/* Copyright (c) Microsoft Corporation SYNOPSIS Defines data types used by the management portion of the FWP API. */ import "fwptypes.idl"; import "iketypes.idl"; import "ipsectypes.idl"; cpp_quote("#if _MSC_VER >= 800") cpp_quote("#if _MSC_VER >= 1200") cpp_quote("#pragma warning(push)") cpp_quote("#endif") cpp_quote("#pragma warning(disable:4201)") cpp_quote("#endif") // // Need a cleaner way to import DL_ADDRESS_TYPE into this space. // cpp_quote("#ifndef _DEFINE_DL_ADDRESS_TYPE_") cpp_quote("#define _DEFINE_DL_ADDRESS_TYPE_") // // DL_ADDRESS_TYPE // // Define datalink layer address types. // typedef [v1_enum] enum { DlUnicast, DlMulticast, DlBroadcast } DL_ADDRESS_TYPE, *PDL_ADDRESS_TYPE; cpp_quote("#endif") /////////////////////////////////////////////////////////////////////////////// // // Common data types. // /////////////////////////////////////////////////////////////////////////////// // Stores an optional friendly name and description for an object. In order to // support MUI, both strings may contain indirect strings (see // SHLoadIndirectString for details). typedef struct FWPM_DISPLAY_DATA0_ { [string, unique] wchar_t* name; [string, unique] wchar_t* description; } FWPM_DISPLAY_DATA0; // Used when dispatching change notifications to subscribers. typedef [v1_enum] enum FWPM_CHANGE_TYPE_ { FWPM_CHANGE_ADD = 1, FWPM_CHANGE_DELETE, FWPM_CHANGE_TYPE_MAX } FWPM_CHANGE_TYPE; // Flags used to indicate which notifications a subscriber wishes to receive. cpp_quote("#define FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD (0x00000001)") cpp_quote("#define FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE (0x00000002)") /////////////////////////////////////////////////////////////////////////////// // // Types for managing the engine. // /////////////////////////////////////////////////////////////////////////////// // Service state. typedef enum FWPM_SERVICE_STATE_ { FWPM_SERVICE_STOPPED, FWPM_SERVICE_START_PENDING, FWPM_SERVICE_STOP_PENDING, FWPM_SERVICE_RUNNING, FWPM_SERVICE_STATE_MAX } FWPM_SERVICE_STATE; // Keywords used for finer control of net event collection. cpp_quote("#define FWPM_NET_EVENT_KEYWORD_INBOUND_MCAST (0x00000001)") cpp_quote("#define FWPM_NET_EVENT_KEYWORD_INBOUND_BCAST (0x00000002)") // Configurable options for the filter engine. typedef enum FWPM_ENGINE_OPTION_ { // FWP_UINT32 - if non-zero, FWPM_NET_EVENT0s will be collected. FWPM_ENGINE_COLLECT_NET_EVENTS, // FWP_UINT32 - enables collection of FWPM_NET_EVENT0s with any of the given // keywords. FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDS, // FWP_UINT32 - enables name caching FWPM_ENGINE_NAME_CACHE, // Not a valid option -- used for parameter validation only. FWPM_ENGINE_OPTION_MAX } FWPM_ENGINE_OPTION; // When this flag is set, any objects added during the session are // automatically deleted when the session ends. cpp_quote("#define FWPM_SESSION_FLAG_DYNAMIC (0x00000001)") cpp_quote("#if (NTDDI_VERSION >= NTDDI_WIN7)") // Reserved for system use cpp_quote("#define FWPM_SESSION_FLAG_RESERVED (0x10000000)") cpp_quote("#endif // (NTDDI_VERSION >= NTDDI_WIN7)") // Stores the state associated with a client session. typedef struct FWPM_SESSION0_ { // Information supplied when creating a session. // Uniquely identifies the session. If the GUID is zero-initialized in the // call to Add, BFE will generate one. GUID sessionKey; // Allows sessions to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Time in msec that client will wait to begin a transaction. If zero, a // default timeout will be used. UINT32 txnWaitTimeoutInMSec; // Additional information returned when getting/enumerating sessions. // Process ID of the client. DWORD processId; // SID of the client. [unique] SID* sid; // Username of the client. [string, unique] wchar_t* username; // TRUE if this is a kernel-mode client. BOOL kernelMode; } FWPM_SESSION0; // Used for enumerating sessions. Currently, there is no way to limit the // enumeration -- all sessions are returned. typedef struct FWPM_SESSION_ENUM_TEMPLATE0_ { // Reserved for system use. UINT64 reserved; } FWPM_SESSION_ENUM_TEMPLATE0; /////////////////////////////////////////////////////////////////////////////// // // Types for managing providers. // /////////////////////////////////////////////////////////////////////////////// // Object is persistent, i.e., it survives across BFE stop/start. cpp_quote("#define FWPM_PROVIDER_FLAG_PERSISTENT (0x00000001)") // Provider's filters were disabled at BFE start because the associated Windows // service wasn't set to auto start. This flag is ignored when adding new // providers. cpp_quote("#define FWPM_PROVIDER_FLAG_DISABLED (0x00000010)") // Stores the state associated with a policy provider. typedef struct FWPM_PROVIDER0_ { // Uniquely identifies the provider. If the GUID is zero-initialized in the // call to Add, BFE will generate one. GUID providerKey; // Allows providers to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Optional provider-specific data; allows providers to store additional // context info with the object. FWP_BYTE_BLOB providerData; // Optional name of the Windows service hosting the provider. This allows // BFE to detect that a provider has been disabled. [string, unique] wchar_t* serviceName; } FWPM_PROVIDER0; // Used for enumerating providers. Currently, there is no way to limit the // enumeration -- all providers are returned. typedef struct FWPM_PROVIDER_ENUM_TEMPLATE0_ { // Reserved for system use. UINT64 reserved; } FWPM_PROVIDER_ENUM_TEMPLATE0; // Change notification dispatched to subscribers. typedef struct FWPM_PROVIDER_CHANGE0_ { // Type of change. FWPM_CHANGE_TYPE changeType; // GUID of the provider that changed. GUID