FwpmConnectionPolicyAdd0 function (fwpmk.h)
The FwpmConnectionPolicyAdd0API function configures routing policies for outbound connections.
Syntax
NTSTATUS FwpmConnectionPolicyAdd0(
[in] HANDLE engineHandle,
[in] const FWPM_PROVIDER_CONTEXT3 *connectionPolicy,
[in] FWP_IP_VERSION ipVersion,
[in] UINT64 weight,
[in] UINT32 numFilterConditions,
[in, reads(numFilterConditions)] const FWPM_FILTER_CONDITION0 *filterConditions,
[in, optional] PSECURITY_DESCRIPTOR sd
);
Parameters
[in] engineHandle
A handle to an open session with the filter engine. To open a session with the filter engine, call FwpmEngineOpen0.
[in] connectionPolicy
The state associated with a provider context.
[in] ipVersion
IP version of the traffic.
[in] weight
Specifies the weight that this Trusted Intermediary Agent (TIA) should be given compared to any peers.
[in] numFilterConditions
The number of elements in filterConditions.
[in, reads(numFilterConditions)] filterConditions
A filter condition that must be true for the action to be taken.
Of the possible match conditions (see Filtering condition identifiers), the ones in the following list are supported by FwpmConnectionPolicyAdd0. Set these values in FWPM_FILTER_CONDITION0::fieldKey.
- FWPM_CONDITION_ALE_APP_ID
- FWPM_CONDITION_ALE_USER_ID
- FWPM_CONDITION_IP_LOCAL_ADDRESS
- FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE
- FWPM_CONDITION_IP_LOCAL_PORT
- FWPM_CONDITION_IP_PROTOCOL
- FWPM_CONDITION_IP_REMOTE_ADDRESS
- FWPM_CONDITION_IP_DESTINATION_ADDRESS_TYPE
- FWPM_CONDITION_IP_REMOTE_PORT
- FWPM_CONDITION_FLAGS
- FWPM_CONDITION_ALE_ORIGINAL_APP_ID
- FWPM_CONDITION_ALE_PACKAGE_ID
- FWPM_CONDITION_COMPARTMENT_ID
[in, optional] sd
The security information.
Return value
| Return code/value | Description |
|---|---|
| ERROR_SUCCESS 0 |
The routing policy was successfully configured. |
| FWP_E_* error code 0x80320001—0x80320039 |
A Windows Filtering Platform (WFP) specific error. See WFP Error Codes for details. |
| RPC_* error code 0x80010001—0x80010122 |
Failure to communicate with the remote or local firewall engine. |
| Other NTSTATUS codes | An error occurred. |
Remarks
The TCP/IP stack supports destination address-based routing for outbound connections. FwpmConnectionPolicyAdd0API allows you to configure more expressive routing policies for outbound connections, and thereby to enable more complex scenarios such as source address-based routing, process-based routing, port-based routing, and others. A connection policy consists of an array of match conditions, an array of route settings, and an associated weight. You can configure multiple policies, and they are evaluated based on their configured weights for an outbound connection (a higher weight takes precedence). The route setting of the first policy whose conditions (ANDed) matches the outbound connection is applied.
These are the supported route settings (see FWP_NETWORK_CONNECTION_POLICY_SETTING_TYPE):
FWP_NETWORK_CONNECTION_POLICY_SOURCE_ADDRESS. The source address to use for the connection. The value should be a FWP_UINT32 for an IPv4 address, and a FWP_BYTE_ARRAY16_TYPE for an IPv6 address.
FWP_NETWORK_CONNECTION_POLICY_NEXT_HOP_INTERFACE. The LUID of the outgoing interface to use for the connection. The value should be a FWP_UINT64.
FWP_NETWORK_CONNECTION_POLICY_NEXT_HOP. The nexthop address (or gateway) to use for the connection. The value should be a FWP_UINT32 for an IPv4 address, and a FWP_BYTE_ARRAY16_TYPE for an IPv6 address.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Available starting with Windows Vista. |
| Target Platform | Universal |
| Header | fwpmk.h |
| Library | fwpkclnt.lib |
| IRQL | <= PASSIVE_LEVEL |