IPv6FirewallHookProcType callback function
An IPv6 firewall-hook driver's FirewallHook function examines IPv6 packets to determine if the packets are to be accepted or dropped.
Syntax
IPv6FirewallHookProcType FirewallHook;
IPv6Action FirewallHook(
_In_ const IPv6Addr *SourceAddress,
_In_ const IPv6Addr *DestinationAddress,
_In_ uint PayloadLength,
_In_ uchar HeaderType,
_In_ const uchar *HeaderData,
_In_ const void *PacketContext,
_In_ uint DataLength,
_In_ uint InterfaceIndex,
_In_ IPv6Direction Direction,
_In_ BOOLEAN IsLoopBack
)
{ ... }
Parameters
SourceAddress [in]
A pointer to an IPv6Addr structure that contains the packet's source address.DestinationAddress [in]
A pointer to an IPv6Addr structure that contains the packet's destination address.PayloadLength [in]
The size, in bytes, of the packet's payload, not including the IPv6 header.HeaderType [in]
A value that specifies the transport layer header type. This value is the protocol number for the transport layer as specified in RFC 1700.HeaderData [in]
A pointer to the transport layer header data. The contents of the transport layer header is transport-specific.PacketContext [in]
A pointer to a context that describes the packet data. This context is opaque to the IPv6 firewall-hook driver. An IPv6 firewall-hook driver passes this pointer to the IPv6ObtainPacketData function in order to obtain the actual packet data.DataLength [in]
The length, in bytes, of the packet data that is described by the PacketContext parameter.InterfaceIndex [in]
The index of the network interface that the IPv6 packet is to be transmitted on or was received on.Direction [in]
The direction of the IPv6 packet in the IPv6 network stack. This parameter will be one of the following values:DirectionTransmit
The packet is to be transmitted to the network.DirectionReceive
The packet was received from the network
IsLoopBack [in]
A Boolean value that indicates if the packet is being looped back. A packet that is looped back is one that is both transmitted and received locally.
Return value
An IPv6 firewall-hook driver's IPv6FirewallHook function must return one of the following values to indicate what action is to be taken on the packet:
| Return code | Description |
|---|---|
| ActionAccept | Accept the packet. |
| ActionDrop | Drop the packet. |
Remarks
An IPv6 firewall-hook driver enables its FirewallHook function by calling the IPv6EnableFirewallHook function. After the IPv6 firewall-hook driver's FirewallHook function has been enabled, the IPv6 network stack calls the IPv6 firewall-hook driver's FirewallHook function with each received or transmitted IPv6 packet so that the IPv6 firewall-hook driver can determine if the packet is to be accepted or rejected.
An IPv6 firewall-hook driver disables its FirewallHook function by calling the IPv6DisableFirewallHook function.
If an IPv6 firewall-hook driver's FirewallHook function uses the packet data as criteria to determine whether a packet should be accepted or dropped, it must call the IPv6ObtainPacketData function to obtain a pointer to the packet data.
If an IPv6 firewall-hook driver's FirewallHook function uses the route to the packet's source address or destination address as criteria to determine if a packet should be accepted or dropped, it must call the IPv6GetBestRouteInfo function to obtain the route information.
The IPv6 network stack calls an IPv6 firewall-hook driver's FirewallHook function at any IRQL <= DISPATCH_LEVEL.
Requirements
Target platform |
Desktop |
Header |
Ip6firewall.h (include Ip6firewall.h) |
IRQL |
<= DISPATCH_LEVEL (see Remarks section) |
See also