providerKey; } FWPM_PROVIDER_CHANGE0; // Used to subscribe for change notifications. typedef struct FWPM_PROVIDER_SUBSCRIPTION0_ { // Information supplied when subscribing. // Notifications are only dispatched for objects that match the template. If // the template is NULL, it matches all objects. [unique] FWPM_PROVIDER_ENUM_TEMPLATE0* enumTemplate; // Flags -- see FWPM_SUBSCRIPTION_FLAG_XXX above. UINT32 flags; // Additional information returned when getting subscriptions. // Owning session. GUID sessionKey; } FWPM_PROVIDER_SUBSCRIPTION0; /////////////////////////////////////////////////////////////////////////////// // // Types for managing provider contexts. // /////////////////////////////////////////////////////////////////////////////// // Object is persistent, i.e., it survives across BFE stop/start. cpp_quote("#define FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT (0x00000001)") typedef struct FWPM_CLASSIFY_OPTION0_ { FWP_CLASSIFY_OPTION_TYPE type; FWP_VALUE0 value; } FWPM_CLASSIFY_OPTION0; typedef struct FWPM_CLASSIFY_OPTIONS0_ { UINT32 numOptions; [size_is(numOptions), ref] FWPM_CLASSIFY_OPTION0* options; } FWPM_CLASSIFY_OPTIONS0; // Types of provider contexts that may be stored in BFE. typedef [v1_enum] enum FWPM_PROVIDER_CONTEXT_TYPE_ { FWPM_IPSEC_KEYING_CONTEXT, FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT, FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT, FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT, FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT, FWPM_IPSEC_IKE_MM_CONTEXT, FWPM_IPSEC_AUTHIP_MM_CONTEXT, FWPM_CLASSIFY_OPTIONS_CONTEXT, FWPM_GENERAL_CONTEXT, FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT, FWPM_IPSEC_IKEV2_MM_CONTEXT, FWPM_IPSEC_DOSP_CONTEXT, FWPM_PROVIDER_CONTEXT_TYPE_MAX } FWPM_PROVIDER_CONTEXT_TYPE; // Stores the state associated with a provider context. typedef struct FWPM_PROVIDER_CONTEXT0_ { // Information supplied when adding objects. // Uniquely identifies the provider context. If the GUID is zero-initialized // in the call to Add, BFE will generate one. GUID providerContextKey; // Allows provider contexts to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Optional GUID of the policy provider that manages this object. [unique] GUID* providerKey; // Optional provider-specific data; allows providers to store additional // context info with the object. FWP_BYTE_BLOB providerData; // Tagged union containing the provider-specific data. FWPM_PROVIDER_CONTEXT_TYPE type; [switch_type(FWPM_PROVIDER_CONTEXT_TYPE), switch_is(type)] union { [case(FWPM_IPSEC_KEYING_CONTEXT)] [unique] IPSEC_KEYING_POLICY0* keyingPolicy; [case(FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT)] [unique] IPSEC_TRANSPORT_POLICY0* ikeQmTransportPolicy; [case(FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT)] [unique] IPSEC_TUNNEL_POLICY0* ikeQmTunnelPolicy; [case(FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT)] [unique] IPSEC_TRANSPORT_POLICY0* authipQmTransportPolicy; [case(FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT)] [unique] IPSEC_TUNNEL_POLICY0* authipQmTunnelPolicy; [case(FWPM_IPSEC_IKE_MM_CONTEXT)] [unique] IKEEXT_POLICY0* ikeMmPolicy; [case(FWPM_IPSEC_AUTHIP_MM_CONTEXT)] [unique] IKEEXT_POLICY0* authIpMmPolicy; [case(FWPM_GENERAL_CONTEXT)] [unique] FWP_BYTE_BLOB* dataBuffer; [case(FWPM_CLASSIFY_OPTIONS_CONTEXT)] [unique] FWPM_CLASSIFY_OPTIONS0* classifyOptions; [default]; }; // Additional information returned when getting/enumerating objects. // LUID identifying the context. This is the context value stored in the // FWPS_FILTER for filters that reference a provider context. UINT64 providerContextId; } FWPM_PROVIDER_CONTEXT0; cpp_quote("#if (NTDDI_VERSION >= NTDDI_WIN7)") // Version-1 of type that stores the state associated with a provider context. typedef struct FWPM_PROVIDER_CONTEXT1_ { // Information supplied when adding objects. // Uniquely identifies the provider context. If the GUID is zero-initialized // in the call to Add, BFE will generate one. GUID providerContextKey; // Allows provider contexts to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Optional GUID of the policy provider that manages this object. [unique] GUID* providerKey; // Optional provider-specific data; allows providers to store additional // context info with the object. FWP_BYTE_BLOB providerData; // Tagged union containing the provider-specific data. FWPM_PROVIDER_CONTEXT_TYPE type; [switch_type(FWPM_PROVIDER_CONTEXT_TYPE), switch_is(type)] union { [case(FWPM_IPSEC_KEYING_CONTEXT)] [unique] IPSEC_KEYING_POLICY0* keyingPolicy; [case(FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT)] [unique] IPSEC_TRANSPORT_POLICY1* ikeQmTransportPolicy; [case(FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT)] [unique] IPSEC_TUNNEL_POLICY1* ikeQmTunnelPolicy; [case(FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT)] [unique] IPSEC_TRANSPORT_POLICY1* authipQmTransportPolicy; [case(FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT)] [unique] IPSEC_TUNNEL_POLICY1* authipQmTunnelPolicy; [case(FWPM_IPSEC_IKE_MM_CONTEXT)] [unique] IKEEXT_POLICY1* ikeMmPolicy; [case(FWPM_IPSEC_AUTHIP_MM_CONTEXT)] [unique] IKEEXT_POLICY1* authIpMmPolicy; [case(FWPM_GENERAL_CONTEXT)] [unique] FWP_BYTE_BLOB* dataBuffer; [case(FWPM_CLASSIFY_OPTIONS_CONTEXT)] [unique] FWPM_CLASSIFY_OPTIONS0* classifyOptions; [case(FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT)] [unique] IPSEC_TUNNEL_POLICY1* ikeV2QmTunnelPolicy; [case(FWPM_IPSEC_IKEV2_MM_CONTEXT)] [unique] IKEEXT_POLICY1* ikeV2MmPolicy; [case(FWPM_IPSEC_DOSP_CONTEXT)] [unique] IPSEC_DOSP_OPTIONS0* idpOptions; }; // Additional information returned when getting/enumerating objects. // LUID