2.2.93 FW_QUERY

  • Article

This structure is used to query objects from the store. The structure contains a number of FW_QUERY_CONDITIONS elements. This structure can evaluate to either TRUE or FALSE. It evaluates to TRUE if at least one of the query conditions containers evaluates to TRUE; otherwise, if all evaluate to FALSE, it evaluates to FALSE.

 typedef struct _tag_FW_QUERY {
   unsigned SHORT wSchemaVersion;
   unsigned LONG dwNumEntries;
   [size_is(dwNumEntries)] FW_QUERY_CONDITIONS* ORConditions;
   FW_RULE_STATUS Status;
 } FW_QUERY,
  *PFW_QUERY;

wSchemaVersion: The schema version of the query object. The version MUST be at least 0x00020A.

dwNumEntries: This field specifies the number of query conditions containers that the structure contains.

ORConditions: A pointer to an array of FW_QUERY_CONDITIONS elements, which are all logically OR'd together. The number of elements is given by dwNumEntries.

Status: The status code of the query, as specified by the FW_RULE_STATUS enumeration. This field is filled out when the structure is returned as output. On input, this field SHOULD be set to FW_RULE_STATUS_OK.

The following are semantic checks that query object MUST pass:

  • The wSchemaVersion MUST NOT be less than 0x00020A.

  • If the dwNumEntries field is zero, the ORConditions field MUST be NULL, and if the dwNumEntries field is not zero, the ORConditions field MUST NOT be NULL.

  • The ORConditions field MUST have valid FW_QUERY_CONDITIONS elements.

  • If the query object is used for querying connection security rules, it MUST NOT have any conditions with matchKey equal to FW_MATCH_KEY_APP_PATH or FW_MATCH_KEY_SVC_NAME.

  • If the query object is being used for querying main mode rules, it MUST NOT have any conditions with matchKey equal to FW_MATCH_KEY_PROTOCOL, FW_MATCH_KEY_LOCAL_PORT, FW_MATCH_KEY_REMOTE_PORT, FW_MATCH_KEY_GROUP, or FW_MATCH_KEY_DIRECTION, or any of the match keys disallowed by connection security rules.

  • If the query object is being used for querying authentication or cryptographic sets, it MUST NOT have any conditions with matchKey equal to FW_MATCH_KEY_PROFILE or FW_MATCH_KEY_FILTERID, or any of the match keys disallowed by main mode rules.