FWPM_NET_EVENT_HEADER0
TOC
Collapse the table of content
Expand the table of content

FWPM_NET_EVENT_HEADER0 structure

The FWPM_NET_EVENT_HEADER0 structure contains information common to all events.

Note  FWPM_NET_EVENT_HEADER0 is the specific implementation of FWPM_NET_EVENT_HEADER available for Windows Vista and Windows 7. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 8, FWPM_NET_EVENT_HEADER2 is available.
 

Syntax


typedef struct FWPM_NET_EVENT_HEADER0_ {
  FILETIME       timeStamp;
  UINT32         flags;
  FWP_IP_VERSION ipVersion;
  UINT8          ipProtocol;
  union {
    UINT32           localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32           remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16         localPort;
  UINT16         remotePort;
  UINT32         scopeId;
  FWP_BYTE_BLOB  appId;
  SID            *userId;
} FWPM_NET_EVENT_HEADER0;

Members

timeStamp

A FILETIME structure that specifies the time the event occurred

flags

Flags indicating which of the following members are set. Unused fields must be zero-initialized.

Net event flagMeaning
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET

The ipProtocol member is set.

FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET

Either the localAddrV4 member or the localAddrV6 member is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET

Either the remoteAddrV4 member of the remoteAddrV6 field is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET

The localPort member is set.

FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET

The remotePort member is set.

FWPM_NET_EVENT_FLAG_APP_ID_SET

The appId member is set.

FWPM_NET_EVENT_FLAG_USER_ID_SET

The userId member is set.

FWPM_NET_EVENT_FLAG_SCOPE_ID_SET

The scopeId member is set.

FWPM_NET_EVENT_FLAG_IP_VERSION_SET

The ipVersion member is set.

 

ipVersion

A FWP_IP_VERSION value that specifies the IP version being used.

ipProtocol

IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.

localAddrV4

Specifies an IPv4 local address.

Available when ipVersion is FWP_IP_VERSION_V4.

localAddrV6

A FWP_BYTE_ARRAY16 that contains an IPv6 local address.

Available when ipVersion is FWP_IP_VERSION_V6.

remoteAddrV4

Specifies an IPv4 remote address.

Available when ipVersion is FWP_IP_VERSION_V4.

remoteAddrV6

A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.

Available when ipVersion is FWP_IP_VERSION_V6.

localPort

Specifies a local port.

remotePort

Specifies a remote port.

scopeId

IPv6 scope ID.

appId

A FWP_BYTE_BLOB that contains the application ID of the local application associated with the event.

userId

Contains a user ID that corresponds to the traffic.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Fwpmtypes.h

IDL

Fwpmtypes.idl

See also

Windows Filtering Platform API Structures
FILETIME
socket
FWP_BYTE_ARRAY16
FWP_BYTE_BLOB
FWP_IP_VERSION
FWPM_NET_EVENT0

 

 

Community Additions

ADD
Show:
© 2016 Microsoft