FWPM_NET_EVENT_HEADER0 (Compact 2013)
3/26/2014
This structure contains information common to all events.
Syntax
typedef struct FWPM_NET_EVENT_HEADER0_ {
FILETIME timeStamp;
UINT32 flags;
FWP_IP_VERSION ipVersion;
UINT8 ipProtocol;
union {
UINT32 localAddrV4;
FWP_BYTE_ARRAY16 localAddrV6;
};
union {
UINT32 remoteAddrV4;
FWP_BYTE_ARRAY16 remoteAddrV6;
};
UINT16 localPort;
UINT16 remotePort;
UINT32 scopeId;
FWP_BYTE_BLOB appId;
SID* userId;
} FWPM_NET_EVENT_HEADER0;
Members
- timeStamp
A FILETIME structure that specifies the time the event occurred.
flags
Unused fields must be zero-initialized.Possible flags values are listed in the Remarks section below.
- ipVersion
A FWP_IP_VERSION value that specifies the IP version being used.
- ipProtocol
IP protocol specified as an IPPROTO value.
localAddrV4
Specifies an IPv4 local address.Available when ipVersion is FWP_IP_VERSION_V4.
localAddrV6
A FWP_BYTE_ARRAY16 that contains an IPv6 local address.Available when ipVersion is FWP_IP_VERSION_V6.
remoteAddrV4
Specifies an IPv4 remote address.Available when ipVersion is FWP_IP_VERSION_V4.
remoteAddrV6
A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.Available when ipVersion is FWP_IP_VERSION_V6.
- localPort
Specifies a local port.
- remotePort
Specifies a remote port.
- scopeId
IPv6 scope ID.
- appId
A FWP_BYTE_BLOB that contains the application ID of the local application associated with the event.
- userId
Contains a user ID that corresponds to the traffic.
Remarks
The following is a list of the possible values for the flags data member:
Value |
Meaning |
---|---|
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET |
The ipProtocol member is set |
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET |
Either the localAddrV4 member or the localAddrV6 member is set
Note:
If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
|
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET |
Either the remoteAddrV4 member of the remoteAddrV6 field is set
Note:
If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
|
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET |
The localPort member is set |
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET |
The remotePort member is set |
FWPM_NET_EVENT_FLAG_APP_ID_SET |
The appId member is set |
FWPM_NET_EVENT_FLAG_USER_ID_SET |
The userId member is set |
FWPM_NET_EVENT_FLAG_SCOPE_ID_SET |
The scopeId member is set |
FWPM_NET_EVENT_FLAG_IP_VERSION_SET |
The ipVersion member is set |
Requirements
Header |
fwpmu.h |