FWPM_NET_EVENT_HEADER2 structure

The FWPM_NET_EVENT_HEADER2 structure contains information common to all events.

Note  FWPM_NET_EVENT_HEADER2 is the specific implementation of FWPM_NET_EVENT_HEADER available for Windows 8. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows Vista and Windows 7, FWPM_NET_EVENT_HEADER0 is available.
 

Syntax


typedef struct FWPM_NET_EVENT_HEADER2_ {
  FILETIME       timeStamp;
  UINT32         flags;
  FWP_IP_VERSION ipVersion;
  UINT8          ipProtocol;
  union {
    UINT32           localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32           remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16         localPort;
  UINT16         remotePort;
  UINT32         scopeId;
  FWP_BYTE_BLOB  appId;
  SID            *userId;
  FWP_AF         addressFamily;
  SID            *packageSid;
} FWPM_NET_EVENT_HEADER2;

Members

timeStamp

Type: FILETIME

Time that the event occurred.

flags

Type: UINT32

Flags indicating which of the following members are set. Unused fields must be zero-initialized.

Net event flagMeaning
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET

The ipProtocol member is set.

FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET

Either the localAddrV4 or localAddrV6 member is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET

Either the remoteAddrV4 or remoteAddrV6 member is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET

The localPort member is set.

FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET

The remotePort member is set.

FWPM_NET_EVENT_FLAG_APP_ID_SET

The appId member is set.

FWPM_NET_EVENT_FLAG_USER_ID_SET

The userId member is set.

FWPM_NET_EVENT_FLAG_SCOPE_ID_SET

The scopeId member is set.

FWPM_NET_EVENT_FLAG_IP_VERSION_SET

The ipVersion member is set.

FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET

Indicates an existing connection was reauthorized.

FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET

The packageSid member is set.

 

ipVersion

Type: FWP_IP_VERSION

The IP version being used.

ipProtocol

Type: UINT8

The IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.

localAddrV4

Type: UINT32

The IPv4 local address.

Available when ipVersion is FWP_IP_VERSION_V4.

localAddrV6

Type: FWP_BYTE_ARRAY16

The IPv6 local address.

Available when ipVersion is FWP_IP_VERSION_V6.

remoteAddrV4

Type: UINT32

The IPv4 remote address.

Available when ipVersion is FWP_IP_VERSION_V4.

remoteAddrV6

Type: FWP_BYTE_ARRAY16

The IPv6 remote address.

Available when ipVersion is FWP_IP_VERSION_V6.

localPort

Type: UINT16

The local port.

remotePort

Type: UINT16

The remote port.

scopeId

Type: UINT32

The IPv6 scope ID.

appId

Type: FWP_BYTE_BLOB

The application ID of the local application associated with the event.

userId

Type: SID*

The user ID corresponding to the traffic.

addressFamily

Type: FWP_AF

A superset of non-Internet protocols.

Available when ipVersion is FWP_IP_VERSION_NONE.

packageSid

Type: SID*

The security identifier (SID) representing the package identifier (also referred to as the app container SID) intending to send or receive the network traffic.

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Header

Fwpmtypes.h

IDL

Fwpmtypes.idl

See also

FWP_IP_VERSION
FWP_AF
FWP_BYTE_ARRAY16
FWP_BYTE_BLOB

 

 

Show: