Compartilhar via


FWPS_INCOMING_METADATA_VALUES0 (Compact 2013)

3/26/2014

This structure defines metadata values that the filter engine passes to a callout's classifyFn callout function.

Syntax

typedef struct FWPS_INCOMING_METADATA_VALUES0_ {
  UINT32  currentMetadataValues;
  UINT32  flags;
  UINT64  reserved;
  FWPS_DISCARD_METADATA0  discardMetadata;
  UINT64  flowHandle;
  UINT32  ipHeaderSize;
  UINT32  transportHeaderSize;
  FWP_BYTE_BLOB  *processPath;
  UINT64  token;
  UINT64  processId;
  UINT32  sourceInterfaceIndex;
  UINT32  destinationInterfaceIndex;
  ULONG  compartmentId;
  FWPS_INBOUND_FRAGMENT_METADATA0  fragmentMetadata;
  ULONG  pathMtu;
  HANDLE completionHandle;
  UINT64 transportEndpointHandle;
  SCOPE_ID remoteScopeId;
  WSACMSGHDR* controlData;
  ULONG controlDataLength;
  FWP_DIRECTION packetDirection;
#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
  PVOID headerIncludeHeader;
  ULONG headerIncludeHeaderLength;
#endif
} FWPS_INCOMING_METADATA_VALUES0;

Members

  • currentMetadataValues
    A UINT32 value that contains a bitwise OR of a combination of Metadata Field Identifiers that specify which metadata values are set in the structure
  • flags
    Used internally by the filter engine. Callout drivers should ignore this member.
  • reserved
    Used internally by the filter engine. Callout drivers should ignore this member.
  • discardMetadata
    An FWPS_DISCARD_METADATA0 structure that describes why the data was discarded. This member contains valid data only if the FWPS_METADATA_FIELD_DISCARD_REASON flag is set in the currentMetadataValues member.
  • flowHandle
    A handle for the data flow. This member contains valid data only if the FWPS_METADATA_FIELD_FLOW_HANDLE flag is set in the currentMetadataValues member.
  • ipHeaderSize
    The offset, in bytes, of the IP header.

    On incoming paths, ipHeaderSize, when it is used together with the transportHeaderSize member, specifies the number of bytes to retreat from the data offset location to the beginning of the IP header.

    On the following incoming ICMP error layers, ipHeaderSize alone specifies the total number of bytes to retreat from the data offset to the beginning of the IP header:

    • FWPS_LAYER_INBOUND_ICMP_ERROR_V4
    • FWPS_LAYER_INBOUND_ICMP_ERROR_V6
    • FWPS_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD
    • FWPS_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD

    On outbound paths, if ipHeaderSize is greater than zero, it specifies the number of bytes to advance from the data offset location to the end of the IP header.

    This member is not applicable to the outbound path at the following layers:

    • FWPS_LAYER_DATAGRAM_DATA_V4
    • FWPS_LAYER_DATAGRAM_DATA_V6
    • FWPS_LAYER_DATAGRAM_DATA_V4_DISCARD
    • FWPS_LAYER_DATAGRAM_DATA_V6_DISCARD

    This member contains valid data only if the FWPS_METADATA_FIELD_IP_HEADER_SIZE flag is set in the currentMetadataValues member.

  • transportHeaderSize
    The offset or size, in bytes, of the transport header.

    On inbound paths, transportHeaderSize specifies the number of bytes to retreat from the data offset location to the end of the transport header.

    On the following inbound ICMP error layers, transportHeaderSize specifies the size of the ICMP header:

    • FWPS_LAYER_INBOUND_ICMP_ERROR_V4
    • FWPS_LAYER_INBOUND_ICMP_ERROR_V6
    • FWPS_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD
    • FWPS_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD

    On outbound paths, transportHeaderSize specifies the number of bytes to advance from the data offset location to the end of the transport header.

    This member contains valid data only if the FWPS_METADATA_FIELD_TRANSPORT_HEADER_SIZE flag is set in the currentMetadataValues member.

  • processPath
    A pointer to an FWP_BYTE_BLOB structure that contains the full path to the process that owns the endpoint. This member contains valid data only if the FWPS_METADATA_FIELD_PROCESS_PATH flag is set in the currentMetadataValues member.
  • token
    A handle for the token that is used to validate the permissions for the user. This member contains valid data only if the FWPS_METADATA_FIELD_TOKEN flag is set in the currentMetadataValues member.
  • processId
    The process ID for the process that owns the endpoint. This member contains valid data only if the FWPS_METADATA_FIELD_PROCESS_ID flag is set in the currentMetadataValues member.
  • sourceInterfaceIndex
    The index of the network interface where an incoming packet was received. This member contains valid data only if the FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX flag is set in the currentMetadataValues member.
  • destinationInterfaceIndex
    The index of the network interface where an outgoing packet is to be sent. This member contains valid data only if the FWPS_METADATA_FIELD_DESTINATION_INTERFACE_INDEX flag is set in the currentMetadataValues member.
  • compartmentId
    The identifier of the routing compartment in which the packet was either received or is being sent. Any modified packets should be injected back into the same routing compartment that is indicated for the original packet. This member contains valid data only if the FWPS_METADATA_FIELD_COMPARTMENT_ID flag is set in the currentMetadataValues member.
  • fragmentMetadata
    An FWPS_INBOUND_FRAGMENT_METADATA0 structure that describes the fragment data for a received packet fragment. This member contains valid data only if the FWPS_METADATA_FIELD_FRAGMENT_DATA flag is set in the currentMetadataValues member.
  • pathMtu
    The path maximum transmission unit (path MTU) for an outgoing packet. This value indicates the largest physical packet size, in bytes, that a network can transmit without fragmentation, This member contains valid data only if the FWPS_METADATA_FIELD_PATH_MTU flag is set in the currentMetadataValues member.
  • completionHandle
    A completion handle that is required to pend the current filtering operation. This member contains valid data only if the FWPS_METADATA_FIELD_COMPLETION_HANDLE flag is set in the currentMetadataValues member.
  • transportEndpointHandle
    An endpoint handle that indicates the end of the packet to be injected into the outgoing transport layer. This member contains valid data only if the FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE flag is set in the currentMetadataValues member.
  • remoteScopeId
    The remote scope identifier to be used in outgoing transport layer injection. This member contains valid data only if the FWPS_METADATA_FIELD_REMOTE_SCOPE_ID flag is set in the currentMetadataValues member.
  • controlData
    An optional socket control data object. This member contains valid data only if the FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA flag is set in the currentMetadataValues member.
  • controlDataLength
    The length, in bytes, of the controlData member.
  • packetDirection
    The direction of network traffic (incoming or outbound) as specified by one of the constant values of FWP_DIRECTION. This member contains valid data only if the FWPS_METADATA_FIELD_PACKET_DIRECTION flag is set in the currentMetadataValues member.
  • headerIncludeHeader
    A pointer to the IP header if the packet is sent from a raw socket.
  • headerIncludeHeaderLength
    The length, in bytes, of the IP header that is pointed to by headerIncludeHeader.

Remarks

The WFP Filter Engine passes a pointer to an FWPS_INCOMING_METADATA_VALUES0 structure to a callout's classifyFn callout function. The metadata values that are contained in the structure are not processed by the filter engine, but are supplied to a callout's classifyFn callout function to provide additional information.

A callout driver can use the following macro to test whether a specific metadata value is present in an FWPS_INCOMING_METADATA_VALUES0 structure:

FWPS_IS_METADATA_FIELD_PRESENT(metadataValues, metadataField)
  • metadataValues
    A pointer to an FWPS_INCOMING_METADATA_VALUES0 structure
  • metadataField
    The metadata field identifier for the metadata value being tested

Requirements

Header

fwpsk.h

See Also

Reference

WFP Callout Driver Structures
classifyFn
FWPS_DISCARD_METADATA0
FWPS_INBOUND_FRAGMENT_METADATA0
FWPS_INCOMING_METADATA_VALUES0
WFP Callout Driver Metadata Field Identifiers
WFP Callout Driver Reference

Other Resources

FWP_BYTE_BLOB
FWP_DIRECTION