identifying the context. This is the context value stored in the // FWPS_FILTER for filters that reference a provider context. UINT64 providerContextId; } FWPM_PROVIDER_CONTEXT1; cpp_quote("#endif // (NTDDI_VERSION >= NTDDI_WIN7)") // Used for enumerating provider contexts. typedef struct FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0_ { // If non-null, only objects associated with the specified provider will be // returned. [unique] GUID* providerKey; // Only return provider contexts of the specified type. FWPM_PROVIDER_CONTEXT_TYPE providerContextType; } FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0; // Change notification dispatched to subscribers. typedef struct FWPM_PROVIDER_CONTEXT_CHANGE0_ { // Type of change. FWPM_CHANGE_TYPE changeType; // GUID of the provider context that changed. GUID providerContextKey; // LUID of the provider context that changed. UINT64 providerContextId; } FWPM_PROVIDER_CONTEXT_CHANGE0; // Used to subscribe for change notifications. typedef struct FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0_ { // Information supplied when subscribing. // Notifications are only dispatched for objects that match the template. If // the template is NULL, it matches all objects. [unique] FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0* enumTemplate; // Flags -- see FWPM_SUBSCRIPTION_FLAG_XXX above. UINT32 flags; // Additional information returned when getting subscriptions. // Owning session. GUID sessionKey; } FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0; /////////////////////////////////////////////////////////////////////////////// // // Types for managing sublayers. // /////////////////////////////////////////////////////////////////////////////// // Object is persistent, i.e., it survives across BFE stop/start. cpp_quote("#define FWPM_SUBLAYER_FLAG_PERSISTENT (0x00000001)") // Stores the state associated with a sublayer. typedef struct FWPM_SUBLAYER0_ { // Information supplied when adding objects. // Uniquely identifies the sublayer. If the GUID is zero-initialized in the // call to Add, BFE will generate one. GUID subLayerKey; // Allows sublayers to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Optional GUID of the policy provider that manages this object. [unique] GUID* providerKey; // Optional provider-specific data; allows providers to store additional // context info with the object. FWP_BYTE_BLOB providerData; // Weight of the sublayer. Higher weighted sublayers are invoked first. UINT16 weight; } FWPM_SUBLAYER0; // Used for enumerating sublayers. typedef struct FWPM_SUBLAYER_ENUM_TEMPLATE0_ { // If non-null, only objects associated with the specified provider will be // returned. [unique] GUID* providerKey; } FWPM_SUBLAYER_ENUM_TEMPLATE0; // Change notification dispatched to subscribers. typedef struct FWPM_SUBLAYER_CHANGE0_ { // Type of change. FWPM_CHANGE_TYPE changeType; // GUID of the sublayer that changed. GUID subLayerKey; } FWPM_SUBLAYER_CHANGE0; // Used to subscribe for change notifications. typedef struct FWPM_SUBLAYER_SUBSCRIPTION0_ { // Information supplied when subscribing. // Notifications are only dispatched for objects that match the template. If // the template is NULL, it matches all objects. [unique] FWPM_SUBLAYER_ENUM_TEMPLATE0* enumTemplate; // Flags -- see FWPM_SUBSCRIPTION_FLAG_XXX above. UINT32 flags; // Additional information returned when getting subscriptions. // Owning session. GUID sessionKey; } FWPM_SUBLAYER_SUBSCRIPTION0; /////////////////////////////////////////////////////////////////////////////// // // Types for managing layers. // /////////////////////////////////////////////////////////////////////////////// ////////// // Flags specifying layer characteristics. ////////// // The layer is classified in kernel-mode. cpp_quote("#define FWPM_LAYER_FLAG_KERNEL (0x00000001)") // The layer is built-in and can't be deleted. cpp_quote("#define FWPM_LAYER_FLAG_BUILTIN (0x00000002)") // The layer is optimized for classification as opposed to enumeration. cpp_quote("#define FWPM_LAYER_FLAG_CLASSIFY_MOSTLY (0x00000004)") // The layer is buffered. cpp_quote("#define FWPM_LAYER_FLAG_BUFFERED (0x00000008)") // Provides additional information about how the field's data should be // interpreted. typedef [v1_enum] enum FWPM_FIELD_TYPE_ { // Value contains plain old data. FWPM_FIELD_RAW_DATA, // Value contains an IP address. FWPM_FIELD_IP_ADDRESS, // Value contains flags. FWPM_FIELD_FLAGS, FWPM_FIELD_TYPE_MAX } FWPM_FIELD_TYPE; // Schema information for a field. typedef struct FWPM_FIELD0_ { // Uniquely identifies the field. [ref] GUID* fieldKey; // Determines how dataType is interpreted. FWPM_FIELD_TYPE type; // Data type passed to classify. FWP_DATA_TYPE dataType; } FWPM_FIELD0; // Schema information for a layer. typedef struct FWPM_LAYER0_ { // Uniquely identifies the layer. GUID layerKey; // Allows layers to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Number of fields in the layer. UINT32 numFields; // Schema information for the layer's fields. [size_is(numFields), ref] FWPM_FIELD0* field; // Sub-layer used when a filter is added with a null sublayer. GUID defaultSubLayerKey; // LUID identifying the layer. UINT16 layerId; } FWPM_LAYER0; // Used for enumerating layers. Currently, there is no way to limit the // enumeration -- all layers are returned. typedef struct FWPM_LAYER_ENUM_TEMPLATE0_ { // Reserved for system use. UINT64 reserved; } FWPM_LAYER_ENUM_TEMPLATE0; /////////////////////////////////////////////////////////////////////////////// // // Types for managing callouts. // /////////////////////////////////////////////////////////////////////////////// // Object is persistent, i.e., it survives