This documentation is archived and is not being maintained.

FirewallHook routine

An IPv6 firewall-hook driver's FirewallHook function examines IPv6 packets to determine if the packets are to be accepted or dropped.

Syntax


IPv6FirewallHookProc FirewallHook;

IPv6Action FirewallHook(
  _In_ const IPv6Addr      *SourceAddress,
  _In_ const IPv6Addr      *DestinationAddress,
  _In_       uint          PayloadLength,
  _In_       uchar         HeaderType,
  _In_ const uchar         *HeaderData,
  _In_ const void          *PacketContext,
  _In_       uint          DataLength,
  _In_       uint          InterfaceIndex,
  _In_       IPv6Direction Direction,
  _In_       BOOLEAN       IsLoopBack
)
{ ... }

Parameters

SourceAddress [in]

A pointer to an IPv6Addr structure that contains the packet's source address.

DestinationAddress [in]

A pointer to an IPv6Addr structure that contains the packet's destination address.

PayloadLength [in]

The size, in bytes, of the packet's payload, not including the IPv6 header.

HeaderType [in]

A value that specifies the transport layer header type. This value is the protocol number for the transport layer as specified in RFC 1700.

HeaderData [in]

A pointer to the transport layer header data. The contents of the transport layer header is transport-specific.

PacketContext [in]

A pointer to a context that describes the packet data. This context is opaque to the IPv6 firewall-hook driver. An IPv6 firewall-hook driver passes this pointer to the IPv6ObtainPacketData function in order to obtain the actual packet data.

DataLength [in]

The length, in bytes, of the packet data that is described by the PacketContext parameter.

InterfaceIndex [in]

The index of the network interface that the IPv6 packet is to be transmitted on or was received on.

Direction [in]

The direction of the IPv6 packet in the IPv6 network stack. This parameter will be one of the following values:

DirectionTransmit

The packet is to be transmitted to the network.

DirectionReceive

The packet was received from the network

IsLoopBack [in]

A Boolean value that indicates if the packet is being looped back. A packet that is looped back is one that is both transmitted and received locally.

Return value

An IPv6 firewall-hook driver's IPv6FirewallHook function must return one of the following values to indicate what action is to be taken on the packet:

Return codeDescription
ActionAccept

Accept the packet.

ActionDrop

Drop the packet.

 

Remarks

An IPv6 firewall-hook driver enables its FirewallHook function by calling the IPv6EnableFirewallHook function. After the IPv6 firewall-hook driver's FirewallHook function has been enabled, the IPv6 network stack calls the IPv6 firewall-hook driver's FirewallHook function with each received or transmitted IPv6 packet so that the IPv6 firewall-hook driver can determine if the packet is to be accepted or rejected.

An IPv6 firewall-hook driver disables its FirewallHook function by calling the IPv6DisableFirewallHook function.

If an IPv6 firewall-hook driver's FirewallHook function uses the packet data as criteria to determine whether a packet should be accepted or dropped, it must call the IPv6ObtainPacketData function to obtain a pointer to the packet data.

If an IPv6 firewall-hook driver's FirewallHook function uses the route to the packet's source address or destination address as criteria to determine if a packet should be accepted or dropped, it must call the IPv6GetBestRouteInfo function to obtain the route information.

The IPv6 network stack calls an IPv6 firewall-hook driver's FirewallHook function at any IRQL <= DISPATCH_LEVEL.

Requirements

Target platform

Desktop

Header

Ip6firewall.h (include Ip6firewall.h)

IRQL

<= DISPATCH_LEVEL (see Remarks section)

See also

IPv6DisableFirewallHook
IPv6EnableFirewallHook
IPv6GetBestRouteInfo
IPv6ObtainPacketData
IPv6Addr

 

 

Send comments about this topic to Microsoft

Show: