IPSEC_TRAFFIC0 (Compact 2013)

3/26/2014

This structure specifies parameters to describe IPSec traffic.

Syntax

typedef struct IPSEC_TRAFFIC0_ {
  FWP_IP_VERSION ipVersion;
  union {
    UINT32 localV4Address;
    UINT8 localV6Address[16];
  };
  union {
    UINT32 remoteV4Address;
    UINT8 remoteV6Address[16];
  };
  IPSEC_TRAFFIC_TYPE trafficType;
  union {
    UINT64 ipsecFilterId;
    UINT64 tunnelPolicyId;
  };
  UINT16 remotePort;
} IPSEC_TRAFFIC0;

Members

• ipVersion
  Internet Protocol (IP) version.

  See topic FWP_IP_VERSION for more information.

• localV4Address
  The local IPv4 address of the IPsec traffic.

  Specified when ipVersion is FWP_IP_VERSION_V4.

• localV6Address
  The local IPv6 address of the IPsec traffic.

  Specified when ipVersion is FWP_IP_VERSION_V6.

• remoteV4Address
  The remote IPv4 address of the IPsec traffic.

  Specified when ipVersion is FWP_IP_VERSION_V4.

• remoteV6Address
  The remote IPv6 address of the IPsec traffic.

  Specified when ipVersion is FWP_IP_VERSION_V6.

• trafficType
  Type of IPsec traffic.

  See topic IPSEC_TRAFFIC_TYPE for more information.

• ipsecFilterId
  The LUID of the FWPS transport layer filter corresponding to this traffic.

  Available if trafficType is IPSEC_TRAFFIC_TYPE_TRANSPORT.

• tunnelPolicyId
  The LUID of the associated QM tunnel policy.

  Available if trafficType is IPSEC_TRAFFIC_TYPE_TUNNEL.

• remotePort
  The remote TCP/UDP port for this traffic. This is used when the remote port condition in the transport layer filter is more generic than the actual remote port.

Remarks

The IPSEC_TRAFFIC0 type describes the characteristics of the traffic that will match the SA.

For IPSec transport mode, the localV*Address and remoteV*Address members specify the IP addresses. The ipsecFilterId member specifies (as part of the transport layer filter conditions) the transport protocol information (such as IP protocol, ports, etc), of the matching traffic. However, if the remotePort member is non-zero, its value will override the remote port specified in the transport layer filter.

For IPsec tunnel mode, the localV*Address and remoteV*Address members specify the outer IP header tunnel endpoints. The tunnelPolicyId member specifies (as part of the filter conditions specified via FwpmIPsecTunnelAdd0) the inner IP header addresses, transport protocol information, of the matching traffic. The remotePort member should not be specified for tunnel mode.

Requirements

Header

fwpmu.h

See Also

Reference

WFP IPsec Structures

Other Resources

Windows Filtering Platform