across BFE stop/start. cpp_quote("#define FWPM_CALLOUT_FLAG_PERSISTENT (0x00010000)") // The callout needs access to the provider context stored in the filter // invoking the callout. If this flag is set, the provider context will be // copied from the FWPM_FILTER to the FWPS_FILTER struct. cpp_quote("#define FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT (0x00020000)") // Callout is currently registered in kernel. This flag must not be set when // adding new callouts. It is only used when querying the state of existing // callouts. cpp_quote("#define FWPM_CALLOUT_FLAG_REGISTERED (0x00040000)") // Stores the state associated with a callout. typedef struct FWPM_CALLOUT0_ { // Information supplied when adding objects. // Uniquely identifies the session. If the GUID is zero-initialized in the // call to Add, BFE will generate one. GUID calloutKey; // Allows callouts to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Optional GUID of the policy provider that manages this object. [unique] GUID* providerKey; // Optional provider-specific data; allows providers to store additional // context info with the object. FWP_BYTE_BLOB providerData; // Only filters in this layer are allowed to invoke the callout. GUID applicableLayer; // Additional information returned when getting/enumerating objects. // LUID identifying the callout. This is the calloutId stored in the // FWPS_ACTION0 for filters that invoke a callout. UINT32 calloutId; } FWPM_CALLOUT0; // Used for enumerating callouts. typedef struct FWPM_CALLOUT_ENUM_TEMPLATE0_ { // If non-null, only objects associated with the specified provider will be // returned. [unique] GUID* providerKey; // Only return callouts from the specified layer. GUID layerKey; } FWPM_CALLOUT_ENUM_TEMPLATE0; // Change notification dispatched to subscribers. typedef struct FWPM_CALLOUT_CHANGE0_ { // Type of change. FWPM_CHANGE_TYPE changeType; // GUID of the callout that changed. GUID calloutKey; // LUID of the callout that changed. UINT32 calloutId; } FWPM_CALLOUT_CHANGE0; // Used to subscribe for change notifications. typedef struct FWPM_CALLOUT_SUBSCRIPTION0_ { // Information supplied when subscribing. // Notifications are only dispatched for objects that match the template. If // the template is NULL, it matches all objects. [unique] FWPM_CALLOUT_ENUM_TEMPLATE0* enumTemplate; // Flags -- see FWPM_SUBSCRIPTION_FLAG_XXX above. UINT32 flags; // Additional information returned when getting subscriptions. // Owning session. GUID sessionKey; } FWPM_CALLOUT_SUBSCRIPTION0; /////////////////////////////////////////////////////////////////////////////// // // Types for managing filters. // /////////////////////////////////////////////////////////////////////////////// // The macro is repeated here, so that midl has access. #define FWP_ACTION_FLAG_CALLOUT (0x00004000) // Action taken if all the filter conditions are true. typedef struct FWPM_ACTION0_ { // Action type. FWP_ACTION_TYPE type; // If the action invokes a callout, calloutKey must contain the GUID for a // valid callout in the layer. Otherwise, the filterType may contain an // arbitrary GUID chosen by the policy provider. [switch_is(type & FWP_ACTION_FLAG_CALLOUT)] union { [case(0)] GUID filterType; [case(FWP_ACTION_FLAG_CALLOUT)] GUID calloutKey; }; } FWPM_ACTION0; // Expresses a filter condition that must be true for the action to be taken. typedef struct FWPM_FILTER_CONDITION0_ { // GUID of the field to be tested. GUID fieldKey; // Type of match to be performed. FWP_MATCH_TYPE matchType; // Value to match the field against. FWP_CONDITION_VALUE0 conditionValue; } FWPM_FILTER_CONDITION0; ////////// // Flags specificying filter characteristics. ////////// // Default. cpp_quote("#define FWPM_FILTER_FLAG_NONE (0x00000000)") // Filter is persistent, i.e., it survives across BFE stop/start. cpp_quote("#define FWPM_FILTER_FLAG_PERSISTENT (0x00000001)") // Filter is enforced at boot-time, even before BFE starts. cpp_quote("#define FWPM_FILTER_FLAG_BOOTTIME (0x00000002)") // The filter references a provider context. cpp_quote("#define FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT (0x00000004)") // Macro is also needed by MIDL. #define FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT (0x00000004) // Clear action right cpp_quote("#define FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT (0x00000008)") // If the callout isn't registered, the filter is treated as a permit filter. // Only allowed if the action type is FWP_ACTION_CALLOUT_TERMINATING or // FWP_ACTION_CALLOUT_UNKNOWN. cpp_quote("#define FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED (0x00000010)") // Persistent filter was disabled at BFE start because the associated Windows // service wasn't set to auto start. cpp_quote("#define FWPM_FILTER_FLAG_DISABLED (0x00000020)") // Stores the state associated with a filter. typedef struct FWPM_FILTER0_ { // Information supplied when adding objects. // Uniquely identifies the filter. If the GUID is zero-initialized in the // call to Add, BFE will generate one. GUID filterKey; // Allows filters to be annotated in a human-readable form. FWPM_DISPLAY_DATA0 displayData; // Flags UINT32 flags; // Optional GUID of the policy provider that manages this object. [unique] GUID* providerKey; // Optional provider-specific data; allows providers to store additional // context info with the object. FWP_BYTE_BLOB providerData; // GUID of the layer where the filter resides. GUID layerKey; // GUID of the sublayer where the filter resides. If this is set to // IID_NULL, the filter is added to the default sublayer. GUID subLayerKey; // Weight of the filter. This must be either of type FWP_UINT64 or // FWP_EMPTY. If empty, BFE