FWPM_NET_EVENT_HEADER1 structure

The FWPM_NET_EVENT_HEADER1 structure contains information common to all events. Reserved.

Note  FWPM_NET_EVENT_HEADER1 is a specific implementation of FWPM_NET_EVENT_HEADER that is reserved for system use. For Windows Vista and Windows 7, FWPM_NET_EVENT_HEADER0 is available. For Windows 8, FWPM_NET_EVENT_HEADER2 is available.
 

Syntax

typedef struct FWPM_NET_EVENT_HEADER1_ {
  FILETIME       timeStamp;
  UINT32         flags;
  FWP_IP_VERSION ipVersion;
  UINT8          ipProtocol;
  union {
    UINT32           localAddrV4;
    FWP_BYTE_ARRAY16 localAddrV6;
  };
  union {
    UINT32           remoteAddrV4;
    FWP_BYTE_ARRAY16 remoteAddrV6;
  };
  UINT16         localPort;
  UINT16         remotePort;
  UINT32         scopeId;
  FWP_BYTE_BLOB  appId;
  SID            *userId;
  union {
    struct {
      FWP_AF reserved1;
      union {
        struct {
          FWP_BYTE_ARRAY6 reserved2;
          FWP_BYTE_ARRAY6 reserved3;
          UINT32          reserved4;
          UINT32          reserved5;
          UINT16          reserved6;
          UINT32          reserved7;
          UINT32          reserved8;
          UINT16          reserved9;
          UINT64          reserved10;
        };
      };
    };
  };
} FWPM_NET_EVENT_HEADER1;

Members

timeStamp

A FILETIME structure that specifies the time the event occurred.

flags

Flags indicating which of the following members are set. Unused fields must be zero-initialized.

Net event flag Meaning
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
The ipProtocol member is set.
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
Either the localAddrV4, localAddrV6, or dstAddrEth member is set.
Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
Either the remoteAddrV4, remoteAddrV6, or srcAddrEth field is set.
Note  If this flag is present, FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
 
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
The localPort member is set.
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
The remotePort member is set.
FWPM_NET_EVENT_FLAG_APP_ID_SET
The appId member is set.
FWPM_NET_EVENT_FLAG_USER_ID_SET
The userId member is set.
FWPM_NET_EVENT_FLAG_SCOPE_ID_SET
The scopeId member is set.
FWPM_NET_EVENT_FLAG_IP_VERSION_SET
The ipVersion member is set.

ipVersion

An FWP_IP_VERSION value that specifies the IP version being used.

ipProtocol

IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.

__unnamed_union_001e_9

__unnamed_union_001e_9.localAddrV4

__unnamed_union_001e_9.localAddrV6

__unnamed_union_001e_10

__unnamed_union_001e_10.remoteAddrV4

__unnamed_union_001e_10.remoteAddrV6

localPort

Specifies a local port.

remotePort

Specifies a remote port.

scopeId

IPv6 scope ID.

appId

An FWP_BYTE_BLOB that specifies the application ID of the local application associated with the event.

userId

Contains a user ID that corresponds to the traffic.

__unnamed_union_001e_11

__unnamed_union_001e_11.__unnamed_struct_0

__unnamed_union_001e_11.__unnamed_struct_0.reserved1

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved2

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved3

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved4

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved5

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved6

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved7

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved8

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved9

__unnamed_union_001e_11.__unnamed_struct_0.__unnamed_union_001e_13.__unnamed_struct_1.reserved10

Remarks

This structure is reserved for system use. FWPM_NET_EVENT_HEADER0 or FWPM_NET_EVENT_HEADER2 should be used in place of FWPM_NET_EVENT_HEADER1.

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header fwpmtypes.h

See Also

FWPM_NET_EVENT_HEADER0

FWPM_NET_EVENT_HEADER2