FWPM_NET_EVENT_HEADER1
TOC
Collapse the table of content
Expand the table of content

FWPM_NET_EVENT_HEADER1 structure

The FWPM_NET_EVENT_HEADER1 structure contains information common to all events. Reserved.

Note  FWPM_NET_EVENT_HEADER1 is a specific implementation of FWPM_NET_EVENT_HEADER that is reserved for system use. For Windows Vista and Windows 7, FWPM_NET_EVENT_HEADER0 is available. For Windows 8, FWPM_NET_EVENT_HEADER2 is available.
 

Syntax


typedef struct FWPM_NET_EVENT_HEADER1_ {
  FILETIME       timeStamp;
  UINT32         flags;
  FWP_IP_VERSION ipVersion;
  UINT8          ipProtocol;
  union {
    UINT32           localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32           remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16         localPort;
  UINT16         remotePort;
  UINT32         scopeId;
  FWP_BYTE_BLOB  appId;
  SID            *userId;
  union {
    struct {
      FWP_AF reserved1;
      union {
        struct {
          FWP_BYTE_ARRAY6        reserved2;
          FWP_BYTE_ARRAY6        reserved3;
          DL_ADDRESS_TYPE        reserved4;
          FWP_ETHER_ENCAP_METHOD reserved5;
          UINT16                 reserved6;
          UINT32                 reserved7;
          UINT32                 reserved8;
          UINT16                 reserved9;
          UINT64                 reserved10;
        };
      };
    };
  };
} FWPM_NET_EVENT_HEADER1;

Members

timeStamp

A FILETIME structure that specifies the time the event occurred.

flags

Flags indicating which of the following members are set. Unused fields must be zero-initialized.

Net event flagMeaning
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET

The ipProtocol member is set.

FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET

Either the localAddrV4, localAddrV6, or dstAddrEth member is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET

Either the remoteAddrV4, remoteAddrV6, or srcAddrEth field is set.

Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET

The localPort member is set.

FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET

The remotePort member is set.

FWPM_NET_EVENT_FLAG_APP_ID_SET

The appId member is set.

FWPM_NET_EVENT_FLAG_USER_ID_SET

The userId member is set.

FWPM_NET_EVENT_FLAG_SCOPE_ID_SET

The scopeId member is set.

FWPM_NET_EVENT_FLAG_IP_VERSION_SET

The ipVersion member is set.

 

ipVersion

An FWP_IP_VERSION value that specifies the IP version being used.

ipProtocol

IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.

localAddrV4

Specifies an IPv4 local address.

Available when ipVersion is FWP_IP_VERSION_V4.

localAddrV6

A FWP_BYTE_ARRAY16 structure that specifies an IPv6 local address.

Available when ipVersion is FWP_IP_VERSION_V6.

remoteAddrV4

Specifies an IPv4 remote address.

Available when ipVersion is FWP_IP_VERSION_V4.

remoteAddrV6

An FWP_BYTE_ARRAY16 structure that specifies an IPv6 remote address.

Available when ipVersion is FWP_IP_VERSION_V6.

localPort

Specifies a local port.

remotePort

Specifies a remote port.

scopeId

IPv6 scope ID.

appId

An FWP_BYTE_BLOB that specifies the application ID of the local application associated with the event.

userId

Contains a user ID that corresponds to the traffic.

reserved1

Specifies a superset of non-Internet protocols.

Available when ipVersion is FWP_IP_VERSION_NONE.

( unnamed struct )

Specifies details related to Ethernet traffic.

Available when addressFamily is FWP_AF_ETHER.

reserved2

A FWP_BYTE_ARRAY6 structure.

reserved3

A FWP_BYTE_ARRAY6 structure.

reserved4

A DL_ADDRESS_TYPE enumeration.

reserved5

A FWP_ETHER_ENCAP_METHOD enumeration.

reserved6

Indicates which protocol is encapsulated in the frame data.

reserved7

The SNAP (IEEE 802.2) DSAP, SSAP, and Control fields marshaled into a 32-bit value.

reserved8

The SNAP (IEEE 802.2) Organizationally Unique Identifier (OUI) marshaled into a 32-bit value.

reserved9

The VLAN (802.1p/q) VID, CFI, and Priority bits marshaled into a 16-bit value.

reserved10

The interface LUID corresponding to the network interface with which this packet is associated.

Remarks

This structure is reserved for system use. FWPM_NET_EVENT_HEADER0 or FWPM_NET_EVENT_HEADER2 should be used in place of FWPM_NET_EVENT_HEADER1.

Requirements

Minimum supported client

Windows 7 [desktop apps only]

Minimum supported server

Windows Server 2008 R2 [desktop apps only]

Header

Fwpmtypes.h

IDL

Fwpmtypes.idl

See also

FWPM_NET_EVENT_HEADER0
FWPM_NET_EVENT_HEADER2

 

 

Community Additions

ADD
Show:
© 2016 Microsoft