will automatically assign a weight based on the // filter conditions. FWP_VALUE0 weight; // Array of filter conditions. All must be true for the action to be // performed. In other words, the conditions are AND'ed together. If no // conditions are specified, the action is always performed. UINT32 numFilterConditions; [size_is(numFilterConditions), unique] FWPM_FILTER_CONDITION0* filterCondition; // Action performed if all the filter conditions are true. FWPM_ACTION0 action; // If FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT is not set, the rawContext is // placed 'as is' in the context field of the corresonding FWPS_FILTER. // Otherwise, the LUID of the provider context specified by the // providerContextKey is used. [switch_is(flags & FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT)] union { [case(0)] UINT64 rawContext; [case(FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT)] GUID providerContextKey; }; // Reserved for system use. [unique] GUID* reserved; // Additional information returned when getting/enumerating objects. // LUID identifying the filter. This is also the LUID of the corresponding // FWPS_FILTER. UINT64 filterId; // Weight assigned to the FWPS_FILTER filter. FWP_VALUE0 effectiveWeight; } FWPM_FILTER0; // Used for enumerating filters. typedef struct FWPM_FILTER_ENUM_TEMPLATE0_ { // If non-null, only objects associated with the specified provider will be // returned. [unique] GUID* providerKey; // Layer whose fields are to be enumerated. GUID layerKey; // Determines how the filter conditions are interpreted. FWP_FILTER_ENUM_TYPE enumType; // Flags UINT32 flags; // If non-null, only enumerate filters whose provider context matches the // template. [unique] FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0* providerContextTemplate; // Number of filter conditions. If zero, then all filters match. UINT32 numFilterConditions; // Array of filter conditions. [size_is(numFilterConditions), unique] FWPM_FILTER_CONDITION0* filterCondition; // Only filters whose action type contains at least one of the bits in // actionMask will be returned. To ignore the filter's action type when // enumerating, set this to 0xFFFFFFFF. To enumerate just callouts, set this // to FWP_ACTION_FLAG_CALLOUT. UINT32 actionMask; // If non-null, only filters invoking the specified callout will be // returned. If this field is non-null, FWP_ACTION_FLAG_CALLOUT must be set // in the actionMask. [unique] GUID* calloutKey; } FWPM_FILTER_ENUM_TEMPLATE0; // Change notification dispatched to subscribers. typedef struct FWPM_FILTER_CHANGE0_ { // Type of change. FWPM_CHANGE_TYPE changeType; // GUID of the filter that changed. GUID filterKey; // LUID of the filter that changed. UINT64 filterId; } FWPM_FILTER_CHANGE0; // Used to subscribe for change notifications. typedef struct FWPM_FILTER_SUBSCRIPTION0_ { // Information supplied when subscribing. // Notifications are only dispatched for objects that match the template. If // the template is NULL, it matches all objects. [unique] FWPM_FILTER_ENUM_TEMPLATE0* enumTemplate; // Flags -- see FWPM_SUBSCRIPTION_FLAG_XXX above. UINT32 flags; // Additional information returned when getting subscriptions. // Owning session. GUID sessionKey; } FWPM_FILTER_SUBSCRIPTION0; typedef struct FWPM_LAYER_STATISTICS0_ { // layerId for the statistics GUID layerId; // number of classifications that returned permit UINT32 classifyPermitCount; // number of classifications that returned block UINT32 classifyBlockCount; // number of classifications that returned block via veto UINT32 classifyVetoCount; // number of cache entries UINT32 numCacheEntries; } FWPM_LAYER_STATISTICS0; typedef struct FWPM_STATISTICS0_ { UINT32 numLayerStatistics; [size_is(numLayerStatistics), ref] FWPM_LAYER_STATISTICS0* layerStatistics; UINT32 inboundAllowedConnectionsV4; UINT32 inboundBlockedConnectionsV4; UINT32 outboundAllowedConnectionsV4; UINT32 outboundBlockedConnectionsV4; UINT32 inboundAllowedConnectionsV6; UINT32 inboundBlockedConnectionsV6; UINT32 outboundAllowedConnectionsV6; UINT32 outboundBlockedConnectionsV6; UINT32 inboundActiveConnectionsV4; UINT32 outboundActiveConnectionsV4; UINT32 inboundActiveConnectionsV6; UINT32 outboundActiveConnectionsV6; } FWPM_STATISTICS0; /////////////////////////////////////////////////////////////////////////////// // // Types for diagnostics. // /////////////////////////////////////////////////////////////////////////////// // Flags indicating which fields are set. cpp_quote("#define FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET (0x00000001)") cpp_quote("#define FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET (0x00000002)") cpp_quote("#define FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET (0x00000004)") cpp_quote("#define FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET (0x00000008)") cpp_quote("#define FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET (0x00000010)") cpp_quote("#define FWPM_NET_EVENT_FLAG_APP_ID_SET (0x00000020)") cpp_quote("#define FWPM_NET_EVENT_FLAG_USER_ID_SET (0x00000040)") cpp_quote("#define FWPM_NET_EVENT_FLAG_SCOPE_ID_SET (0x00000080)") cpp_quote("#define FWPM_NET_EVENT_FLAG_IP_VERSION_SET (0x00000100)") cpp_quote("#define FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET (0x00000200)") // Fields common to all events. typedef struct FWPM_NET_EVENT_HEADER0_ { // Contains the time the event occurred, in 100-nanosecond intervals since // midnight, January 1, 1601. Do not set this when firing events. It's only // used when enum'ing events. FILETIME timeStamp; // Flags indicating which fields are set. Unused fields must be // zero-initialized. UINT32 flags; // 5-tuple of the network