FWPM_NET_EVENT_HEADER2 structure (fwpmtypes.h)
The FWPM_NET_EVENT_HEADER2 structure contains information common to all events. FWPM_NET_EVENT_HEADER0 is available.
Syntax
typedef struct FWPM_NET_EVENT_HEADER2_ {
FILETIME timeStamp;
UINT32 flags;
FWP_IP_VERSION ipVersion;
UINT8 ipProtocol;
union {
UINT32 localAddrV4;
FWP_BYTE_ARRAY16 localAddrV6;
};
union {
UINT32 remoteAddrV4;
FWP_BYTE_ARRAY16 remoteAddrV6;
};
UINT16 localPort;
UINT16 remotePort;
UINT32 scopeId;
FWP_BYTE_BLOB appId;
SID *userId;
FWP_AF addressFamily;
SID *packageSid;
} FWPM_NET_EVENT_HEADER2;
Members
timeStamp
Type: FILETIME
Time that the event occurred.
flags
Type: UINT32
Flags indicating which of the following members are set. Unused fields must be zero-initialized.
Net event flag | Meaning |
---|---|
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET | The ipProtocol member is set. |
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET | Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present. |
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET | Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present. |
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET | The localPort member is set. |
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET | The remotePort member is set. |
FWPM_NET_EVENT_FLAG_APP_ID_SET | The appId member is set. |
FWPM_NET_EVENT_FLAG_USER_ID_SET | The userId member is set. |
FWPM_NET_EVENT_FLAG_SCOPE_ID_SET | The scopeId member is set. |
FWPM_NET_EVENT_FLAG_IP_VERSION_SET | The ipVersion member is set. |
FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET | Indicates an existing connection was reauthorized. |
FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET | The packageSid member is set. |
ipVersion
Type: FWP_IP_VERSION
The IP version being used.
ipProtocol
Type: UINT8
The IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.
localAddrV4
Type: UINT32
The IPv4 local address.
Available when ipVersion is FWP_IP_VERSION_V4.
localAddrV6
Type: FWP_BYTE_ARRAY16
The IPv6 local address.
Available when ipVersion is FWP_IP_VERSION_V6.
remoteAddrV4
Type: UINT32
The IPv4 remote address.
Available when ipVersion is FWP_IP_VERSION_V4.
remoteAddrV6
Type: FWP_BYTE_ARRAY16
The IPv6 remote address.
Available when ipVersion is FWP_IP_VERSION_V6.
localPort
Type: UINT16
The local port.
remotePort
Type: UINT16
The remote port.
scopeId
Type: UINT32
The IPv6 scope ID.
appId
Type: FWP_BYTE_BLOB
The application ID of the local application associated with the event.
userId
Type: SID*
The user ID corresponding to the traffic.
addressFamily
Type: FWP_AF
A superset of non-Internet protocols.
Available when ipVersion is FWP_IP_VERSION_NONE.
packageSid
Type: SID*
The security identifier (SID) representing the package identifier (also referred to as the app container SID) intending to send or receive the network traffic.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows 8 [desktop apps only] |
Minimum supported server | Windows Server 2012 [desktop apps only] |
Header | fwpmtypes.h |
See also
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for