Filter Add	Diagnostic
10006	Callout Notify Filter Delete	Diagnostic
20001	An error was encountered while loading the driver.	Diagnostic
20002	An error was encountered while unloading the driver.	Diagnostic
20003	An error was encountered while registering a callout.	Diagnostic
20004	An error was encountered while unregistering a callout.	Diagnostic
20005	An error was encountered in a classify function.	Diagnostic
60011	The Transport Layer Message for IPv4.	Diagnostic
60012	The Transport Layer Message for IPv4.	Diagnostic
60021	The Transport Layer Message for IPv6.	Diagnostic
60022	The Transport Layer Message for IPv6.	Diagnostic
60031	The ALE Layer Message for IPv4.	Diagnostic
60041	The Transport Layer Message for IPv6.	Diagnostic
60050	A packet has been discarded.	Diagnostic

Event ID 2000 — The generic ETW message fragment that ORT can reassemble.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

The generic ETW message fragment that ORT can reassemble.

Message #

The generic ETW message fragment that ORT can reassemble.

Fields #

Name	Description
`FragmentEventId` UInt16	—
`GroupId` UInt32	—
`ByteLength` UInt32	—
`Payload` Binary	—

Event ID 10001 — Driver Load

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

Driver Load.

Message #

Driver Load

Fields #

Name	Description
`DriverName` UnicodeString	—
`MajorVersion` UInt16	—
`MinorVersion` UInt16	—

Event ID 10002 — Driver Unload

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

Driver Unload.

Message #

Driver Unload

Fields #

Name	Description
`DriverName` UnicodeString	—
`MajorVersion` UInt16	—
`MinorVersion` UInt16	—

Event ID 10003 — Callout Register

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

Callout Register.

Message #

Callout Register

Fields #

Name	Description
`Callout` UInt32	—

Event ID 10004 — Callout Unregister

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

Callout Unregister.

Message #

Callout Unregister

Fields #

Name	Description
`Callout` UInt32	—

Event ID 10005 — Callout Notify Filter Add

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

Callout Notify Filter Add.

Message #

Callout Notify Filter Add

Fields #

Name	Description
`FilterId` UInt64	—
`Callout` UInt32	—
`FilterWeight` UInt64	—

Event ID 10006 — Callout Notify Filter Delete

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

Callout Notify Filter Delete.

Message #

Callout Notify Filter Delete

Fields #

Name	Description
`FilterId` UInt64	—
`Callout` UInt32	—
`FilterWeight` UInt64	—

Event ID 20001 — An error was encountered while loading the driver.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

An error was encountered while loading the driver.

Message #

An error was encountered while loading the driver.

Fields #

Name	Description
`ErrorMessage` UnicodeString	—
`NTSTATUS` UInt32	—

Event ID 20002 — An error was encountered while unloading the driver.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

An error was encountered while unloading the driver.

Message #

An error was encountered while unloading the driver.

Fields #

Name	Description
`ErrorMessage` UnicodeString	—
`NTSTATUS` UInt32	—

Event ID 20003 — An error was encountered while registering a callout.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

An error was encountered while registering a callout.

Message #

An error was encountered while registering a callout.

Fields #

Name	Description
`Callout` UInt32	—
`ErrorMessage` UnicodeString	—
`NTSTATUS` UInt32	—

Event ID 20004 — An error was encountered while unregistering a callout.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

An error was encountered while unregistering a callout.

Message #

An error was encountered while unregistering a callout.

Fields #

Name	Description
`Callout` UInt32	—
`ErrorMessage` UnicodeString	—
`NTSTATUS` UInt32	—

Event ID 20005 — An error was encountered in a classify function.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

An error was encountered in a classify function.

Message #

An error was encountered in a classify function.

Fields #

Name	Description
`Callout` UInt32	—
`ErrorMessage` UnicodeString	—
`NTSTATUS` UInt32	—

Event ID 60011 — The Transport Layer Message for IPv4.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

The Transport Layer Message for IPv4. The Transport header is in the MessageFrame.

Message #

The Transport Layer Message for IPv4. The Transport header is in the MessageFrame.

Fields #

Name	Description
`SourceAddress` UInt32	—
`DestinationAddress` UInt32	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`ByteLength` UInt16	—
`MessageFrame` Binary	—

Event ID 60012 — The Transport Layer Message for IPv4.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

The Transport Layer Message for IPv4. The Transport header is in the MessageFrame.

Message #

The Transport Layer Message for IPv4. The Transport header is in the MessageFrame.

Fields #

Name	Description
`SourceAddress` UInt32	—
`DestinationAddress` UInt32	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`FlowHandle` UInt64	—
`ByteLength` UInt16	—
`MessageFrame` Binary	—

Event ID 60021 — The Transport Layer Message for IPv6.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

The Transport Layer Message for IPv6. The Transport header is in the MessageFrame.

Message #

The Transport Layer Message for IPv6. The Transport header is in the MessageFrame.

Fields #

Name	Description
`SourceAddress` Binary	—
`DestinationAddress` Binary	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`ByteLength` UInt16	—
`MessageFrame` Binary	—

Event ID 60022 — The Transport Layer Message for IPv6.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

The Transport Layer Message for IPv6. The Transport header is in the MessageFrame.

Message #

The Transport Layer Message for IPv6. The Transport header is in the MessageFrame.

Fields #

Name	Description
`SourceAddress` Binary	—
`DestinationAddress` Binary	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`FlowHandle` UInt64	—
`ByteLength` UInt16	—
`MessageFrame` Binary	—

Event ID 60031 — The ALE Layer Message for IPv4.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

The ALE Layer Message for IPv4.

Message #

The ALE Layer Message for IPv4.

Fields #

Name	Description
`SourceAddress` UInt32	—
`DestinationAddress` UInt32	—
`SourcePort` UInt16	—
`DestinationPort` UInt16	—
`Luid` UInt64	—
`Direction` UInt8	— Known values `%%14592` Inbound `%%14593` Outbound `%%14594` Forward `%%14595` Bidirectional
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`FlowHandle` UInt64	—
`ProcessId` UInt64	—
`ByteLength` UInt16	—
`ProcessPath` Binary	—

Event ID 60041 — The Transport Layer Message for IPv6.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

The Transport Layer Message for IPv6.

Message #

The Transport Layer Message for IPv6.

Fields #

Name	Description
`SourceAddress` Binary	—
`DestinationAddress` Binary	—
`SourcePort` UInt16	—
`DestinationPort` UInt16	—
`Luid` UInt64	—
`Direction` UInt8	— Known values `%%14592` Inbound `%%14593` Outbound `%%14594` Forward `%%14595` Bidirectional
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`FlowHandle` UInt64	—
`ProcessId` UInt64	—
`ByteLength` UInt16	—
`ProcessPath` Binary	—

Event ID 60050 — A packet has been discarded.

Provider: Microsoft-Pef-WFP-MessageProvider
Channel: Diagnostic

Description

A packet has been discarded.

Message #

A packet has been discarded.

Fields #

Name	Description
`DiscardModule` UInt8	—
`DiscardReason` UInt32	—
`DiscardFilterID` UInt64	—