traffic. FWP_IP_VERSION ipVersion; UINT8 ipProtocol; [switch_type(FWP_IP_VERSION), switch_is(ipVersion)] union { [case(FWP_IP_VERSION_V4)] UINT32 localAddrV4; [case(FWP_IP_VERSION_V6)] FWP_BYTE_ARRAY16 localAddrV6; }; [switch_type(FWP_IP_VERSION), switch_is(ipVersion)] union { [case(FWP_IP_VERSION_V4)] UINT32 remoteAddrV4; [case(FWP_IP_VERSION_V6)] FWP_BYTE_ARRAY16 remoteAddrV6; }; UINT16 localPort; UINT16 remotePort; // IPv6 scope ID. UINT32 scopeId; // Local application and user corresponding to the traffic. FWP_BYTE_BLOB appId; [unique] SID* userId; } FWPM_NET_EVENT_HEADER0; // The original comment above on the previous structure is overtaken by events. // // It's because the original structure doesn't cover all events that we're having // to revise it. Ideally, instead of "ipVersion", we could have done the // discrimination of types with an "address family" field instead, and that could // include other addressing schemes such as Ethernet, 802.11, etc. // // Because new fields can only be added *at the end* of the structure, any new // discriminator comes too late to usefully influence the serialization // process... since you need to see the discriminator before you can see the fields // that it discriminates. // typedef struct FWPM_NET_EVENT_HEADER1_ { // Contains the time the event occurred, in 100-nanosecond intervals since // midnight, January 1, 1601. Do not set this when firing events. It's only // used when enum'ing events. FILETIME timeStamp; // Flags indicating which fields are set. Unused fields must be // zero-initialized. UINT32 flags; // 5-tuple of the network traffic. FWP_IP_VERSION ipVersion; UINT8 ipProtocol; [switch_type(FWP_IP_VERSION), switch_is(ipVersion)] union { [case(FWP_IP_VERSION_V4)] UINT32 localAddrV4; [case(FWP_IP_VERSION_V6)] FWP_BYTE_ARRAY16 localAddrV6; [case(FWP_IP_VERSION_NONE)]; }; [switch_type(FWP_IP_VERSION), switch_is(ipVersion)] union { [case(FWP_IP_VERSION_V4)] UINT32 remoteAddrV4; [case(FWP_IP_VERSION_V6)] FWP_BYTE_ARRAY16 remoteAddrV6; [case(FWP_IP_VERSION_NONE)]; }; UINT16 localPort; UINT16 remotePort; // IPv6 scope ID. UINT32 scopeId; // Local application and user corresponding to the traffic. FWP_BYTE_BLOB appId; [unique] SID* userId; // additional V1 stuff goes here... [switch_type(FWP_IP_VERSION), switch_is(ipVersion)] union { [case(FWP_IP_VERSION_NONE)] struct { FWP_AF addressFamily; [switch_type(FWP_AF), switch_is(addressFamily)] union { [case(FWP_AF_ETHER)] struct { FWP_BYTE_ARRAY6 dstAddrEth; FWP_BYTE_ARRAY6 srcAddrEth; DL_ADDRESS_TYPE addrType; FWP_ETHER_ENCAP_METHOD encapMethod; UINT16 etherType; UINT32 snapControl; UINT32 snapOui; UINT16 vlanTag; UINT64 ifLuid; }; }; }; [case(FWP_IP_VERSION_V4, FWP_IP_VERSION_V6)]; }; } FWPM_NET_EVENT_HEADER1; // Types of network events fired by WFP/IPsec. typedef [v1_enum] enum FWPM_NET_EVENT_TYPE_ { // An error occurred during IKE/AuthIP main-mode SA establishment. FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE, // An error occurred during IKE/AuthIP quick-mode SA establishment. FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE, // An error occurred during AuthIP extended-mode SA establishment. FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE, // Filter engine classify returned drop FWPM_NET_EVENT_TYPE_CLASSIFY_DROP, // IPsec kernel drop FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP, // IPsec DoS Protection drop FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP, // Not a valid event type -- used for parameter validation only. FWPM_NET_EVENT_TYPE_MAX } FWPM_NET_EVENT_TYPE; // Length in bytes of the SHA thumbprint of an IKE/Authip certificate #define IKEEXT_CERT_HASH_LEN 20 cpp_quote("#define IKEEXT_CERT_HASH_LEN 20") // Flag indicating that the IKE MM failure event is a benign/expected failure cpp_quote("#define FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_BENIGN (0x00000001)") // Flag indicating that multiple IKE MM failure events have been reported that // should be correlated using the mmId field. cpp_quote("#define FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_MULTIPLE (0x00000002)") // Event-specific data for FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE. typedef struct FWPM_NET_EVENT_IKEEXT_MM_FAILURE0_ { // Windows error code for the failure UINT32 failureErrorCode; // Point of failure IPSEC_FAILURE_POINT failurePoint; // Flags for the failure event UINT32 flags; // IKE or Authip IKEEXT_KEY_MODULE_TYPE keyingModuleType; // Main mode state IKEEXT_MM_SA_STATE mmState; // Initiator or Responder IKEEXT_SA_ROLE saRole; // Authentication method IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod; // Hash (SHA thumbprint) of the end certificate corresponding to failures // that happen during building or validating certificate chains. UINT8 endCertHash[IKEEXT_CERT_HASH_LEN]; // LUID for the MM SA UINT64 mmId; // Main mode filter ID UINT64 mmFilterId; } FWPM_NET_EVENT_IKEEXT_MM_FAILURE0; cpp_quote("#if (NTDDI_VERSION >= NTDDI_WIN7)") // Version-1 of event specific data for FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE. typedef struct FWPM_NET_EVENT_IKEEXT_MM_FAILURE1_ { // Windows error code for the failure UINT32 failureErrorCode; // Point of failure IPSEC_FAILURE_POINT failurePoint; // Flags for the failure event UINT32 flags; // IKE or Authip IKEEXT_KEY_MODULE_TYPE keyingModuleType; // Main mode state IKEEXT_MM_SA_STATE mmState; // Initiator or Responder IKEEXT_SA_ROLE saRole; // Authentication method IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod; // Hash (SHA thumbprint) of the end certificate corresponding to failures // that happen during building or validating certificate chains. UINT8 endCertHash[IKEEXT_CERT_HASH_LEN]; // LUID for