FwpmConnectionPolicyAdd0 function (fwpmk.h)

The FwpmConnectionPolicyAdd0API function configures routing policies for outbound connections.

Syntax

NTSTATUS FwpmConnectionPolicyAdd0(
  [in]                             HANDLE                       engineHandle,
  [in]                             const FWPM_PROVIDER_CONTEXT3 *connectionPolicy,
  [in]                             FWP_IP_VERSION               ipVersion,
  [in]                             UINT64                       weight,
  [in]                             UINT32                       numFilterConditions,
  [in, reads(numFilterConditions)] const FWPM_FILTER_CONDITION0 *filterConditions,
  [in, optional]                   PSECURITY_DESCRIPTOR         sd
);

Parameters

[in] engineHandle

A handle to an open session with the filter engine. To open a session with the filter engine, call FwpmEngineOpen0.

[in] connectionPolicy

The state associated with a provider context.

[in] ipVersion

IP version of the traffic.

[in] weight

Specifies the weight that this Trusted Intermediary Agent (TIA) should be given compared to any peers.

[in] numFilterConditions

The number of elements in filterConditions.

[in, reads(numFilterConditions)] filterConditions

A filter condition that must be true for the action to be taken.

Of the possible match conditions (see Filtering condition identifiers), the ones in the following list are supported by FwpmConnectionPolicyAdd0. Set these values in FWPM_FILTER_CONDITION0::fieldKey.

  • FWPM_CONDITION_ALE_APP_ID
  • FWPM_CONDITION_ALE_USER_ID
  • FWPM_CONDITION_IP_LOCAL_ADDRESS
  • FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE
  • FWPM_CONDITION_IP_LOCAL_PORT
  • FWPM_CONDITION_IP_PROTOCOL
  • FWPM_CONDITION_IP_REMOTE_ADDRESS
  • FWPM_CONDITION_IP_DESTINATION_ADDRESS_TYPE
  • FWPM_CONDITION_IP_REMOTE_PORT
  • FWPM_CONDITION_FLAGS
  • FWPM_CONDITION_ALE_ORIGINAL_APP_ID
  • FWPM_CONDITION_ALE_PACKAGE_ID
  • FWPM_CONDITION_COMPARTMENT_ID

[in, optional] sd

The security information.

Return value

Return code/value Description
ERROR_SUCCESS
0
The routing policy was successfully configured.
FWP_E_* error code
0x80320001—0x80320039
A Windows Filtering Platform (WFP) specific error. See WFP Error Codes for details.
RPC_* error code
0x80010001—0x80010122
Failure to communicate with the remote or local firewall engine.
Other NTSTATUS codes An error occurred.

Remarks

The TCP/IP stack supports destination address-based routing for outbound connections. FwpmConnectionPolicyAdd0API allows you to configure more expressive routing policies for outbound connections, and thereby to enable more complex scenarios such as source address-based routing, process-based routing, port-based routing, and others. A connection policy consists of an array of match conditions, an array of route settings, and an associated weight. You can configure multiple policies, and they are evaluated based on their configured weights for an outbound connection (a higher weight takes precedence). The route setting of the first policy whose conditions (ANDed) matches the outbound connection is applied.

These are the supported route settings (see FWP_NETWORK_CONNECTION_POLICY_SETTING_TYPE):

FWP_NETWORK_CONNECTION_POLICY_SOURCE_ADDRESS. The source address to use for the connection. The value should be a FWP_UINT32 for an IPv4 address, and a FWP_BYTE_ARRAY16_TYPE for an IPv6 address.

FWP_NETWORK_CONNECTION_POLICY_NEXT_HOP_INTERFACE. The LUID of the outgoing interface to use for the connection. The value should be a FWP_UINT64.

FWP_NETWORK_CONNECTION_POLICY_NEXT_HOP. The nexthop address (or gateway) to use for the connection. The value should be a FWP_UINT32 for an IPv4 address, and a FWP_BYTE_ARRAY16_TYPE for an IPv6 address.

Requirements

Requirement Value
Minimum supported client Available starting with Windows Vista.
Target Platform Universal
Header fwpmk.h
Library fwpkclnt.lib
IRQL <= PASSIVE_LEVEL

See also