How can I ensure that I bind() to and listen() on a “private”, rather than “public” network?

Question

In my C program foo.exe, I create a TCP socket using winsock2, bind() it to a specific port and listen() for incoming connections. Windows 10 throws up its firewall dialog and asks me if I want to allow foo.exe to receive connections (a) over private networks, and (b) over public networks. The "network" in question is a peer-to-peer link-local ethernet connection to a device.so I would certainly think of it as private rather than public. However, the data only gets through if I tell the firewall to allow "public". I would like to get it to work with just the "private" level of unblocking.

What is the programmer's interface (if any) to determining whether a socket is on a "private" or "public" network in the Windows-Firewall sense? I expected perhaps to see a way of querying this in the IP_ADAPTER_UNICAST_ADDRESS_LH specification, but I don't find anything.

I understand that public/private is a property of the network rather than the socket (and even found a way of changing that via PowerShell here), but I guess I need to consider this to be outside the control of my program. I would settle for my program being able to determine, for each adapter returned by GetAdaptersAddresses(), whether the network is public or private.

Answer 1

You can use the Network List Manager COM INetwork interface to determine if networks are public or private. This is returned by calling the INetwork::GetCategory method. Also, you can obtain a GUID from the INetworkConnection interface that can be matched with AdapterName field of the IP_ADAPTER_ADDRESSES structs returned from a call to GetAdapterAddresses(). The INetworkConnection::GetAdapterId method will return the info to use for matching.