the MM SA UINT64 mmId; // Main mode filter ID UINT64 mmFilterId; // Name of local security principal that was authenticated, if available. // If not available, an empty string will be stored. [string, ref] wchar_t* localPrincipalNameForAuth; // Name of remote security principal that was authenticated, if available. // If not available, an empty string will be stored. [string, ref] wchar_t* remotePrincipalNameForAuth; // Array of group SIDs corresponding to the local security principal that // was authenticated, if available. UINT32 numLocalPrincipalGroupSids; [size_is(numLocalPrincipalGroupSids), string, unique] LPWSTR* localPrincipalGroupSids; // Array of group SIDs corresponding to the remote security principal that // was authenticated, if available. UINT32 numRemotePrincipalGroupSids; [size_is(numRemotePrincipalGroupSids), string, unique] LPWSTR* remotePrincipalGroupSids; } FWPM_NET_EVENT_IKEEXT_MM_FAILURE1; cpp_quote("#endif // (NTDDI_VERSION >= NTDDI_WIN7)") // Event-specific data for FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE. typedef struct FWPM_NET_EVENT_IKEEXT_QM_FAILURE0_ { // Windows error code for the failure UINT32 failureErrorCode; // Point of failure IPSEC_FAILURE_POINT failurePoint; // IKE or Authip IKEEXT_KEY_MODULE_TYPE keyingModuleType; // Quick mode state IKEEXT_QM_SA_STATE qmState; // Initiator or Responder IKEEXT_SA_ROLE saRole; // Tunnel or transport mode IPSEC_TRAFFIC_TYPE saTrafficType; [switch_type(IPSEC_TRAFFIC_TYPE), switch_is(saTrafficType)] union { [case (IPSEC_TRAFFIC_TYPE_TRANSPORT)]; [case (IPSEC_TRAFFIC_TYPE_TUNNEL)] // Must be of type FWP_V4_ADDR_MASK or FWP_V6_ADDR_MASK. FWP_CONDITION_VALUE0 localSubNet; }; [switch_type(IPSEC_TRAFFIC_TYPE), switch_is(saTrafficType)] union { [case (IPSEC_TRAFFIC_TYPE_TRANSPORT)]; [case (IPSEC_TRAFFIC_TYPE_TUNNEL)] // Must be of type FWP_V4_ADDR_MASK or FWP_V6_ADDR_MASK. FWP_CONDITION_VALUE0 remoteSubNet; }; // Quick mode filter ID UINT64 qmFilterId; } FWPM_NET_EVENT_IKEEXT_QM_FAILURE0; // Flag indicating that multiple IKE EM failure events have been reported that // should be correlated using the mmId field. cpp_quote("#define FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_MULTIPLE (0x00000001)") // Flag indicating that the IKE EM failure event is a benign/expected failure cpp_quote("#define FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_BENIGN (0x00000002)") // Event-specific data for FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE. typedef struct FWPM_NET_EVENT_IKEEXT_EM_FAILURE0_ { // Windows error code for the failure UINT32 failureErrorCode; // Point of failure IPSEC_FAILURE_POINT failurePoint; // Flags for the failure event UINT32 flags; // Extended mode state IKEEXT_EM_SA_STATE emState; // Initiator or Responder IKEEXT_SA_ROLE saRole; // Authentication method IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod; // Hash (SHA thumbprint) of the end certificate corresponding to failures // that happen during building or validating certificate chains. UINT8 endCertHash[IKEEXT_CERT_HASH_LEN]; // LUID for the MM SA corresponding to this EM failure UINT64 mmId; // Quick mode filter ID associated with this EM failure UINT64 qmFilterId; } FWPM_NET_EVENT_IKEEXT_EM_FAILURE0; cpp_quote("#if (NTDDI_VERSION >= NTDDI_WIN7)") // Version-1 of event specific data for FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE. typedef struct FWPM_NET_EVENT_IKEEXT_EM_FAILURE1_ { // Windows error code for the failure UINT32 failureErrorCode; // Point of failure IPSEC_FAILURE_POINT failurePoint; // Flags for the failure event UINT32 flags; // Extended mode state IKEEXT_EM_SA_STATE emState; // Initiator or Responder IKEEXT_SA_ROLE saRole; // Authentication method IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod; // Hash (SHA thumbprint) of the end certificate corresponding to failures // that happen during building or validating certificate chains. UINT8 endCertHash[IKEEXT_CERT_HASH_LEN]; // LUID for the MM SA corresponding to this EM failure UINT64 mmId; // Quick mode filter ID associated with this EM failure UINT64 qmFilterId; // Name of local security principal that was authenticated, if available. // If not available, an empty string will be stored. [string, ref] wchar_t* localPrincipalNameForAuth; // Name of remote security principal that was authenticated, if available. // If not available, an empty string will be stored. [string, ref] wchar_t* remotePrincipalNameForAuth; // Array of group SIDs corresponding to the local security principal that // was authenticated, if available. UINT32 numLocalPrincipalGroupSids; [size_is(numLocalPrincipalGroupSids), string, unique] LPWSTR* localPrincipalGroupSids; // Array of group SIDs corresponding to the remote security principal that // was authenticated, if available. UINT32 numRemotePrincipalGroupSids; [size_is(numRemotePrincipalGroupSids), string, unique] LPWSTR* remotePrincipalGroupSids; // Tunnel or transport mode IPSEC_TRAFFIC_TYPE saTrafficType; } FWPM_NET_EVENT_IKEEXT_EM_FAILURE1; cpp_quote("#endif // (NTDDI_VERSION >= NTDDI_WIN7)") // Event-specific data for FWP_NET_EVENT_TYPE_CLASSIFY_DROP. typedef struct FWPM_NET_EVENT_CLASSIFY_DROP0_ { UINT64 filterId; UINT16 layerId; } FWPM_NET_EVENT_CLASSIFY_DROP0; typedef struct FWPM_NET_EVENT_CLASSIFY_DROP1_ { UINT64 filterId; UINT16 layerId; UINT32 reauthReason; UINT32 originalProfile; UINT32 currentProfile; UINT32 msFwpDirection; BOOL isLoopback; } FWPM_NET_EVENT_CLASSIFY_DROP1; // Event-specific data for FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP. typedef struct FWPM_NET_EVENT_IPSEC_KERNEL_DROP0_ { // NTSTATUS error code for the failure INT32 failureStatus; // Is dropped packet inbound or outbound