/* Copyright (c) Microsoft Corporation SYNOPSIS Declares the system portion of the FWP API. */ #ifndef FWPSX_H #define FWPSX_H #if _MSC_VER >= 1020 #pragma once #endif #include #pragma region Desktop Family or AppRuntime Package #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_PKG_APPRUNTIME) #if (NTDDI_VERSION >= NTDDI_WIN6) #ifndef _KRPCENV_ #define _KRPCENV_ 1 #endif #include "fwpstypes.h" #include "ndis.h" #include "ws2def.h" #include #include #include "fwpvi.h" #ifdef __cplusplus extern "C" { #endif #if defined(_MSC_VER) && !defined(__clang__) /***********************************************************************************************\ * * * Windows Filtering Platform (WFP) Driver Callout Annotations * * * * Version 1.0.0 * * * * Defines annotations to be used in Windows Filtering Callout Drivers to enforce API * * contracts that can be statically verified through the use of CodeQL queries. * * * * All APIs these annotations check for are present since Vista * * * \**********************************************************************************************/ #define _Wfp_Annotation_ __declspec("_Wfp_Annotation_") #define _Wfp_stream_injection_classify_ __declspec("_Wfp_stream_injection_classify_") #define _Wfp_stream_inspection_classify_ __declspec("_Wfp_stream_inspection_classify_") #define _Wfp_stream_inspection_notify_ __declspec("_Wfp_stream_inspection_notify_") #define _Wfp_flow_inspection_notify_ __declspec("_Wfp_flow_inspection_notify_") #define _Wfp_flow_inspection_classify_ __declspec("_Wfp_flow_inspection_classify_") #define _Wfp_flow_injection_classify_ __declspec("_Wfp_flow_injection_classify_") #define _Wfp_Transport_inspection_classify_ __declspec("_Wfp_Transport_inspection_classify_") #define _Wfp_transport_injection_classify_ __declspec("_Wfp_transport_injection_classify_") #define _Wfp_transport_injection_classify_inline_ __declspec("_Wfp_transport_injection_classify_inline_") #define _Wfp_ale_inspection_notify_ __declspec("_Wfp_ale_inspection_notify_") #define _Wfp_ale_inspection_classify_ __declspec("_Wfp_ale_inspection_classify_") #if (NTDDI_VERSION >= NTDDI_WIN8) // Connect Redirect APIs are not availible until Windows 8 #define _Wfp_connect_redirect_inline_classify_ __declspec("_Wfp_connect_redirect_inline_classify_") #define _Wfp_connect_redirect_classify_ __declspec("_Wfp_connect_redirect_classify_") #endif /// (NTDDI_VERSION >= NTDDI_WIN8) #endif /// (_MSC_VER) && !defined(__clang__) /////////////////////////////////////////////////////////////////////////////// // // LUIDs for built-in layers. // /////////////////////////////////////////////////////////////////////////////// typedef enum FWPS_BUILTIN_LAYERS_ { // Kernel-mode layers FWPS_LAYER_INBOUND_IPPACKET_V4, // 0 FWPS_LAYER_INBOUND_IPPACKET_V4_DISCARD, FWPS_LAYER_INBOUND_IPPACKET_V6, FWPS_LAYER_INBOUND_IPPACKET_V6_DISCARD, FWPS_LAYER_OUTBOUND_IPPACKET_V4, FWPS_LAYER_OUTBOUND_IPPACKET_V4_DISCARD, // 5 FWPS_LAYER_OUTBOUND_IPPACKET_V6, FWPS_LAYER_OUTBOUND_IPPACKET_V6_DISCARD, FWPS_LAYER_IPFORWARD_V4, FWPS_LAYER_IPFORWARD_V4_DISCARD, FWPS_LAYER_IPFORWARD_V6, // 10 FWPS_LAYER_IPFORWARD_V6_DISCARD, FWPS_LAYER_INBOUND_TRANSPORT_V4, FWPS_LAYER_INBOUND_TRANSPORT_V4_DISCARD, FWPS_LAYER_INBOUND_TRANSPORT_V6, FWPS_LAYER_INBOUND_TRANSPORT_V6_DISCARD, // 15 FWPS_LAYER_OUTBOUND_TRANSPORT_V4, FWPS_LAYER_OUTBOUND_TRANSPORT_V4_DISCARD, FWPS_LAYER_OUTBOUND_TRANSPORT_V6, FWPS_LAYER_OUTBOUND_TRANSPORT_V6_DISCARD, FWPS_LAYER_STREAM_V4, // 20 FWPS_LAYER_STREAM_V4_DISCARD, FWPS_LAYER_STREAM_V6, FWPS_LAYER_STREAM_V6_DISCARD, FWPS_LAYER_DATAGRAM_DATA_V4, FWPS_LAYER_DATAGRAM_DATA_V4_DISCARD, // 25 FWPS_LAYER_DATAGRAM_DATA_V6, FWPS_LAYER_DATAGRAM_DATA_V6_DISCARD, FWPS_LAYER_INBOUND_ICMP_ERROR_V4, FWPS_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD, FWPS_LAYER_INBOUND_ICMP_ERROR_V6, // 30 FWPS_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD, FWPS_LAYER_OUTBOUND_ICMP_ERROR_V4, FWPS_LAYER_OUTBOUND_ICMP_ERROR_V4_DISCARD, FWPS_LAYER_OUTBOUND_ICMP_ERROR_V6, FWPS_LAYER_OUTBOUND_ICMP_ERROR_V6_DISCARD, // 35 FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V4, FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V4_DISCARD, FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V6, FWPS_LAYER_ALE_RESOURCE_ASSIGNMENT_V6_DISCARD, FWPS_LAYER_ALE_AUTH_LISTEN_V4, // 40 FWPS_LAYER_ALE_AUTH_LISTEN_V4_DISCARD, FWPS_LAYER_ALE_AUTH_LISTEN_V6, FWPS_LAYER_ALE_AUTH_LISTEN_V6_DISCARD, FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V4, FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD, // 45 FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V6, FWPS_LAYER_ALE_AUTH_RECV_ACCEPT_V6_DISCARD, FWPS_LAYER_ALE_AUTH_CONNECT_V4, FWPS_LAYER_ALE_AUTH_CONNECT_V4_DISCARD, FWPS_LAYER_ALE_AUTH_CONNECT_V6, // 50 FWPS_LAYER_ALE_AUTH_CONNECT_V6_DISCARD, FWPS_LAYER_ALE_FLOW_ESTABLISHED_V4, FWPS_LAYER_ALE_FLOW_ESTABLISHED_V4_DISCARD, FWPS_LAYER_ALE_FLOW_ESTABLISHED_V6, FWPS_LAYER_ALE_FLOW_ESTABLISHED_V6_DISCARD, // 55 #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_LAYER_INBOUND_MAC_FRAME_ETHERNET, FWPS_LAYER_OUTBOUND_MAC_FRAME_ETHERNET, #if (NTDDI_VERSION == NTDDI_WIN7) FWPS_LAYER_RESERVED1_V4, FWPS_LAYER_RESERVED1_V6, #else FWPS_LAYER_INBOUND_MAC_FRAME_NATIVE, FWPS_LAYER_OUTBOUND_MAC_FRAME_NATIVE, #endif FWPS_LAYER_NAME_RESOLUTION_CACHE_V4, // 60 FWPS_LAYER_NAME_RESOLUTION_CACHE_V6, FWPS_LAYER_ALE_RESOURCE_RELEASE_V4, FWPS_LAYER_ALE_RESOURCE_RELEASE_V6, FWPS_LAYER_ALE_ENDPOINT_CLOSURE_V4, FWPS_LAYER_ALE_ENDPOINT_CLOSURE_V6, // 65 FWPS_LAYER_ALE_CONNECT_REDIRECT_V4, FWPS_LAYER_ALE_CONNECT_REDIRECT_V6, FWPS_LAYER_ALE_BIND_REDIRECT_V4, FWPS_LAYER_ALE_BIND_REDIRECT_V6, FWPS_LAYER_STREAM_PACKET_V4, // 70 FWPS_LAYER_STREAM_PACKET_V6, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_LAYER_INGRESS_VSWITCH_ETHERNET, FWPS_LAYER_EGRESS_VSWITCH_ETHERNET, FWPS_LAYER_INGRESS_VSWITCH_TRANSPORT_V4, FWPS_LAYER_INGRESS_VSWITCH_TRANSPORT_V6, // 75 FWPS_LAYER_EGRESS_VSWITCH_TRANSPORT_V4, FWPS_LAYER_EGRESS_VSWITCH_TRANSPORT_V6, #if (NTDDI_VERSION >= NTDDI_WINBLUE) FWPS_LAYER_INBOUND_TRANSPORT_FAST, FWPS_LAYER_OUTBOUND_TRANSPORT_FAST, FWPS_LAYER_INBOUND_MAC_FRAME_NATIVE_FAST, // 80 FWPS_LAYER_OUTBOUND_MAC_FRAME_NATIVE_FAST, #if (NTDDI_VERSION >= NTDDI_WIN10_RS3) FWPS_LAYER_INBOUND_RESERVED2, #if (NTDDI_VERSION >= NTDDI_WIN10_FE) FWPS_LAYER_RESERVED_LAYER_9, FWPS_LAYER_RESERVED_LAYER_10, #if (NTDDI_VERSION >= NTDDI_WIN10_NI) FWPS_LAYER_OUTBOUND_NETWORK_CONNECTION_POLICY_V4, // 85 FWPS_LAYER_OUTBOUND_NETWORK_CONNECTION_POLICY_V6, #endif // (NTDDI_VERSION >= NTDDI_WIN10_NI) #endif // (NTDDI_VERSION >= NTDDI_WIN10_FE) #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS3) #endif // (NTDDI_VERSION >= NTDDI_WINBLUE) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) // User-mode layers FWPS_LAYER_IPSEC_KM_DEMUX_V4, // 87 FWPS_LAYER_IPSEC_KM_DEMUX_V6, FWPS_LAYER_IPSEC_V4, FWPS_LAYER_IPSEC_V6, // 90 FWPS_LAYER_IKEEXT_V4, FWPS_LAYER_IKEEXT_V6, FWPS_LAYER_RPC_UM, FWPS_LAYER_RPC_EPMAP, FWPS_LAYER_RPC_EP_ADD, // 95 FWPS_LAYER_RPC_PROXY_CONN, FWPS_LAYER_RPC_PROXY_IF, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_LAYER_KM_AUTHORIZATION, #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_BUILTIN_LAYER_MAX, // 99 } FWPS_BUILTIN_LAYERS; #define FWPS_BUILTIN_KM_LAYER_MAX FWPS_LAYER_IPSEC_KM_DEMUX_V4 /////////////////////////////////////////////////////////////////////////////// // // LUIDs for built-in fields. // /////////////////////////////////////////////////////////////////////////////// typedef enum FWPS_FIELDS_INBOUND_IPPACKET_V4_ { FWPS_FIELD_INBOUND_IPPACKET_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_INBOUND_IPPACKET_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_IPPACKET_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_INBOUND_IPPACKET_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_INBOUND_IPPACKET_V4_INTERFACE_INDEX, FWPS_FIELD_INBOUND_IPPACKET_V4_SUB_INTERFACE_INDEX, FWPS_FIELD_INBOUND_IPPACKET_V4_FLAGS, FWPS_FIELD_INBOUND_IPPACKET_V4_INTERFACE_TYPE, FWPS_FIELD_INBOUND_IPPACKET_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_IPPACKET_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_IPPACKET_V4_MAX } FWPS_FIELDS_INBOUND_IPPACKET_V4; typedef enum FWPS_FIELDS_INBOUND_IPPACKET_V6_ { FWPS_FIELD_INBOUND_IPPACKET_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_INBOUND_IPPACKET_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_IPPACKET_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_INBOUND_IPPACKET_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_INBOUND_IPPACKET_V6_INTERFACE_INDEX, FWPS_FIELD_INBOUND_IPPACKET_V6_SUB_INTERFACE_INDEX, FWPS_FIELD_INBOUND_IPPACKET_V6_FLAGS, FWPS_FIELD_INBOUND_IPPACKET_V6_INTERFACE_TYPE, FWPS_FIELD_INBOUND_IPPACKET_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_IPPACKET_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_IPPACKET_V6_MAX } FWPS_FIELDS_INBOUND_IPPACKET_V6; typedef enum FWPS_FIELDS_OUTBOUND_IPPACKET_V4_ { FWPS_FIELD_OUTBOUND_IPPACKET_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_IPPACKET_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_IPPACKET_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_IPPACKET_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_OUTBOUND_IPPACKET_V4_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_IPPACKET_V4_SUB_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_IPPACKET_V4_FLAGS, FWPS_FIELD_OUTBOUND_IPPACKET_V4_INTERFACE_TYPE, FWPS_FIELD_OUTBOUND_IPPACKET_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_IPPACKET_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_IPPACKET_V4_MAX } FWPS_FIELDS_OUTBOUND_IPPACKET_V4; typedef enum FWPS_FIELDS_OUTBOUND_IPPACKET_V6_ { FWPS_FIELD_OUTBOUND_IPPACKET_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_IPPACKET_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_IPPACKET_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_IPPACKET_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_OUTBOUND_IPPACKET_V6_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_IPPACKET_V6_SUB_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_IPPACKET_V6_FLAGS, FWPS_FIELD_OUTBOUND_IPPACKET_V6_INTERFACE_TYPE, FWPS_FIELD_OUTBOUND_IPPACKET_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_IPPACKET_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_IPPACKET_V6_MAX } FWPS_FIELDS_OUTBOUND_IPPACKET_V6; typedef enum FWPS_FIELDS_IPFORWARD_V4_ { FWPS_FIELD_IPFORWARD_V4_IP_SOURCE_ADDRESS, FWPS_FIELD_IPFORWARD_V4_IP_DESTINATION_ADDRESS, FWPS_FIELD_IPFORWARD_V4_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_IPFORWARD_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_IPFORWARD_V4_IP_FORWARD_INTERFACE, FWPS_FIELD_IPFORWARD_V4_SOURCE_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V4_SOURCE_SUB_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V4_DESTINATION_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V4_DESTINATION_SUB_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPFORWARD_V4_IP_PHYSICAL_ARRIVAL_INTERFACE, FWPS_FIELD_IPFORWARD_V4_ARRIVAL_INTERFACE_PROFILE_ID, FWPS_FIELD_IPFORWARD_V4_IP_PHYSICAL_NEXTHOP_INTERFACE, FWPS_FIELD_IPFORWARD_V4_NEXTHOP_INTERFACE_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_IPFORWARD_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPFORWARD_V4_MAX } FWPS_FIELDS_IPFORWARD_V4; typedef enum FWPS_FIELDS_IPFORWARD_V6_ { FWPS_FIELD_IPFORWARD_V6_IP_SOURCE_ADDRESS, FWPS_FIELD_IPFORWARD_V6_IP_DESTINATION_ADDRESS, FWPS_FIELD_IPFORWARD_V6_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_IPFORWARD_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_IPFORWARD_V6_IP_FORWARD_INTERFACE, FWPS_FIELD_IPFORWARD_V6_SOURCE_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V6_SOURCE_SUB_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V6_DESTINATION_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V6_DESTINATION_SUB_INTERFACE_INDEX, FWPS_FIELD_IPFORWARD_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPFORWARD_V6_IP_PHYSICAL_ARRIVAL_INTERFACE, FWPS_FIELD_IPFORWARD_V6_ARRIVAL_INTERFACE_PROFILE_ID, FWPS_FIELD_IPFORWARD_V6_IP_PHYSICAL_NEXTHOP_INTERFACE, FWPS_FIELD_IPFORWARD_V6_NEXTHOP_INTERFACE_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_IPFORWARD_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPFORWARD_V6_MAX } FWPS_FIELDS_IPFORWARD_V6; typedef enum FWPS_FIELDS_INBOUND_TRANSPORT_V4_ { FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_PROTOCOL, FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_LOCAL_PORT, FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_REMOTE_PORT, FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_INBOUND_TRANSPORT_V4_INTERFACE_INDEX, FWPS_FIELD_INBOUND_TRANSPORT_V4_SUB_INTERFACE_INDEX, FWPS_FIELD_INBOUND_TRANSPORT_V4_FLAGS, FWPS_FIELD_INBOUND_TRANSPORT_V4_INTERFACE_TYPE, FWPS_FIELD_INBOUND_TRANSPORT_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_INBOUND_TRANSPORT_V4_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_INBOUND_TRANSPORT_V4_IPSEC_SECURITY_REALM_ID, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_TRANSPORT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_INBOUND_TRANSPORT_V4_MAX } FWPS_FIELDS_INBOUND_TRANSPORT_V4; #if (NTDDI_VERSION >= NTDDI_WINBLUE) typedef enum FWPS_FIELDS_INBOUND_TRANSPORT_FAST { FWPS_FIELD_INBOUND_TRANSPORT_FAST_MAX } FWPS_FIELDS_INBOUND_TRANSPORT_FAST; typedef enum FWPS_FIELDS_OUTBOUND_TRANSPORT_FAST { FWPS_FIELD_OUTBOUND_TRANSPORT_FAST_MAX } FWPS_FIELDS_OUTBOUND_TRANSPORT_FAST; #endif //(NTDDI_VERSION >= NTDDI_WINBLUE) #define FWPS_FIELD_INBOUND_TRANSPORT_V4_ICMP_TYPE \ FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_LOCAL_PORT #define FWPS_FIELD_INBOUND_TRANSPORT_V4_ICMP_CODE \ FWPS_FIELD_INBOUND_TRANSPORT_V4_IP_REMOTE_PORT typedef enum FWPS_FIELDS_INBOUND_TRANSPORT_V6_ { FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_PROTOCOL, FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_LOCAL_PORT, FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_REMOTE_PORT, FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_INBOUND_TRANSPORT_V6_INTERFACE_INDEX, FWPS_FIELD_INBOUND_TRANSPORT_V6_SUB_INTERFACE_INDEX, FWPS_FIELD_INBOUND_TRANSPORT_V6_FLAGS, FWPS_FIELD_INBOUND_TRANSPORT_V6_INTERFACE_TYPE, FWPS_FIELD_INBOUND_TRANSPORT_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_INBOUND_TRANSPORT_V6_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_INBOUND_TRANSPORT_V6_IPSEC_SECURITY_REALM_ID, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_TRANSPORT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_INBOUND_TRANSPORT_V6_MAX } FWPS_FIELDS_INBOUND_TRANSPORT_V6; #define FWPS_FIELD_INBOUND_TRANSPORT_V6_ICMP_TYPE \ FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_LOCAL_PORT #define FWPS_FIELD_INBOUND_TRANSPORT_V6_ICMP_CODE \ FWPS_FIELD_INBOUND_TRANSPORT_V6_IP_REMOTE_PORT typedef enum FWPS_FIELDS_OUTBOUND_TRANSPORT_V4_ { FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_PROTOCOL, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_LOCAL_PORT, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_REMOTE_PORT, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_SUB_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_FLAGS, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_INTERFACE_TYPE, FWPS_FIELD_OUTBOUND_TRANSPORT_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_OUTBOUND_TRANSPORT_V4_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IPSEC_SECURITY_REALM_ID, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_TRANSPORT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_OUTBOUND_TRANSPORT_V4_MAX } FWPS_FIELDS_OUTBOUND_TRANSPORT_V4; #define FWPS_FIELD_OUTBOUND_TRANSPORT_V4_ICMP_TYPE \ FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_LOCAL_PORT #define FWPS_FIELD_OUTBOUND_TRANSPORT_V4_ICMP_CODE \ FWPS_FIELD_OUTBOUND_TRANSPORT_V4_IP_REMOTE_PORT typedef enum FWPS_FIELDS_OUTBOUND_TRANSPORT_V6_ { FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_PROTOCOL, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_LOCAL_PORT, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_REMOTE_PORT, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_SUB_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_FLAGS, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_INTERFACE_TYPE, FWPS_FIELD_OUTBOUND_TRANSPORT_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_OUTBOUND_TRANSPORT_V6_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IPSEC_SECURITY_REALM_ID, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_TRANSPORT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_OUTBOUND_TRANSPORT_V6_MAX } FWPS_FIELDS_OUTBOUND_TRANSPORT_V6; #define FWPS_FIELD_OUTBOUND_TRANSPORT_V6_ICMP_TYPE \ FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_LOCAL_PORT #define FWPS_FIELD_OUTBOUND_TRANSPORT_V6_ICMP_CODE \ FWPS_FIELD_OUTBOUND_TRANSPORT_V6_IP_REMOTE_PORT typedef enum FWPS_FIELDS_STREAM_V4_ { FWPS_FIELD_STREAM_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_STREAM_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_STREAM_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_STREAM_V4_IP_LOCAL_PORT, FWPS_FIELD_STREAM_V4_IP_REMOTE_PORT, FWPS_FIELD_STREAM_V4_DIRECTION, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_STREAM_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_STREAM_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_STREAM_V4_MAX } FWPS_FIELDS_STREAM_V4; typedef enum FWPS_FIELDS_STREAM_V6_ { FWPS_FIELD_STREAM_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_STREAM_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_STREAM_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_STREAM_V6_IP_LOCAL_PORT, FWPS_FIELD_STREAM_V6_IP_REMOTE_PORT, FWPS_FIELD_STREAM_V6_DIRECTION, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_STREAM_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_STREAM_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_STREAM_V6_MAX } FWPS_FIELDS_STREAM_V6; typedef enum FWPS_FIELDS_DATAGRAM_DATA_V4_ { FWPS_FIELD_DATAGRAM_DATA_V4_IP_PROTOCOL, FWPS_FIELD_DATAGRAM_DATA_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_DATAGRAM_DATA_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_DATAGRAM_DATA_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_DATAGRAM_DATA_V4_IP_LOCAL_PORT, FWPS_FIELD_DATAGRAM_DATA_V4_IP_REMOTE_PORT, FWPS_FIELD_DATAGRAM_DATA_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_DATAGRAM_DATA_V4_INTERFACE_INDEX, FWPS_FIELD_DATAGRAM_DATA_V4_SUB_INTERFACE_INDEX, FWPS_FIELD_DATAGRAM_DATA_V4_DIRECTION, FWPS_FIELD_DATAGRAM_DATA_V4_FLAGS, FWPS_FIELD_DATAGRAM_DATA_V4_INTERFACE_TYPE, FWPS_FIELD_DATAGRAM_DATA_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_DATAGRAM_DATA_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_DATAGRAM_DATA_V4_MAX } FWPS_FIELDS_DATAGRAM_DATA_V4; #define FWPS_FIELD_DATAGRAM_DATA_V4_ICMP_TYPE \ FWPS_FIELD_DATAGRAM_DATA_V4_IP_LOCAL_PORT #define FWPS_FIELD_DATAGRAM_DATA_V4_ICMP_CODE \ FWPS_FIELD_DATAGRAM_DATA_V4_IP_REMOTE_PORT typedef enum FWPS_FIELDS_DATAGRAM_DATA_V6_ { FWPS_FIELD_DATAGRAM_DATA_V6_IP_PROTOCOL, FWPS_FIELD_DATAGRAM_DATA_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_DATAGRAM_DATA_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_DATAGRAM_DATA_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_DATAGRAM_DATA_V6_IP_LOCAL_PORT, FWPS_FIELD_DATAGRAM_DATA_V6_IP_REMOTE_PORT, FWPS_FIELD_DATAGRAM_DATA_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_DATAGRAM_DATA_V6_INTERFACE_INDEX, FWPS_FIELD_DATAGRAM_DATA_V6_SUB_INTERFACE_INDEX, FWPS_FIELD_DATAGRAM_DATA_V6_DIRECTION, FWPS_FIELD_DATAGRAM_DATA_V6_FLAGS, FWPS_FIELD_DATAGRAM_DATA_V6_INTERFACE_TYPE, FWPS_FIELD_DATAGRAM_DATA_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_DATAGRAM_DATA_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_DATAGRAM_DATA_V6_MAX } FWPS_FIELDS_DATAGRAM_DATA_V6; #define FWPS_FIELD_DATAGRAM_DATA_V6_ICMP_TYPE \ FWPS_FIELD_DATAGRAM_DATA_V6_IP_LOCAL_PORT #define FWPS_FIELD_DATAGRAM_DATA_V6_ICMP_CODE \ FWPS_FIELD_DATAGRAM_DATA_V6_IP_REMOTE_PORT #if (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_STREAM_PACKET_V4_ { FWPS_FIELD_STREAM_PACKET_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_STREAM_PACKET_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_STREAM_PACKET_V4_IP_LOCAL_PORT, FWPS_FIELD_STREAM_PACKET_V4_IP_REMOTE_PORT, FWPS_FIELD_STREAM_PACKET_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_STREAM_PACKET_V4_INTERFACE_INDEX, FWPS_FIELD_STREAM_PACKET_V4_SUB_INTERFACE_INDEX, FWPS_FIELD_STREAM_PACKET_V4_DIRECTION, FWPS_FIELD_STREAM_PACKET_V4_FLAGS, FWPS_FIELD_STREAM_PACKET_V4_INTERFACE_TYPE, FWPS_FIELD_STREAM_PACKET_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_STREAM_PACKET_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_STREAM_PACKET_V4_MAX } FWPS_FIELDS_STREAM_PACKET_V4; typedef enum FWPS_FIELDS_STREAM_PACKET_V6_ { FWPS_FIELD_STREAM_PACKET_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_STREAM_PACKET_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_STREAM_PACKET_V6_IP_LOCAL_PORT, FWPS_FIELD_STREAM_PACKET_V6_IP_REMOTE_PORT, FWPS_FIELD_STREAM_PACKET_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_STREAM_PACKET_V6_INTERFACE_INDEX, FWPS_FIELD_STREAM_PACKET_V6_SUB_INTERFACE_INDEX, FWPS_FIELD_STREAM_PACKET_V6_DIRECTION, FWPS_FIELD_STREAM_PACKET_V6_FLAGS, FWPS_FIELD_STREAM_PACKET_V6_INTERFACE_TYPE, FWPS_FIELD_STREAM_PACKET_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_STREAM_PACKET_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_STREAM_PACKET_V6_MAX } FWPS_FIELDS_STREAM_PACKET_V6; #endif // (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_INBOUND_ICMP_ERROR_V4_ { FWPS_FIELD_INBOUND_ICMP_ERROR_V4_EMBEDDED_PROTOCOL, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_EMBEDDED_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_EMBEDDED_LOCAL_ADDRESS_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_EMBEDDED_LOCAL_PORT, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_EMBEDDED_REMOTE_PORT, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_ICMP_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_ICMP_CODE, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_INTERFACE_INDEX, // of local/delivery interface FWPS_FIELD_INBOUND_ICMP_ERROR_V4_SUB_INTERFACE_INDEX, // of arrival interface FWPS_FIELD_INBOUND_ICMP_ERROR_V4_INTERFACE_TYPE, // of local/delivery interface FWPS_FIELD_INBOUND_ICMP_ERROR_V4_TUNNEL_TYPE, // of local/delivery interface #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_INBOUND_ICMP_ERROR_V4_IP_ARRIVAL_INTERFACE, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_ARRIVAL_INTERFACE_INDEX, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_ARRIVAL_INTERFACE_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_ARRIVAL_TUNNEL_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_INBOUND_ICMP_ERROR_V4_ARRIVAL_INTERFACE_PROFILE_ID, FWPS_FIELD_INBOUND_ICMP_ERROR_V4_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_ICMP_ERROR_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_INBOUND_ICMP_ERROR_V4_MAX } FWPS_FIELDS_INBOUND_ICMP_ERROR_V4; #if (NTDDI_VERSION >= NTDDI_WIN6SP1) #define FWPS_FIELD_INBOUND_ICMP_ERROR_V4_LOCAL_INTERFACE_INDEX \ FWPS_FIELD_INBOUND_ICMP_ERROR_V4_INTERFACE_INDEX #define FWPS_FIELD_INBOUND_ICMP_ERROR_V4_ARRIVAL_SUB_INTERFACE_INDEX \ FWPS_FIELD_INBOUND_ICMP_ERROR_V4_SUB_INTERFACE_INDEX #define FWPS_FIELD_INBOUND_ICMP_ERROR_V4_LOCAL_INTERFACE_TYPE \ FWPS_FIELD_INBOUND_ICMP_ERROR_V4_INTERFACE_TYPE #define FWPS_FIELD_INBOUND_ICMP_ERROR_V4_LOCAL_TUNNEL_TYPE \ FWPS_FIELD_INBOUND_ICMP_ERROR_V4_TUNNEL_TYPE #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) typedef enum FWPS_FIELDS_INBOUND_ICMP_ERROR_V6_ { FWPS_FIELD_INBOUND_ICMP_ERROR_V6_EMBEDDED_PROTOCOL, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_EMBEDDED_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_EMBEDDED_LOCAL_ADDRESS_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_EMBEDDED_LOCAL_PORT, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_EMBEDDED_REMOTE_PORT, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_ICMP_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_ICMP_CODE, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_INTERFACE_INDEX, // of local/delivery interface FWPS_FIELD_INBOUND_ICMP_ERROR_V6_SUB_INTERFACE_INDEX, // of arrival interface FWPS_FIELD_INBOUND_ICMP_ERROR_V6_INTERFACE_TYPE, // of local/delivery interface FWPS_FIELD_INBOUND_ICMP_ERROR_V6_TUNNEL_TYPE, // of local/delivery interface #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_INBOUND_ICMP_ERROR_V6_IP_ARRIVAL_INTERFACE, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_ARRIVAL_INTERFACE_INDEX, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_ARRIVAL_INTERFACE_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_ARRIVAL_TUNNEL_TYPE, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_INBOUND_ICMP_ERROR_V6_ARRIVAL_INTERFACE_PROFILE_ID, FWPS_FIELD_INBOUND_ICMP_ERROR_V6_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_ICMP_ERROR_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_INBOUND_ICMP_ERROR_V6_MAX } FWPS_FIELDS_INBOUND_ICMP_ERROR_V6; #if (NTDDI_VERSION >= NTDDI_WIN6SP1) #define FWPS_FIELD_INBOUND_ICMP_ERROR_V6_LOCAL_INTERFACE_INDEX \ FWPS_FIELD_INBOUND_ICMP_ERROR_V6_INTERFACE_INDEX #define FWPS_FIELD_INBOUND_ICMP_ERROR_V6_ARRIVAL_SUB_INTERFACE_INDEX \ FWPS_FIELD_INBOUND_ICMP_ERROR_V6_SUB_INTERFACE_INDEX #define FWPS_FIELD_INBOUND_ICMP_ERROR_V6_LOCAL_INTERFACE_TYPE \ FWPS_FIELD_INBOUND_ICMP_ERROR_V6_INTERFACE_TYPE #define FWPS_FIELD_INBOUND_ICMP_ERROR_V6_LOCAL_TUNNEL_TYPE \ FWPS_FIELD_INBOUND_ICMP_ERROR_V6_TUNNEL_TYPE #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) typedef enum FWPS_FIELDS_OUTBOUND_ICMP_ERROR_V4_ { FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_ICMP_TYPE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_ICMP_CODE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_SUB_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_INTERFACE_TYPE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_NEXTHOP_INTERFACE_PROFILE_ID, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V4_MAX } FWPS_FIELDS_OUTBOUND_ICMP_ERROR_V4; typedef enum FWPS_FIELDS_OUTBOUND_ICMP_ERROR_V6_ { FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_LOCAL_PORT, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_REMOTE_PORT, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_SUB_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_INTERFACE_TYPE, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_NEXTHOP_INTERFACE_PROFILE_ID, FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_MAX } FWPS_FIELDS_OUTBOUND_ICMP_ERROR_V6; #define FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_ICMP_TYPE \ FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_LOCAL_PORT #define FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_ICMP_CODE \ FWPS_FIELD_OUTBOUND_ICMP_ERROR_V6_IP_REMOTE_PORT typedef enum FWPS_FIELDS_ALE_RESOURCE_ASSIGNMENT_V4_ { FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_ALE_APP_ID, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_ALE_USER_ID, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_PROTOCOL, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_ALE_PROMISCUOUS_MODE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_FLAGS, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_INTERFACE_TYPE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_LOCAL_INTERFACE_PROFILE_ID, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_SIO_FIREWALL_SOCKET_PROPERTY, #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_RESERVED_0, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_RESERVED_1, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V4_MAX } FWPS_FIELDS_ALE_RESOURCE_ASSIGNMENT_V4; typedef enum FWPS_FIELDS_ALE_RESOURCE_ASSIGNMENT_V6_ { FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_ALE_APP_ID, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_ALE_USER_ID, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_PROTOCOL, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_ALE_PROMISCUOUS_MODE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_FLAGS, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_INTERFACE_TYPE, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_LOCAL_INTERFACE_PROFILE_ID, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_SIO_FIREWALL_SOCKET_PROPERTY, #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_RESERVED_0, FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_RESERVED_1, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_ASSIGNMENT_V6_MAX } FWPS_FIELDS_ALE_RESOURCE_ASSIGNMENT_V6; #if (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_ALE_RESOURCE_RELEASE_V4_ { FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_ALE_APP_ID, FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_ALE_USER_ID, FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_IP_PROTOCOL, FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_RELEASE_V4_MAX } FWPS_FIELDS_ALE_RESOURCE_RELEASE_V4; typedef enum FWPS_FIELDS_ALE_RESOURCE_RELEASE_V6_ { FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_ALE_APP_ID, FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_ALE_USER_ID, FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_IP_PROTOCOL, FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_RESOURCE_RELEASE_V6_MAX } FWPS_FIELDS_ALE_RESOURCE_RELEASE_V6; typedef enum FWPS_FIELDS_ALE_ENDPOINT_CLOSURE_V4_ { FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_ALE_APP_ID, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_ALE_USER_ID, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_IP_PROTOCOL, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_IP_REMOTE_PORT, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V4_MAX } FWPS_FIELDS_ALE_ENDPOINT_CLOSURE_V4; typedef enum FWPS_FIELDS_ALE_ENDPOINT_CLOSURE_V6_ { FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_ALE_APP_ID, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_ALE_USER_ID, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_IP_PROTOCOL, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_IP_REMOTE_PORT, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_ENDPOINT_CLOSURE_V6_MAX } FWPS_FIELDS_ALE_ENDPOINT_CLOSURE_V6; #endif // (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_ALE_AUTH_LISTEN_V4_ { FWPS_FIELD_ALE_AUTH_LISTEN_V4_ALE_APP_ID, FWPS_FIELD_ALE_AUTH_LISTEN_V4_ALE_USER_ID, FWPS_FIELD_ALE_AUTH_LISTEN_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_AUTH_LISTEN_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_LISTEN_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_AUTH_LISTEN_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_AUTH_LISTEN_V4_FLAGS, FWPS_FIELD_ALE_AUTH_LISTEN_V4_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_LISTEN_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_AUTH_LISTEN_V4_LOCAL_INTERFACE_PROFILE_ID, FWPS_FIELD_ALE_AUTH_LISTEN_V4_SIO_FIREWALL_SOCKET_PROPERTY, #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_AUTH_LISTEN_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_AUTH_LISTEN_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_AUTH_LISTEN_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_LISTEN_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_LISTEN_V4_MAX } FWPS_FIELDS_ALE_AUTH_LISTEN_V4; typedef enum FWPS_FIELDS_ALE_AUTH_LISTEN_V6_ { FWPS_FIELD_ALE_AUTH_LISTEN_V6_ALE_APP_ID, FWPS_FIELD_ALE_AUTH_LISTEN_V6_ALE_USER_ID, FWPS_FIELD_ALE_AUTH_LISTEN_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_AUTH_LISTEN_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_LISTEN_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_AUTH_LISTEN_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_AUTH_LISTEN_V6_FLAGS, FWPS_FIELD_ALE_AUTH_LISTEN_V6_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_LISTEN_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_AUTH_LISTEN_V6_LOCAL_INTERFACE_PROFILE_ID, FWPS_FIELD_ALE_AUTH_LISTEN_V6_SIO_FIREWALL_SOCKET_PROPERTY, #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_AUTH_LISTEN_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_AUTH_LISTEN_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_AUTH_LISTEN_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif //(NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_LISTEN_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_LISTEN_V6_MAX } FWPS_FIELDS_ALE_AUTH_LISTEN_V6; typedef enum FWPS_FIELDS_ALE_AUTH_RECV_ACCEPT_V4_ { FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_APP_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_USER_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_PROTOCOL, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_PORT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_REMOTE_MACHINE_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_FLAGS, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_SIO_FIREWALL_SYSTEM_PORT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_NAP_CONTEXT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_INTERFACE_TYPE, // of local/delivery interface FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_TUNNEL_TYPE, // of local/delivery interface FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_INTERFACE_INDEX, // of local/delivery interface FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_SUB_INTERFACE_INDEX, // of arrival interface #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_ARRIVAL_INTERFACE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ARRIVAL_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ARRIVAL_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ARRIVAL_INTERFACE_INDEX, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_NEXTHOP_SUB_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_NEXTHOP_INTERFACE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_NEXTHOP_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_NEXTHOP_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_NEXTHOP_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ORIGINAL_PROFILE_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_CURRENT_PROFILE_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_REAUTHORIZE_REASON, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ORIGINAL_ICMP_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_RESERVED_0, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_RESERVED_1, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_RESERVED_2, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_RESERVED_3, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_MAX } FWPS_FIELDS_ALE_AUTH_RECV_ACCEPT_V4; #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ICMP_TYPE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_PORT #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ICMP_CODE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_PORT #if (NTDDI_VERSION >= NTDDI_WIN6SP1) #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_LOCAL_INTERFACE_TYPE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_INTERFACE_TYPE #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_LOCAL_TUNNEL_TYPE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_TUNNEL_TYPE #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_LOCAL_INTERFACE_INDEX \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_INTERFACE_INDEX #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ARRIVAL_SUB_INTERFACE_INDEX \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_SUB_INTERFACE_INDEX #if (NTDDI_VERSION >= NTDDI_WIN7) #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_SIO_FIREWALL_SOCKET_PROPERTY \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_SIO_FIREWALL_SYSTEM_PORT #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) typedef enum FWPS_FIELDS_ALE_AUTH_RECV_ACCEPT_V6_ { FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_APP_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_USER_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_PROTOCOL, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_REMOTE_PORT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_REMOTE_MACHINE_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_FLAGS, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_SIO_FIREWALL_SYSTEM_PORT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_NAP_CONTEXT, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_INTERFACE_TYPE, // of