FWPM_NET_EVENT_HEADER0 (Compact 2013)

3/26/2014

This structure contains information common to all events.

Syntax

typedef struct FWPM_NET_EVENT_HEADER0_ {
  FILETIME timeStamp;
  UINT32 flags;
  FWP_IP_VERSION ipVersion;
  UINT8 ipProtocol;
  union {
    UINT32 localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32 remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16 localPort;
  UINT16 remotePort;
  UINT32 scopeId;
  FWP_BYTE_BLOB appId;
  SID* userId;
} FWPM_NET_EVENT_HEADER0;

Members

  • timeStamp
    A FILETIME structure that specifies the time the event occurred.
  • flags
    Unused fields must be zero-initialized.

    Possible flags values are listed in the Remarks section below.

  • ipVersion
    A FWP_IP_VERSION value that specifies the IP version being used.
  • ipProtocol
    IP protocol specified as an IPPROTO value.
  • localAddrV4
    Specifies an IPv4 local address.

    Available when ipVersion is FWP_IP_VERSION_V4.

  • localAddrV6
    A FWP_BYTE_ARRAY16 that contains an IPv6 local address.

    Available when ipVersion is FWP_IP_VERSION_V6.

  • remoteAddrV4
    Specifies an IPv4 remote address.

    Available when ipVersion is FWP_IP_VERSION_V4.

  • remoteAddrV6
    A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.

    Available when ipVersion is FWP_IP_VERSION_V6.

  • localPort
    Specifies a local port.
  • remotePort
    Specifies a remote port.
  • scopeId
    IPv6 scope ID.
  • appId
    A FWP_BYTE_BLOB that contains the application ID of the local application associated with the event.
  • userId
    Contains a user ID that corresponds to the traffic.

Remarks

The following is a list of the possible values for the flags data member:

Value

Meaning

FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET

The ipProtocol member is set

FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET

Either the localAddrV4 member or the localAddrV6 member is set

Gg158399.note(en-us,WinEmbedded.80).gifNote:
If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.

FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET

Either the remoteAddrV4 member of the remoteAddrV6 field is set

Gg158399.note(en-us,WinEmbedded.80).gifNote:
If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.

FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET

The localPort member is set

FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET

The remotePort member is set

FWPM_NET_EVENT_FLAG_APP_ID_SET

The appId member is set

FWPM_NET_EVENT_FLAG_USER_ID_SET

The userId member is set

FWPM_NET_EVENT_FLAG_SCOPE_ID_SET

The scopeId member is set

FWPM_NET_EVENT_FLAG_IP_VERSION_SET

The ipVersion member is set

Requirements

Header

fwpmu.h

See Also

Reference

WFP Management Structures

Other Resources

Windows Filtering Platform