FWP_CLASSIFY_OPTION_TYPE enumeration

The FWP_CLASSIFY_OPTION_TYPE enumeration type specifies time-out options for unicast, multicast, and loose source mapping states and enables blocking or permission of state creation on outbound multicast and broadcast traffic.

Syntax


typedef enum FWP_CLASSIFY_OPTION_TYPE_ { 
  FWP_CLASSIFY_OPTION_MULTICAST_STATE                     = 0,
  FWP_CLASSIFY_OPTION_LOOSE_SOURCE_MAPPING,
  FWP_CLASSIFY_OPTION_UNICAST_LIFETIME,
  FWP_CLASSIFY_OPTION_MCAST_BCAST_LIFETIME,
  FWP_CLASSIFY_OPTION_SECURE_SOCKET_SECURITY_FLAGS,
  FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_MM_POLICY_KEY,
  FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_QM_POLICY_KEY,
  FWP_CLASSIFY_OPTION_MAX
} FWP_CLASSIFY_OPTION_TYPE;

Constants

FWP_CLASSIFY_OPTION_MULTICAST_STATE

Indicates that a multicast state is to be treated in a particular manner.

FWP_CLASSIFY_OPTION_LOOSE_SOURCE_MAPPING

Indicates that loose source mapping settings need to be applied for the current non-TCP connection. This option allows unicast responses from a remote peer to match only the port number, not the source address.

FWP_CLASSIFY_OPTION_UNICAST_LIFETIME

Indicates a modification to the lifetime of a unicast state for any traffic that matches this filter, ranging from its default (60 seconds) to some other value, in seconds.

FWP_CLASSIFY_OPTION_MCAST_BCAST_LIFETIME

Indicates a modification to the lifetime of a multicast and broadcast state for any traffic that matches this filter, from its default (3 seconds) to some other value, in seconds.

FWP_CLASSIFY_OPTION_SECURE_SOCKET_SECURITY_FLAGS

A bitmask that indicates the secure socket settings that a callout function can set on the endpoint. These settings are only allowed to increase the overall security level

This bitmask is specified through a bitwise OR of the following flags, which are defined in Mstcpip.h:

SOCKET_SETTINGS_GUARANTEE_ENCRYPTION

Indicates that guaranteed encryption of traffic is required. This flag should be set if the default policy prefers methods of protection that do not use encryption. If this flag is set and encryption is not possible for any reason, no packets will be sent and a connection will not be established.

SOCKET_SETTINGS_ALLOW_INSECURE

Indicates that clear text connections are allowed. If this flag is set, some or all of the sent packets will be sent in clear text, especially if security with the peer could not be negotiated.

Note  If this flag is not set, packets will never be sent in clear text, even if security negotiation fails.
 
Note  Available only in Windows 7 and Windows Server 2008 R2.
 
FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_MM_POLICY_KEY

Indicates that a callout function is allowed to specify the specific main mode (MM) policy used for the connection.

Note  Available only in Windows 7 and Windows Server 2008 R2.
 
FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_QM_POLICY_KEY

Indicates that a callout function is allowed to specify the specific quick mode (QM) policy used for the connection.

Note  Available only in Windows 7 and Windows Server 2008 R2.
 
FWP_CLASSIFY_OPTION_MAX

The maximum value for this enumeration. This value might change in future versions of the NDIS header files and binaries.

Requirements

Version

Supported starting with Windows Vista.

Header

Fwptypes.h (include Fwpsk.h)

 

 

Send comments about this topic to Microsoft

Show: