Networking and Internet
Windows Filtering Platform
Windows Filtering Platform API Reference
WFP Structures
Management Structures
FWPM_ACTION0
FWPM_CALLOUT0
FWPM_CALLOUT_CHANGE0
FWPM_CALLOUT_ENUM_TEMPLATE0
FWPM_CALLOUT_SUBSCRIPTION0
FWPM_CLASSIFY_OPTION0
FWPM_CLASSIFY_OPTIONS0
FWPM_CONNECTION0
FWPM_CONNECTION_ENUM_TEMPLATE0
FWPM_CONNECTION_SUBSCRIPTION0
FWPM_DISPLAY_DATA0
FWPM_FIELD0
FWPM_FILTER0
FWPM_FILTER_CHANGE0
FWPM_FILTER_CONDITION0
FWPM_FILTER_ENUM_TEMPLATE0
FWPM_FILTER_SUBSCRIPTION0
FWPM_LAYER0
FWPM_LAYER_ENUM_TEMPLATE0
FWPM_LAYER_STATISTICS0
FWPM_NET_EVENT0
FWPM_NET_EVENT1
FWPM_NET_EVENT2
FWPM_NET_EVENT_CAPABILITY_ALLOW0
FWPM_NET_EVENT_CAPABILITY_DROP0
FWPM_NET_EVENT_CLASSIFY_ALLOW0
FWPM_NET_EVENT_CLASSIFY_DROP0
FWPM_NET_EVENT_CLASSIFY_DROP1
FWPM_NET_EVENT_CLASSIFY_DROP2
FWPM_NET_EVENT_CLASSIFY_DROP_MAC0
FWPM_NET_EVENT_ENUM_TEMPLATE0
FWPM_NET_EVENT_HEADER0
FWPM_NET_EVENT_HEADER1
FWPM_NET_EVENT_HEADER2
FWPM_NET_EVENT_IKEEXT_EM_FAILURE0
FWPM_NET_EVENT_IKEEXT_EM_FAILURE1
FWPM_NET_EVENT_IKEEXT_MM_FAILURE0
FWPM_NET_EVENT_IKEEXT_MM_FAILURE1
FWPM_NET_EVENT_IKEEXT_QM_FAILURE0
FWPM_NET_EVENT_IPSEC_DOSP_DROP0
FWPM_NET_EVENT_IPSEC_KERNEL_DROP0
FWPM_NET_EVENT_SUBSCRIPTION0
FWPM_PROVIDER0
FWPM_PROVIDER_CHANGE0
FWPM_PROVIDER_CONTEXT0
FWPM_PROVIDER_CONTEXT1
FWPM_PROVIDER_CONTEXT2
FWPM_PROVIDER_CONTEXT_CHANGE0
FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0
FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0
FWPM_PROVIDER_ENUM_TEMPLATE0
FWPM_PROVIDER_SUBSCRIPTION0
FWPM_SESSION0
FWPM_SESSION_ENUM_TEMPLATE0
FWPM_STATISTICS0
FWPM_SUBLAYER0
FWPM_SUBLAYER_CHANGE0
FWPM_SUBLAYER_ENUM_TEMPLATE0
FWPM_SUBLAYER_SUBSCRIPTION0
FWPM_SYSTEM_PORTS0
FWPM_SYSTEM_PORTS_BY_TYPE0
FWPM_VSWITCH_EVENT0
FWPM_VSWITCH_EVENT_SUBSCRIPTION0
Expand Minimize
This topic has not yet been rated - Rate this topic

FWPM_NET_EVENT_HEADER2 structure

The FWPM_NET_EVENT_HEADER2 structure contains information common to all events.

Note  FWPM_NET_EVENT_HEADER2 is the specific implementation of FWPM_NET_EVENT_HEADER available for Windows 8. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows Vista and Windows 7, FWPM_NET_EVENT_HEADER0 is available.

Syntax

C++
Copy 

typedef struct FWPM_NET_EVENT_HEADER2_ {
  FILETIME       timeStamp;
  UINT32         flags;
  FWP_IP_VERSION ipVersion;
  UINT8          ipProtocol;
  union {
    UINT32           localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32           remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16         localPort;
  UINT16         remotePort;
  UINT32         scopeId;
  FWP_BYTE_BLOB  appId;
  SID            *userId;
  FWP_AF         addressFamily;
  SID            *packageSid;
} FWPM_NET_EVENT_HEADER2;

Members

timeStamp

Type: FILETIME

Time that the event occurred.

flags

Type: UINT32

Flags indicating which of the following members are set. Unused fields must be zero-initialized.

Net event flagMeaning
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET

The ipProtocol member is set.

FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET

Either the localAddrV4 or localAddrV6 member is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.

FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET

Either the remoteAddrV4 or remoteAddrV6 member is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.

FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET

The localPort member is set.

FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET

The remotePort member is set.

FWPM_NET_EVENT_FLAG_APP_ID_SET

The appId member is set.

FWPM_NET_EVENT_FLAG_USER_ID_SET

The userId member is set.

FWPM_NET_EVENT_FLAG_SCOPE_ID_SET

The scopeId member is set.

FWPM_NET_EVENT_FLAG_IP_VERSION_SET

The ipVersion member is set.

FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET

Indicates an existing connection was reauthorized.

FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET

The packageSid member is set.

 

ipVersion

Type: FWP_IP_VERSION

The IP version being used.

ipProtocol

Type: UINT8

The IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.

localAddrV4

Type: UINT32

The IPv4 local address.

Available when ipVersion is FWP_IP_VERSION_V4.

localAddrV6

Type: FWP_BYTE_ARRAY16

The IPv6 local address.

Available when ipVersion is FWP_IP_VERSION_V6.

remoteAddrV4

Type: UINT32

The IPv4 remote address.

Available when ipVersion is FWP_IP_VERSION_V4.

remoteAddrV6

Type: FWP_BYTE_ARRAY16

The IPv6 remote address.

Available when ipVersion is FWP_IP_VERSION_V6.

localPort

Type: UINT16

The local port.

remotePort

Type: UINT16

The remote port.

scopeId

Type: UINT32

The IPv6 scope ID.

appId

Type: FWP_BYTE_BLOB

The application ID of the local application associated with the event.

userId

Type: SID*

The user ID corresponding to the traffic.

addressFamily

Type: FWP_AF

A superset of non-Internet protocols.

Available when ipVersion is FWP_IP_VERSION_NONE.

packageSid

Type: SID*

The security identifier (SID) representing the package identifier (also referred to as the app container SID) intending to send or receive the network traffic.

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Header
Fwpmtypes.h

IDL
Fwpmtypes.idl

See also

FWP_IP_VERSION
FWP_AF
FWP_BYTE_ARRAY16
FWP_BYTE_BLOB

 

 

Send comments about this topic to Microsoft

Build date: 11/14/2012

Community Additions

ADD
Help us help you
Answer questions that we’ll use to make the Dev Center better.
Was this page helpful?
Your feedback about this content is important
Let us know what you think.
Additional feedback?
Thank you!
We appreciate your feedback.
© 2013 Microsoft. All rights reserved.