This topic has not yet been rated - Rate this topic

FWPS_INCOMING_METADATA_VALUES0 structure

The FWPS_INCOMING_METADATA_VALUES0 structure defines metadata values that the filter engine passes to a callout's classifyFn callout function.

Syntax

C++


typedef struct FWPS_INCOMING_METADATA_VALUES0_ {
  UINT32                          currentMetadataValues;
  UINT32                          flags;
  UINT64                          reserved;
  FWPS_DISCARD_METADATA0          discardMetadata;
  UINT64                          flowHandle;
  UINT32                          ipHeaderSize;
  UINT32                          transportHeaderSize;
  FWP_BYTE_BLOB                   *processPath;
  UINT64                          token;
  UINT64                          processId;
  UINT32                          sourceInterfaceIndex;
  UINT32                          destinationInterfaceIndex;
  ULONG                           compartmentId;
  FWPS_INBOUND_FRAGMENT_METADATA0 fragmentMetadata;
  ULONG                           pathMtu;
  HANDLE                          completionHandle;
  UINT64                          transportEndpointHandle;
  SCOPE_ID                        remoteScopeId;
  WSACMSGHDR                      *controlData;
  ULONG                           controlDataLength;
  FWP_DIRECTION                   packetDirection;
#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
  PVOID                           headerIncludeHeader;
  ULONG                           headerIncludeHeaderLength;
#if (NTDDI_VERSION >= NTDDI_WIN7)
  IP_ADDRESS_PREFIX               destinationPrefix;
  UINT16                          frameLength;
  UINT64                          parentEndpointHandle;
  UINT32                          icmpIdAndSequence;
  DWORD                           localRedirectTargetPID;
  SOCKADDR                        *originalDestination;
#if (NTDDI_VERSION >= NTDDI_WIN8)
  HANDLE                          redirectRecords;
  UINT32                          currentL2MetadataValues;
  UINT32                          l2Flags;
  UINT32                          ethernetMacHeaderSize;
  UINT32                          wiFiOperationMode;
#if (NDIS_SUPPORT_NDIS630)
  NDIS_SWITCH_PORT_ID             vSwitchSourcePortId;
  NDIS_SWITCH_NIC_INDEX           vSwitchSourceNicIndex;
  NDIS_SWITCH_PORT_ID             vSwitchDestinationPortId;
#else 
  UINT32                          padding0;
  USHORT                          padding1;
  UINT32                          padding2;
#endif 
  HANDLE                          vSwitchPacketContext;
  UINT32                          l2ConnectionProfileIndex;
#endif 
#endif 
#endif 
#if (NTDDI_VERSION >= NTDDI_WIN8)
  PVOID                           subProcessTag;
  UINT64                          Reserved1;
#endif 
} FWPS_INCOMING_METADATA_VALUES0;

Members

currentMetadataValues

A UINT32 value that contains a bitwise OR of a combination of Metadata Field Identifiers that specify which metadata values are set in the structure.

flags

Used internally by the filter engine. Callout drivers should ignore this member.

reserved

Reserved for system use. Callout drivers should ignore this member.

discardMetadata

An FWPS_DISCARD_METADATA0 structure that describes the reason why the data was discarded. This member contains valid data only if the FWPS_METADATA_FIELD_DISCARD_REASON flag is set in the currentMetadataValues member.

flowHandle

A handle for the data flow. This member contains valid data only if the FWPS_METADATA_FIELD_FLOW_HANDLE flag is set in the currentMetadataValues member.

ipHeaderSize

The offset, in bytes, of the IP header.

On inbound paths, ipHeaderSize, when used in conjunction with the transportHeaderSize member, specifies the number of bytes to retreat from the data offset location to the beginning of the IP header.

On the following inbound ICMP error layers, ipHeaderSize alone specifies the total number of bytes to retreat from the data offset to the beginning of the IP header:

FWPS_LAYER_INBOUND_ICMP_ERROR_V4

FWPS_LAYER_INBOUND_ICMP_ERROR_V6

FWPS_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD

FWPS_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD

On outbound paths, if ipHeaderSize is greater than zero, it specifies the number of bytes to advance from the data offset location to the end of the IP header.

This member is not applicable to the outbound path at the following layers:

FWPS_LAYER_DATAGRAM_DATA_V4

FWPS_LAYER_DATAGRAM_DATA_V6

FWPS_LAYER_DATAGRAM_DATA_V4_DISCARD

FWPS_LAYER_DATAGRAM_DATA_V6_DISCARD

This member contains valid data only if the FWPS_METADATA_FIELD_IP_HEADER_SIZE flag is set in the currentMetadataValues member.

transportHeaderSize

The offset or size, in bytes, of the transport header.

