FWPM_NET_EVENT_HEADER2 structure (fwpmtypes.h)

The FWPM_NET_EVENT_HEADER2 structure contains information common to all events. FWPM_NET_EVENT_HEADER0 is available.

Syntax

typedef struct FWPM_NET_EVENT_HEADER2_ {
  FILETIME       timeStamp;
  UINT32         flags;
  FWP_IP_VERSION ipVersion;
  UINT8          ipProtocol;
  union {
    UINT32           localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32           remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16         localPort;
  UINT16         remotePort;
  UINT32         scopeId;
  FWP_BYTE_BLOB  appId;
  SID            *userId;
  FWP_AF         addressFamily;
  SID            *packageSid;
} FWPM_NET_EVENT_HEADER2;

Members

timeStamp

Type: FILETIME

Time that the event occurred.

flags

Type: UINT32

Flags indicating which of the following members are set. Unused fields must be zero-initialized.

Net event flag Meaning
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET The ipProtocol member is set.
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET The localPort member is set.
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET The remotePort member is set.
FWPM_NET_EVENT_FLAG_APP_ID_SET The appId member is set.
FWPM_NET_EVENT_FLAG_USER_ID_SET The userId member is set.
FWPM_NET_EVENT_FLAG_SCOPE_ID_SET The scopeId member is set.
FWPM_NET_EVENT_FLAG_IP_VERSION_SET The ipVersion member is set.
FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET Indicates an existing connection was reauthorized.
FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET The packageSid member is set.

ipVersion

Type: FWP_IP_VERSION

The IP version being used.

ipProtocol

Type: UINT8

The IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.

localAddrV4

Type: UINT32

The IPv4 local address.

Available when ipVersion is FWP_IP_VERSION_V4.

localAddrV6

Type: FWP_BYTE_ARRAY16

The IPv6 local address.

Available when ipVersion is FWP_IP_VERSION_V6.

remoteAddrV4

Type: UINT32

The IPv4 remote address.

Available when ipVersion is FWP_IP_VERSION_V4.

remoteAddrV6

Type: FWP_BYTE_ARRAY16

The IPv6 remote address.

Available when ipVersion is FWP_IP_VERSION_V6.

localPort

Type: UINT16

The local port.

remotePort

Type: UINT16

The remote port.

scopeId

Type: UINT32

The IPv6 scope ID.

appId

Type: FWP_BYTE_BLOB

The application ID of the local application associated with the event.

userId

Type: SID*

The user ID corresponding to the traffic.

addressFamily

Type: FWP_AF

A superset of non-Internet protocols.

Available when ipVersion is FWP_IP_VERSION_NONE.

packageSid

Type: SID*

The security identifier (SID) representing the package identifier (also referred to as the app container SID) intending to send or receive the network traffic.

Requirements

Requirement Value
Minimum supported client Windows 8 [desktop apps only]
Minimum supported server Windows Server 2012 [desktop apps only]
Header fwpmtypes.h

See also

FWP_AF

FWP_BYTE_ARRAY16

FWP_BYTE_BLOB

FWP_IP_VERSION