FWP_DIRECTION direction; // SPI on the IPSec (ESP/AH) header of the packet. Will be 0 for clear text // packets. IPSEC_SA_SPI spi; // FilterId corresponding to the IPsec callout filter. This will be // available only if the packet was dropped by the IPsec callout. UINT64 filterId; // LayerId corresponding to the IPsec callout filter. This will be available // only if the packet was dropped by the IPsec callout. UINT16 layerId; } FWPM_NET_EVENT_IPSEC_KERNEL_DROP0; // Event-specific data for FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP. typedef struct FWPM_NET_EVENT_IPSEC_DOSP_DROP0_ { // IP version FWP_IP_VERSION ipVersion; // IP address of the internet host [switch_type(FWP_IP_VERSION), switch_is(ipVersion)] union { [case(FWP_IP_VERSION_V4)] UINT32 publicHostV4Addr; [case(FWP_IP_VERSION_V6)] UINT8 publicHostV6Addr[16]; }; // IP address of the corpnet host [switch_type(FWP_IP_VERSION), switch_is(ipVersion)] union { [case(FWP_IP_VERSION_V4)] UINT32 internalHostV4Addr; [case(FWP_IP_VERSION_V6)] UINT8 internalHostV6Addr[16]; }; // NTSTATUS error code for the failure INT32 failureStatus; // Is dropped packet inbound or outbound FWP_DIRECTION direction; } FWPM_NET_EVENT_IPSEC_DOSP_DROP0; // Consolidated event struct for all event types. typedef struct FWPM_NET_EVENT0_ { // Common data. FWPM_NET_EVENT_HEADER0 header; // Type of event. FWPM_NET_EVENT_TYPE type; // Event-specific data. [switch_type(FWPM_NET_EVENT_TYPE), switch_is(type)] union { [case(FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE)] [unique] FWPM_NET_EVENT_IKEEXT_MM_FAILURE0* ikeMmFailure; [case(FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE)] [unique] FWPM_NET_EVENT_IKEEXT_QM_FAILURE0* ikeQmFailure; [case(FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE)] [unique] FWPM_NET_EVENT_IKEEXT_EM_FAILURE0* ikeEmFailure; [case(FWPM_NET_EVENT_TYPE_CLASSIFY_DROP)] [unique] FWPM_NET_EVENT_CLASSIFY_DROP0* classifyDrop; [case(FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP)] [unique] FWPM_NET_EVENT_IPSEC_KERNEL_DROP0* ipsecDrop; [case(FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP)] [unique] FWPM_NET_EVENT_IPSEC_DOSP_DROP0* idpDrop; }; } FWPM_NET_EVENT0; cpp_quote("#if (NTDDI_VERSION >= NTDDI_WIN7)") // Version-1 of consolidated event struct for all event types. typedef struct FWPM_NET_EVENT1_ { // Common data. FWPM_NET_EVENT_HEADER1 header; // Type of event. FWPM_NET_EVENT_TYPE type; // Event-specific data. [switch_type(FWPM_NET_EVENT_TYPE), switch_is(type)] union { [case(FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE)] [unique] FWPM_NET_EVENT_IKEEXT_MM_FAILURE1* ikeMmFailure; [case(FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE)] [unique] FWPM_NET_EVENT_IKEEXT_QM_FAILURE0* ikeQmFailure; [case(FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE)] [unique] FWPM_NET_EVENT_IKEEXT_EM_FAILURE1* ikeEmFailure; [case(FWPM_NET_EVENT_TYPE_CLASSIFY_DROP)] [unique] FWPM_NET_EVENT_CLASSIFY_DROP1* classifyDrop; [case(FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP)] [unique] FWPM_NET_EVENT_IPSEC_KERNEL_DROP0* ipsecDrop; [case(FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP)] [unique] FWPM_NET_EVENT_IPSEC_DOSP_DROP0* idpDrop; }; } FWPM_NET_EVENT1; cpp_quote("#endif // (NTDDI_VERSION >= NTDDI_WIN7)") // Template for filtering events. Supported filter conditions are: // FWPM_CONDITION_IP_PROTOCOL // FWPM_CONDITION_IP_LOCAL_ADDRESS // FWPM_CONDITION_IP_REMOTE_ADDRESS // FWPM_CONDITION_IP_LOCAL_PORT // FWPM_CONDITION_IP_REMOTE_PORT // FWPM_CONDITION_ALE_APP_ID typedef struct FWPM_NET_EVENT_ENUM_TEMPLATE0_ { // Start/end time of the time period of interest. FILETIME startTime; FILETIME endTime; // Number of filter conditions. If zero, then all events match. UINT32 numFilterConditions; // Array of filter conditions. [size_is(numFilterConditions), unique] FWPM_FILTER_CONDITION0* filterCondition; } FWPM_NET_EVENT_ENUM_TEMPLATE0; // Used to subscribe for net event notifications. typedef struct FWPM_NET_EVENT_SUBSCRIPTION0_ { // Information supplied when subscribing. // Notifications are only dispatched for objects that match the template. If // the template is NULL, it matches all objects. [unique] FWPM_NET_EVENT_ENUM_TEMPLATE0* enumTemplate; // Flags -- unused. UINT32 flags; // Additional information returned when getting subscriptions. // Owning session. GUID sessionKey; } FWPM_NET_EVENT_SUBSCRIPTION0; cpp_quote("#if (NTDDI_VERSION >= NTDDI_WIN7)") /////////////////////////////////////////////////////////////////////////////// // // Types for tracking system ports. // /////////////////////////////////////////////////////////////////////////////// // Different types of system ports. typedef [v1_enum] enum FWPM_SYSTEM_PORT_TYPE_ { FWPM_SYSTEM_PORT_RPC_EPMAP, FWPM_SYSTEM_PORT_TEREDO, FWPM_SYSTEM_PORT_IPHTTPS_IN, FWPM_SYSTEM_PORT_IPHTTPS_OUT, FWPM_SYSTEM_PORT_TYPE_MAX } FWPM_SYSTEM_PORT_TYPE; // Stores all the system ports of a specified type. typedef struct FWPM_SYSTEM_PORTS_BY_TYPE0_ { // Type of port. FWPM_SYSTEM_PORT_TYPE type; // Number of ports of the specified type. UINT32 numPorts; // Array of IP port numbers for the specified type. [size_is(numPorts), unique] UINT16* ports; } FWPM_SYSTEM_PORTS_BY_TYPE0; // Stores all the system ports of all types. typedef struct FWPM_SYSTEM_PORTS0_ { // Number of types in the array. UINT32 numTypes; // Array of system port types. [size_is(numTypes), unique] FWPM_SYSTEM_PORTS_BY_TYPE0* types; } FWPM_SYSTEM_PORTS0; cpp_quote("#endif // (NTDDI_VERSION >= NTDDI_WIN7)") cpp_quote("#if _MSC_VER >= 800") cpp_quote("#if _MSC_VER >= 1200") cpp_quote("#pragma warning(pop)") cpp_quote("#else") cpp_quote("#pragma warning(default:4201)") cpp_quote("#endif") cpp_quote("#endif")