On inbound paths, transportHeaderSize specifies the number of bytes to retreat from the data offset location to the end of the transport header.

On the following inbound ICMP error layers, transportHeaderSize specifies the size of the ICMP header:

FWPS_LAYER_INBOUND_ICMP_ERROR_V4

FWPS_LAYER_INBOUND_ICMP_ERROR_V6

FWPS_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD

FWPS_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD

On outbound paths, transportHeaderSize specifies the number of bytes to advance from the data offset location to the end of the transport header.

This member contains valid data only if the FWPS_METADATA_FIELD_TRANSPORT_HEADER_SIZE flag is set in the currentMetadataValues member.

processPath

A pointer to an FWP_BYTE_BLOB structure that contains the full path to the process that owns the endpoint. This member contains valid data only if the FWPS_METADATA_FIELD_PROCESS_PATH flag is set in the currentMetadataValues member.

token

A handle for the token used to validate the permissions for the user. This member contains valid data only if the FWPS_METADATA_FIELD_TOKEN flag is set in the currentMetadataValues member.

processId

The process ID for the process that owns the endpoint. This member contains valid data only if the FWPS_METADATA_FIELD_PROCESS_ID flag is set in the currentMetadataValues member.

sourceInterfaceIndex

The index of the network interface where an incoming packet was received. This member contains valid data only if the FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX flag is set in the currentMetadataValues member.

destinationInterfaceIndex

The index of the network interface where an outgoing packet is to be sent. This member contains valid data only if the FWPS_METADATA_FIELD_DESTINATION_INTERFACE_INDEX flag is set in the currentMetadataValues member.

compartmentId

The identifier of the routing compartment in which the packet either was received or is being sent. Any modified packets should be injected back into the same routing compartment that is indicated for the original packet. This member contains valid data only if the FWPS_METADATA_FIELD_COMPARTMENT_ID flag is set in the currentMetadataValues member.

fragmentMetadata

An FWPS_INBOUND_FRAGMENT_METADATA0 structure that describes the fragment data for a received packet fragment. This member contains valid data only if the FWPS_METADATA_FIELD_FRAGMENT_DATA flag is set in the currentMetadataValues member.

pathMtu

The path maximum transmission unit (path MTU) for an outbound packet. This value indicates the largest physical packet size, in bytes, that a network can transmit without fragmentation, This member contains valid data only if the FWPS_METADATA_FIELD_PATH_MTU flag is set in the currentMetadataValues member.

completionHandle

A completion handle that is required to pend the current filtering operation. This member contains valid data only if the FWPS_METADATA_FIELD_COMPLETION_HANDLE flag is set in the currentMetadataValues member.

transportEndpointHandle

An endpoint handle that indicates the end of the packet to be injected into the outbound transport layer. This member contains valid data only if the FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE flag is set in the currentMetadataValues member.

remoteScopeId

The remote scope identifier to be used in outbound transport layer injection. This member contains valid data only if the FWPS_METADATA_FIELD_REMOTE_SCOPE_ID flag is set in the currentMetadataValues member.

controlData

An optional socket control data object. This member contains valid data only if the FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA flag is set in the currentMetadataValues member. For information about the WSACMSGHDR type, see CMSGHDR.

controlDataLength

The length, in bytes, of the controlData member.

packetDirection

The direction of network traffic (inbound or outbound) as specified by one of the constant values of FWP_DIRECTION. This member is set at the application layer enforcement (ALE) connect or receive/accept layers during a reauthorization classify operation. For more information, see the Remarks section.

Note This member contains valid data only if the FWPS_METADATA_FIELD_PACKET_DIRECTION flag is set in the currentMetadataValues member.

headerIncludeHeader

A pointer to the IP header if the packet is sent from a raw socket.

Note Available only in Windows Server 2008, Windows Vista SP1, and later versions of Windows.

headerIncludeHeaderLength

The length, in bytes, of the IP header that is pointed to by headerIncludeHeader.

Note Available only in Windows Server 2008, Windows Vista SP1, and later versions of Windows.

destinationPrefix

The destination prefix.

Note Available only in Windows 7 and later versions of Windows.

frameLength

The frame length.

Note Available only in Windows 7 and later versions of Windows.

parentEndpointHandle

The handle of the endpoint's parent.

Note Available only in Windows 7 and later versions of Windows.

icmpIdAndSequence

The ICMP identifier and sequence.

Note Available only in Windows 7 and later versions of Windows.

localRedirectTargetPID

The PID of the process that is responsible for a redirected connection.

Note Available only in Windows 7 and later versions of Windows.

originalDestination

The original destination of a redirected connection.

Note Available only in Windows 7 and later versions of Windows.

redirectRecords

A redirect records handle that can be passed to the FwpsQueryConnectionRedirectState0 function to get the redirect state.