FWPM_NET_EVENT_HEADER0 structure (fwpmtypes.h)
The FWPM_NET_EVENT_HEADER0 structure contains information common to all events. FWPM_NET_EVENT_HEADER2 is available.
Syntax
typedef struct FWPM_NET_EVENT_HEADER0_ {
FILETIME timeStamp;
UINT32 flags;
FWP_IP_VERSION ipVersion;
UINT8 ipProtocol;
union {
UINT32 localAddrV4;
FWP_BYTE_ARRAY16 localAddrV6;
};
union {
UINT32 remoteAddrV4;
FWP_BYTE_ARRAY16 remoteAddrV6;
};
UINT16 localPort;
UINT16 remotePort;
UINT32 scopeId;
FWP_BYTE_BLOB appId;
SID *userId;
} FWPM_NET_EVENT_HEADER0;
Members
timeStamp
A FILETIME structure that specifies the time the event occurred
flags
Flags indicating which of the following members are set. Unused fields must be zero-initialized.
Net event flag | Meaning |
---|---|
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET | The ipProtocol member is set. |
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET | Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present. |
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET | Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present. |
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET | The localPort member is set. |
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET | The remotePort member is set. |
FWPM_NET_EVENT_FLAG_APP_ID_SET | The appId member is set. |
FWPM_NET_EVENT_FLAG_USER_ID_SET | The userId member is set. |
FWPM_NET_EVENT_FLAG_SCOPE_ID_SET | The scopeId member is set. |
FWPM_NET_EVENT_FLAG_IP_VERSION_SET | The ipVersion member is set. |
ipVersion
A FWP_IP_VERSION value that specifies the IP version being used.
ipProtocol
IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.
localAddrV4
Specifies an IPv4 local address.
Available when ipVersion is FWP_IP_VERSION_V4.
localAddrV6
A FWP_BYTE_ARRAY16 that contains an IPv6 local address.
Available when ipVersion is FWP_IP_VERSION_V6.
remoteAddrV4
Specifies an IPv4 remote address.
Available when ipVersion is FWP_IP_VERSION_V4.
remoteAddrV6
A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.
Available when ipVersion is FWP_IP_VERSION_V6.
localPort
Specifies a local port.
remotePort
Specifies a remote port.
scopeId
IPv6 scope ID.
appId
A FWP_BYTE_BLOB that contains the application ID of the local application associated with the event.
userId
Contains a user ID that corresponds to the traffic.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows Vista [desktop apps only] |
Minimum supported server | Windows Server 2008 [desktop apps only] |
Header | fwpmtypes.h |
See also
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for