FWPM_NET_EVENT_HEADER0 structure (fwpmtypes.h)

The FWPM_NET_EVENT_HEADER0 structure contains information common to all events. FWPM_NET_EVENT_HEADER2 is available.

Syntax

typedef struct FWPM_NET_EVENT_HEADER0_ {
  FILETIME       timeStamp;
  UINT32         flags;
  FWP_IP_VERSION ipVersion;
  UINT8          ipProtocol;
  union {
    UINT32           localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32           remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16         localPort;
  UINT16         remotePort;
  UINT32         scopeId;
  FWP_BYTE_BLOB  appId;
  SID            *userId;
} FWPM_NET_EVENT_HEADER0;

Members

timeStamp

A FILETIME structure that specifies the time the event occurred

flags

Flags indicating which of the following members are set. Unused fields must be zero-initialized.

Net event flag Meaning
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET The ipProtocol member is set.
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET The localPort member is set.
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET The remotePort member is set.
FWPM_NET_EVENT_FLAG_APP_ID_SET The appId member is set.
FWPM_NET_EVENT_FLAG_USER_ID_SET The userId member is set.
FWPM_NET_EVENT_FLAG_SCOPE_ID_SET The scopeId member is set.
FWPM_NET_EVENT_FLAG_IP_VERSION_SET The ipVersion member is set.

ipVersion

A FWP_IP_VERSION value that specifies the IP version being used.

ipProtocol

IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.

localAddrV4

Specifies an IPv4 local address.

Available when ipVersion is FWP_IP_VERSION_V4.

localAddrV6

A FWP_BYTE_ARRAY16 that contains an IPv6 local address.

Available when ipVersion is FWP_IP_VERSION_V6.

remoteAddrV4

Specifies an IPv4 remote address.

Available when ipVersion is FWP_IP_VERSION_V4.

remoteAddrV6

A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.

Available when ipVersion is FWP_IP_VERSION_V6.

localPort

Specifies a local port.

remotePort

Specifies a remote port.

scopeId

IPv6 scope ID.

appId

A FWP_BYTE_BLOB that contains the application ID of the local application associated with the event.

userId

Contains a user ID that corresponds to the traffic.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header fwpmtypes.h

See also

FILETIME

FWPM_NET_EVENT0

FWP_BYTE_ARRAY16

FWP_BYTE_BLOB

FWP_IP_VERSION

Windows Filtering Platform API Structures

socket