local/delivery interface FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_TUNNEL_TYPE, // of local/delivery interface FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_INTERFACE_INDEX, // of local/delivery interface FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_SUB_INTERFACE_INDEX, // of arrival interface #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_ARRIVAL_INTERFACE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ARRIVAL_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ARRIVAL_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ARRIVAL_INTERFACE_INDEX, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_NEXTHOP_SUB_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_NEXTHOP_INTERFACE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_NEXTHOP_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_NEXTHOP_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_NEXTHOP_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ORIGINAL_PROFILE_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_CURRENT_PROFILE_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_REAUTHORIZE_REASON, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ORIGINAL_ICMP_TYPE, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_RESERVED_0, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_RESERVED_1, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_RESERVED_2, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_RESERVED_3, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_MAX } FWPS_FIELDS_ALE_AUTH_RECV_ACCEPT_V6; #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ICMP_TYPE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_LOCAL_PORT #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ICMP_CODE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_IP_REMOTE_PORT #if (NTDDI_VERSION >= NTDDI_WIN6SP1) #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_LOCAL_INTERFACE_TYPE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_INTERFACE_TYPE #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_LOCAL_TUNNEL_TYPE \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_TUNNEL_TYPE #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_LOCAL_INTERFACE_INDEX \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_INTERFACE_INDEX #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ARRIVAL_SUB_INTERFACE_INDEX \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_SUB_INTERFACE_INDEX #if (NTDDI_VERSION >= NTDDI_WIN7) #define FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_SIO_FIREWALL_SOCKET_PROPERTY \ FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_SIO_FIREWALL_SYSTEM_PORT #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_ALE_BIND_REDIRECT_V4_ { FWPS_FIELD_ALE_BIND_REDIRECT_V4_ALE_APP_ID, FWPS_FIELD_ALE_BIND_REDIRECT_V4_ALE_USER_ID, FWPS_FIELD_ALE_BIND_REDIRECT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_BIND_REDIRECT_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_BIND_REDIRECT_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_BIND_REDIRECT_V4_IP_PROTOCOL, FWPS_FIELD_ALE_BIND_REDIRECT_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_BIND_REDIRECT_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_BIND_REDIRECT_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_BIND_REDIRECT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_BIND_REDIRECT_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_BIND_REDIRECT_V4_MAX } FWPS_FIELDS_ALE_BIND_REDIRECT_V4; typedef enum FWPS_FIELDS_ALE_BIND_REDIRECT_V6_ { FWPS_FIELD_ALE_BIND_REDIRECT_V6_ALE_APP_ID, FWPS_FIELD_ALE_BIND_REDIRECT_V6_ALE_USER_ID, FWPS_FIELD_ALE_BIND_REDIRECT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_BIND_REDIRECT_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_BIND_REDIRECT_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_BIND_REDIRECT_V6_IP_PROTOCOL, FWPS_FIELD_ALE_BIND_REDIRECT_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_BIND_REDIRECT_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_BIND_REDIRECT_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_BIND_REDIRECT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_BIND_REDIRECT_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_BIND_REDIRECT_V6_MAX } FWPS_FIELDS_ALE_BIND_REDIRECT_V6; typedef enum FWPS_FIELDS_ALE_CONNECT_REDIRECT_V4_ { FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_ALE_APP_ID, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_ALE_USER_ID, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_PROTOCOL, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_REMOTE_PORT, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_ALE_ORIGINAL_APP_ID, FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_MAX } FWPS_FIELDS_ALE_CONNECT_REDIRECT_V4; #define FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_ICMP_TYPE \ FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_LOCAL_PORT #define FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_ICMP_CODE \ FWPS_FIELD_ALE_CONNECT_REDIRECT_V4_IP_REMOTE_PORT typedef enum FWPS_FIELDS_ALE_CONNECT_REDIRECT_V6_ { FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ALE_APP_ID, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ALE_USER_ID, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_PROTOCOL, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_REMOTE_PORT, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ALE_ORIGINAL_APP_ID, FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_MAX } FWPS_FIELDS_ALE_CONNECT_REDIRECT_V6; #define FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ICMP_TYPE \ FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_LOCAL_PORT #define FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_ICMP_CODE \ FWPS_FIELD_ALE_CONNECT_REDIRECT_V6_IP_REMOTE_PORT #endif // (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_ALE_AUTH_CONNECT_V4_ { FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_APP_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_USER_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_PROTOCOL, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_PORT, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_REMOTE_MACHINE_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_FLAGS, FWPS_FIELD_ALE_AUTH_CONNECT_V4_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_ALE_AUTH_CONNECT_V4_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V4_SUB_INTERFACE_INDEX, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_ARRIVAL_INTERFACE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ARRIVAL_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ARRIVAL_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ARRIVAL_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V4_NEXTHOP_SUB_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_NEXTHOP_INTERFACE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_NEXTHOP_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_NEXTHOP_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_NEXTHOP_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ORIGINAL_PROFILE_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V4_CURRENT_PROFILE_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V4_REAUTHORIZE_REASON, FWPS_FIELD_ALE_AUTH_CONNECT_V4_PEER_NAME, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ORIGINAL_ICMP_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_ORIGINAL_APP_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_EFFECTIVE_NAME, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_AUTH_CONNECT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_AUTH_CONNECT_V4_RESERVED_0, FWPS_FIELD_ALE_AUTH_CONNECT_V4_RESERVED_1, FWPS_FIELD_ALE_AUTH_CONNECT_V4_RESERVED_2, FWPS_FIELD_ALE_AUTH_CONNECT_V4_RESERVED_3, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_CONNECT_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_CONNECT_V4_MAX } FWPS_FIELDS_ALE_AUTH_CONNECT_V4; #define FWPS_FIELD_ALE_AUTH_CONNECT_V4_ICMP_TYPE \ FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_PORT #define FWPS_FIELD_ALE_AUTH_CONNECT_V4_ICMP_CODE \ FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_PORT typedef enum FWPS_FIELDS_ALE_AUTH_CONNECT_V6_ { FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_APP_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_USER_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_PROTOCOL, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_REMOTE_PORT, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_REMOTE_MACHINE_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_FLAGS, FWPS_FIELD_ALE_AUTH_CONNECT_V6_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_ALE_AUTH_CONNECT_V6_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V6_SUB_INTERFACE_INDEX, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_ARRIVAL_INTERFACE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ARRIVAL_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ARRIVAL_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ARRIVAL_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V6_NEXTHOP_SUB_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_NEXTHOP_INTERFACE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_NEXTHOP_INTERFACE_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_NEXTHOP_TUNNEL_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_NEXTHOP_INTERFACE_INDEX, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ORIGINAL_PROFILE_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_CURRENT_PROFILE_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_REAUTHORIZE_REASON, FWPS_FIELD_ALE_AUTH_CONNECT_V6_PEER_NAME, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ORIGINAL_ICMP_TYPE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_INTERFACE_QUARANTINE_EPOCH, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_ORIGINAL_APP_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_EFFECTIVE_NAME, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_AUTH_CONNECT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_AUTH_CONNECT_V6_RESERVED_0, FWPS_FIELD_ALE_AUTH_CONNECT_V6_RESERVED_1, FWPS_FIELD_ALE_AUTH_CONNECT_V6_RESERVED_2, FWPS_FIELD_ALE_AUTH_CONNECT_V6_RESERVED_3, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_CONNECT_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_AUTH_CONNECT_V6_MAX } FWPS_FIELDS_ALE_AUTH_CONNECT_V6; #define FWPS_FIELD_ALE_AUTH_CONNECT_V6_ICMP_TYPE \ FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_LOCAL_PORT #define FWPS_FIELD_ALE_AUTH_CONNECT_V6_ICMP_CODE \ FWPS_FIELD_ALE_AUTH_CONNECT_V6_IP_REMOTE_PORT typedef enum FWPS_FIELDS_ALE_FLOW_ESTABLISHED_V4_ { FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_APP_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_USER_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_LOCAL_PORT, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_PROTOCOL, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_REMOTE_PORT, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_REMOTE_MACHINE_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_DIRECTION, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_INTERFACE_TYPE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_ORIGINAL_APP_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_RESERVED_0, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_RESERVED_1, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_RESERVED_2, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_RESERVED_3, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_MAX } FWPS_FIELDS_ALE_FLOW_ESTABLISHED_V4; #define FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ICMP_TYPE \ FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_LOCAL_PORT #define FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ICMP_CODE \ FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_IP_REMOTE_PORT typedef enum FWPS_FIELDS_ALE_FLOW_ESTABLISHED_V6_ { FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_APP_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_USER_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_LOCAL_PORT, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_PROTOCOL, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_REMOTE_PORT, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_REMOTE_MACHINE_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_DIRECTION, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_INTERFACE_TYPE, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_TUNNEL_TYPE, #if (NTDDI_VERSION >= NTDDI_WIN6SP1) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_ORIGINAL_APP_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_PACKAGE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) // // These reserved fields MUST be in this order. DO NOT change their order // FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_RESERVED_0, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_RESERVED_1, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_RESERVED_2, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_RESERVED_3, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5) #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_PACKAGE_FAMILY_NAME, #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_MAX } FWPS_FIELDS_ALE_FLOW_ESTABLISHED_V6; #define FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ICMP_TYPE \ FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_LOCAL_PORT #define FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ICMP_CODE \ FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_IP_REMOTE_PORT #if (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_NAME_RESOLUTION_CACHE_V4_ { FWPS_FIELD_NAME_RESOLUTION_CACHE_V4_ALE_USER_ID, FWPS_FIELD_NAME_RESOLUTION_CACHE_V4_ALE_APP_ID, FWPS_FIELD_NAME_RESOLUTION_CACHE_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_NAME_RESOLUTION_CACHE_V4_PEER_NAME, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_NAME_RESOLUTION_CACHE_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_NAME_RESOLUTION_CACHE_V4_MAX } FWPS_FIELDS_NAME_RESOLUTION_CACHE_V4; typedef enum FWPS_FIELDS_NAME_RESOLUTION_CACHE_V6_ { FWPS_FIELD_NAME_RESOLUTION_CACHE_V6_ALE_USER_ID, FWPS_FIELD_NAME_RESOLUTION_CACHE_V6_ALE_APP_ID, FWPS_FIELD_NAME_RESOLUTION_CACHE_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_NAME_RESOLUTION_CACHE_V6_PEER_NAME, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_NAME_RESOLUTION_CACHE_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_NAME_RESOLUTION_CACHE_V6_MAX } FWPS_FIELDS_NAME_RESOLUTION_CACHE_V6; #if (NTDDI_VERSION >= NTDDI_WIN8) typedef enum FWPS_FIELDS_INBOUND_MAC_FRAME_ETHERNET_ { FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_INTERFACE_MAC_ADDRESS, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_MAC_LOCAL_ADDRESS, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_MAC_REMOTE_ADDRESS, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_MAC_LOCAL_ADDRESS_TYPE, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_MAC_REMOTE_ADDRESS_TYPE, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_ETHER_TYPE, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_VLAN_ID, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_INTERFACE, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_INTERFACE_INDEX, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_NDIS_PORT, FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_MAC_FRAME_ETHERNET_MAX } FWPS_FIELDS_INBOUND_MAC_FRAME_ETHERNET; typedef enum FWPS_FIELDS_OUTBOUND_MAC_FRAME_ETHERNET_ { FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_INTERFACE_MAC_ADDRESS, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_MAC_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_MAC_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_MAC_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_MAC_REMOTE_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_ETHER_TYPE, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_VLAN_ID, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_INTERFACE, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_NDIS_PORT, FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_MAC_FRAME_ETHERNET_MAX } FWPS_FIELDS_OUTBOUND_MAC_FRAME_ETHERNET; typedef enum FWPS_FIELDS_INBOUND_MAC_FRAME_NATIVE_ { FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_NDIS_MEDIA_TYPE, FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_NDIS_PHYSICAL_MEDIA_TYPE, FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_INTERFACE, FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_INTERFACE_TYPE, FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_INTERFACE_INDEX, FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_NDIS_PORT, FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_MAX } FWPS_FIELDS_INBOUND_MAC_FRAME_NATIVE; #if (NTDDI_VERSION >= NTDDI_WINBLUE) typedef enum FWPS_FIELDS_INBOUND_MAC_FRAME_NATIVE_FAST_ { FWPS_FIELD_INBOUND_MAC_FRAME_NATIVE_FAST_MAX } FWPS_FIELDS_INBOUND_MAC_FRAME_NATIVE_FAST; #endif // (NTDDI_VERSION >= NTDDI_WINBLUE) typedef enum FWPS_FIELDS_OUTBOUND_MAC_FRAME_NATIVE_ { FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_NDIS_MEDIA_TYPE, FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_NDIS_PHYSICAL_MEDIA_TYPE, FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_INTERFACE, FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_INTERFACE_TYPE, FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_INTERFACE_INDEX, FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_NDIS_PORT, FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_MAX } FWPS_FIELDS_OUTBOUND_MAC_FRAME_NATIVE; #if (NTDDI_VERSION >= NTDDI_WINBLUE) typedef enum FWPS_FIELDS_OUTBOUND_MAC_FRAME_NATIVE_FAST { FWPS_FIELD_OUTBOUND_MAC_FRAME_NATIVE_FAST_MAX } FWPS_FIELDS_OUTBOUND_MAC_FRAME_NATIVE_FAST; #endif // (NTDDI_VERSION >= NTDDI_WINBLUE) typedef enum FWPS_FIELDS_INGRESS_VSWITCH_ETHERNET_ { FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_MAC_SOURCE_ADDRESS, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_MAC_SOURCE_ADDRESS_TYPE, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_MAC_DESTINATION_ADDRESS, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_MAC_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_ETHER_TYPE, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_VLAN_ID, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_VSWITCH_TENANT_NETWORK_ID, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_VSWITCH_ID, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_VSWITCH_NETWORK_TYPE, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_VSWITCH_SOURCE_INTERFACE_ID, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_VSWITCH_SOURCE_INTERFACE_TYPE, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_VSWITCH_SOURCE_VM_ID, FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INGRESS_VSWITCH_ETHERNET_MAX } FWPS_FIELDS_INGRESS_VSWITCH_ETHERNET; typedef enum FWPS_FIELDS_EGRESS_VSWITCH_ETHERNET_ { FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_MAC_SOURCE_ADDRESS, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_MAC_SOURCE_ADDRESS_TYPE, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_MAC_DESTINATION_ADDRESS, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_MAC_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_ETHER_TYPE, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VLAN_ID, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_TENANT_NETWORK_ID, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_ID, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_NETWORK_TYPE, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_SOURCE_INTERFACE_ID, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_SOURCE_INTERFACE_TYPE, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_SOURCE_VM_ID, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_DESTINATION_INTERFACE_ID, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_DESTINATION_INTERFACE_TYPE, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_VSWITCH_DESTINATION_VM_ID, FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_EGRESS_VSWITCH_ETHERNET_MAX } FWPS_FIELDS_EGRESS_VSWITCH_ETHERNET; typedef enum FWPS_FIELDS_INGRESS_VSWITCH_TRANSPORT_V4_ { FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_IP_SOURCE_ADDRESS, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_IP_DESTINATION_ADDRESS, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_IP_PROTOCOL, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_IP_SOURCE_PORT, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_IP_DESTINATION_PORT, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_VLAN_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_TENANT_NETWORK_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_NETWORK_TYPE, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_SOURCE_INTERFACE_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_SOURCE_INTERFACE_TYPE, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_SOURCE_VM_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_MAX } FWPS_FIELDS_INGRESS_VSWITCH_TRANSPORT_V4; #define FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_ICMP_TYPE \ FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_IP_SOURCE_PORT #define FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_ICMP_CODE \ FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V4_IP_DESTINATION_PORT typedef enum FWPS_FIELDS_INGRESS_VSWITCH_TRANSPORT_V6_ { FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_IP_SOURCE_ADDRESS, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_IP_DESTINATION_ADDRESS, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_IP_PROTOCOL, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_IP_SOURCE_PORT, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_IP_DESTINATION_PORT, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_VLAN_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_TENANT_NETWORK_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_NETWORK_TYPE, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_SOURCE_INTERFACE_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_SOURCE_INTERFACE_TYPE, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_SOURCE_VM_ID, FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_MAX } FWPS_FIELDS_INGRESS_VSWITCH_TRANSPORT_V6; #define FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_ICMP_TYPE \ FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_IP_SOURCE_PORT #define FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_ICMP_CODE \ FWPS_FIELD_INGRESS_VSWITCH_TRANSPORT_V6_IP_DESTINATION_PORT typedef enum FWPS_FIELDS_EGRESS_VSWITCH_TRANSPORT_V4_ { FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_IP_SOURCE_ADDRESS, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_IP_DESTINATION_ADDRESS, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_IP_PROTOCOL, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_IP_SOURCE_PORT, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_IP_DESTINATION_PORT, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VLAN_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_TENANT_NETWORK_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_NETWORK_TYPE, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_SOURCE_INTERFACE_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_SOURCE_INTERFACE_TYPE, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_SOURCE_VM_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_DESTINATION_INTERFACE_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_DESTINATION_INTERFACE_TYPE, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_VSWITCH_DESTINATION_VM_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_MAX } FWPS_FIELDS_EGRESS_VSWITCH_TRANSPORT_V4; #define FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_ICMP_TYPE \ FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_IP_SOURCE_PORT #define FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_ICMP_CODE \ FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V4_IP_DESTINATION_PORT typedef enum FWPS_FIELDS_EGRESS_VSWITCH_TRANSPORT_V6_ { FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_IP_SOURCE_ADDRESS, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_IP_DESTINATION_ADDRESS, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_IP_PROTOCOL, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_IP_SOURCE_PORT, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_IP_DESTINATION_PORT, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VLAN_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_TENANT_NETWORK_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_NETWORK_TYPE, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_SOURCE_INTERFACE_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_SOURCE_INTERFACE_TYPE, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_SOURCE_VM_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_DESTINATION_INTERFACE_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_DESTINATION_INTERFACE_TYPE, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_VSWITCH_DESTINATION_VM_ID, FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_L2_FLAGS, #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_COMPARTMENT_ID, #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_MAX } FWPS_FIELDS_EGRESS_VSWITCH_TRANSPORT_V6; #define FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_ICMP_TYPE \ FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_IP_SOURCE_PORT #define FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_ICMP_CODE \ FWPS_FIELD_EGRESS_VSWITCH_TRANSPORT_V6_IP_DESTINATION_PORT #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_IPSEC_KM_DEMUX_V4_ { FWPS_FIELD_IPSEC_KM_DEMUX_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_IPSEC_KM_DEMUX_V4_IP_REMOTE_ADDRESS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_IPSEC_KM_DEMUX_V4_QM_MODE, FWPS_FIELD_IPSEC_KM_DEMUX_V4_IP_LOCAL_INTERFACE, FWPS_FIELD_IPSEC_KM_DEMUX_V4_CURRENT_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_KM_DEMUX_V4_IPSEC_SECURITY_REALM_ID, #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_IPSEC_KM_DEMUX_V4_MAX } FWPS_FIELDS_IPSEC_KM_DEMUX_V4; typedef enum FWPS_FIELDS_IPSEC_KM_DEMUX_V6_ { FWPS_FIELD_IPSEC_KM_DEMUX_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_IPSEC_KM_DEMUX_V6_IP_REMOTE_ADDRESS, #if (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_IPSEC_KM_DEMUX_V6_QM_MODE, FWPS_FIELD_IPSEC_KM_DEMUX_V6_IP_LOCAL_INTERFACE, FWPS_FIELD_IPSEC_KM_DEMUX_V6_CURRENT_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_KM_DEMUX_V6_IPSEC_SECURITY_REALM_ID, #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN8) FWPS_FIELD_IPSEC_KM_DEMUX_V6_MAX } FWPS_FIELDS_IPSEC_KM_DEMUX_V6; typedef enum FWPS_FIELDS_IPSEC_V4_ { FWPS_FIELD_IPSEC_V4_IP_PROTOCOL, FWPS_FIELD_IPSEC_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_IPSEC_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_IPSEC_V4_IP_LOCAL_PORT, FWPS_FIELD_IPSEC_V4_IP_REMOTE_PORT, FWPS_FIELD_IPSEC_V4_IP_LOCAL_INTERFACE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPSEC_V4_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_IPSEC_V4_IPSEC_SECURITY_REALM_ID, #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPSEC_V4_MAX } FWPS_FIELDS_IPSEC_V4; typedef enum FWPS_FIELDS_IPSEC_V6_ { FWPS_FIELD_IPSEC_V6_IP_PROTOCOL, FWPS_FIELD_IPSEC_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_IPSEC_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_IPSEC_V6_IP_LOCAL_PORT, FWPS_FIELD_IPSEC_V6_IP_REMOTE_PORT, FWPS_FIELD_IPSEC_V6_IP_LOCAL_INTERFACE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPSEC_V6_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_IPSEC_V6_IPSEC_SECURITY_REALM_ID, #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IPSEC_V6_MAX } FWPS_FIELDS_IPSEC_V6; typedef enum FWPS_FIELDS_IKEEXT_V4_ { FWPS_FIELD_IKEEXT_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_IKEEXT_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_IKEEXT_V4_IP_LOCAL_INTERFACE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IKEEXT_V4_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_IKEEXT_V4_IPSEC_SECURITY_REALM_ID, #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IKEEXT_V4_MAX } FWPS_FIELDS_IKEEXT_V4; typedef enum FWPS_FIELDS_IKEEXT_V6_ { FWPS_FIELD_IKEEXT_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_IKEEXT_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_IKEEXT_V6_IP_LOCAL_INTERFACE, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IKEEXT_V6_PROFILE_ID, #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) FWPS_FIELD_IKEEXT_V6_IPSEC_SECURITY_REALM_ID, #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_FIELD_IKEEXT_V6_MAX } FWPS_FIELDS_IKEEXT_V6; typedef enum FWPS_FIELDS_RPC_UM_ { FWPS_FIELD_RPC_UM_REMOTE_USER_TOKEN, FWPS_FIELD_RPC_UM_IF_UUID, FWPS_FIELD_RPC_UM_IF_VERSION, FWPS_FIELD_RPC_UM_IF_FLAG, FWPS_FIELD_RPC_UM_DCOM_APP_ID, FWPS_FIELD_RPC_UM_IMAGE_NAME, FWPS_FIELD_RPC_UM_PROTOCOL, FWPS_FIELD_RPC_UM_AUTH_TYPE, FWPS_FIELD_RPC_UM_AUTH_LEVEL, FWPS_FIELD_RPC_UM_SEC_ENCRYPT_ALGORITHM, FWPS_FIELD_RPC_UM_SEC_KEY_SIZE, FWPS_FIELD_RPC_UM_LOCAL_ADDR_V4, FWPS_FIELD_RPC_UM_LOCAL_ADDR_V6, FWPS_FIELD_RPC_UM_LOCAL_PORT, FWPS_FIELD_RPC_UM_PIPE, FWPS_FIELD_RPC_UM_REMOTE_ADDR_V4, FWPS_FIELD_RPC_UM_REMOTE_ADDR_V6, #if (NTDDI_VERSION >= NTDDI_WIN11_GA) FWPS_FIELD_RPC_UM_RPC_OPNUM, #endif // (NTDDI_VERSION >= NTDDI_WIN11_GA) FWPS_FIELD_RPC_UM_MAX } FWPS_FIELDS_RPC_UM; typedef enum FWPS_FIELDS_RPC_EPMAP_ { FWPS_FIELD_RPC_EPMAP_REMOTE_USER_TOKEN, FWPS_FIELD_RPC_EPMAP_IF_UUID, FWPS_FIELD_RPC_EPMAP_IF_VERSION, FWPS_FIELD_RPC_EPMAP_PROTOCOL, FWPS_FIELD_RPC_EPMAP_AUTH_TYPE, FWPS_FIELD_RPC_EPMAP_AUTH_LEVEL, FWPS_FIELD_RPC_EPMAP_SEC_ENCRYPT_ALGORITHM, FWPS_FIELD_RPC_EPMAP_SEC_KEY_SIZE, FWPS_FIELD_RPC_EPMAP_LOCAL_ADDR_V4, FWPS_FIELD_RPC_EPMAP_LOCAL_ADDR_V6, FWPS_FIELD_RPC_EPMAP_LOCAL_PORT, FWPS_FIELD_RPC_EPMAP_PIPE, FWPS_FIELD_RPC_EPMAP_REMOTE_ADDR_V4, FWPS_FIELD_RPC_EPMAP_REMOTE_ADDR_V6, FWPS_FIELD_RPC_EPMAP_MAX } FWPS_FIELDS_RPC_EPMAP; typedef enum FWPS_FIELDS_RPC_EP_ADD_ { FWPS_FIELD_RPC_EP_ADD_PROCESS_WITH_RPC_IF_UUID, FWPS_FIELD_RPC_EP_ADD_PROTOCOL, FWPS_FIELD_RPC_EP_ADD_EP_VALUE, FWPS_FIELD_RPC_EP_ADD_EP_FLAGS, FWPS_FIELD_RPC_EP_ADD_MAX } FWPS_FIELDS_RPC_EP_ADD; typedef enum FWPS_FIELDS_RPC_PROXY_CONN_ { FWPS_FIELD_RPC_PROXY_CONN_CLIENT_TOKEN, FWPS_FIELD_RPC_PROXY_CONN_SERVER_NAME, FWPS_FIELD_RPC_PROXY_CONN_SERVER_PORT, FWPS_FIELD_RPC_PROXY_CONN_PROXY_AUTH_TYPE, FWPS_FIELD_RPC_PROXY_CONN_CLIENT_CERT_KEY_LENGTH, FWPS_FIELD_RPC_PROXY_CONN_CLIENT_CERT_OID, FWPS_FIELD_RPC_PROXY_CONN_MAX } FWPS_FIELDS_RPC_PROXY_CONN; typedef enum FWPS_FIELDS_RPC_PROXY_IF_ { FWPS_FIELD_RPC_PROXY_IF_CLIENT_TOKEN, FWPS_FIELD_RPC_PROXY_IF_IF_UUID, FWPS_FIELD_RPC_PROXY_IF_IF_VERSION, FWPS_FIELD_RPC_PROXY_IF_SERVER_NAME, FWPS_FIELD_RPC_PROXY_IF_SERVER_PORT, FWPS_FIELD_RPC_PROXY_IF_PROXY_AUTH_TYPE, FWPS_FIELD_RPC_PROXY_IF_CLIENT_CERT_KEY_LENGTH, FWPS_FIELD_RPC_PROXY_IF_CLIENT_CERT_OID, FWPS_FIELD_RPC_PROXY_IF_MAX } FWPS_FIELDS_RPC_PROXY_IF_IF; #if (NTDDI_VERSION >= NTDDI_WIN7) typedef enum FWPS_FIELDS_KM_AUTHORIZATION_ { FWPS_FIELD_KM_AUTHORIZATION_REMOTE_ID, FWPS_FIELD_KM_AUTHORIZATION_AUTHENTICATION_TYPE, FWPS_FIELD_KM_AUTHORIZATION_KM_TYPE, FWPS_FIELD_KM_AUTHORIZATION_DIRECTION, FWPS_FIELD_KM_AUTHORIZATION_KM_MODE, FWPS_FIELD_KM_AUTHORIZATION_IPSEC_POLICY_KEY, FWPS_FIELD_KM_AUTHORIZATION_NAP_CONTEXT, FWPS_FIELD_KM_AUTHORIZATION_MAX, } FWPS_FIELDS_KM_AUTHORIZATION; #endif #if (NTDDI_VERSION >= NTDDI_WIN10_RS3) typedef enum FWPS_FIELDS_INBOUND_RESERVED2_ { FWPS_FIELD_INBOUND_RESERVED2_RESERVED0, FWPS_FIELD_INBOUND_RESERVED2_RESERVED1, FWPS_FIELD_INBOUND_RESERVED2_RESERVED2, FWPS_FIELD_INBOUND_RESERVED2_RESERVED3, FWPS_FIELD_INBOUND_RESERVED2_RESERVED4, FWPS_FIELD_INBOUND_RESERVED2_RESERVED5, FWPS_FIELD_INBOUND_RESERVED2_RESERVED6, FWPS_FIELD_INBOUND_RESERVED2_RESERVED7, FWPS_FIELD_INBOUND_RESERVED2_RESERVED8, FWPS_FIELD_INBOUND_RESERVED2_RESERVED9, FWPS_FIELD_INBOUND_RESERVED2_RESERVED10, FWPS_FIELD_INBOUND_RESERVED2_RESERVED11, FWPS_FIELD_INBOUND_RESERVED2_RESERVED12, #if (NTDDI_VERSION >= NTDDI_WIN10_19H1) FWPS_FIELD_INBOUND_RESERVED2_RESERVED13, FWPS_FIELD_INBOUND_RESERVED2_RESERVED14, FWPS_FIELD_INBOUND_RESERVED2_RESERVED15, #endif FWPS_FIELD_INBOUND_RESERVED2_MAX, } FWPS_FIELDS_INBOUND_RESERVED2; #endif //(NTDDI_VERSION >= NTDDI_WIN10_RS3) #if (NTDDI_VERSION >= NTDDI_WIN10_NI) typedef enum FWPS_FIELDS_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ { FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ALE_APP_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ALE_USER_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_LOCAL_PORT, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_PROTOCOL, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_REMOTE_PORT, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_FLAGS, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ALE_ORIGINAL_APP_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ALE_PACKAGE_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_COMPARTMENT_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_MAX } FWPS_FIELDS_OUTBOUND_NETWORK_POLICY_V4; #define FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ICMP_TYPE \ FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_LOCAL_PORT #define FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_ICMP_CODE \ FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V4_IP_REMOTE_PORT typedef enum FWPS_FIELDS_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ { FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ALE_APP_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ALE_USER_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_LOCAL_ADDRESS, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_LOCAL_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_LOCAL_PORT, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_PROTOCOL, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_REMOTE_ADDRESS, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_DESTINATION_ADDRESS_TYPE, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_REMOTE_PORT, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_FLAGS, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ALE_ORIGINAL_APP_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ALE_PACKAGE_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_COMPARTMENT_ID, FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_MAX } FWPS_FIELDS_OUTBOUND_NETWORK_POLICY_V6; #define FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ICMP_TYPE \ FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_LOCAL_PORT #define FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_ICMP_CODE \ FWPS_FIELD_OUTBOUND_NETWORK_CONNECTION_POLICY_V6_IP_REMOTE_PORT #endif //(NTDDI_VERSION >= NTDDI_WIN10_NI) /////////////////////////////////////////////////////////////////////////////// // // Network and transport discard reasons. // /////////////////////////////////////////////////////////////////////////////// // // INET_DISCARD_REASON // // Define the reasons given by INET modules for discarding incoming datagrams. // #ifndef _INET_DISCARD_REASON_DEFINE_ #define _INET_DISCARD_REASON_DEFINE_ typedef enum { InetDiscardSourceUnspecified = 0, InetDiscardDestinationMulticast = 1, InetDiscardHeaderInvalid = 2, InetDiscardChecksumInvalid = 3, InetDiscardEndpointNotFound = 4, InetDiscardConnectedPath = 5, InetDiscardSessionState = 6, InetDiscardReceiveInspection = 7, InetDiscardAckInvalid = 8, InetDiscardExpectedSyn = 9, InetDiscardRst = 10, InetDiscardSynRcvdSyn = 11, InetDiscardSimultaneousConnect = 12, InetDiscardPawsFailed = 13, InetDiscardLandAttack = 14, InetDiscardMissedReset = 15, InetDiscardOutsideWindow = 16, InetDiscardDuplicateSegment = 17, InetDiscardClosedWindow = 18, InetDiscardTcbRemoved = 19, InetDiscardFinWait2 = 20, InetDiscardReassemblyConflict = 21, InetDiscardFinReceived = 22, InetDiscardListenerInvalidFlags = 23, InetDiscardUrgentDeliveryAllocationFailure = 24, InetDiscardTcbNotInTcbTable = 25, InetDiscardTimeWaitTcbReceivedRstOutsideWindow = 26, InetDiscardTimeWaitTcbSynAndOtherFlags = 27, InetDiscardTimeWaitTcb = 28, InetDiscardSynAckWithFastopenCookieRequest = 29, InetDiscardPauseAccept = 30, InetDiscardSynAttack = 31, InetDiscardAcceptInspection = 32, InetDiscardAcceptRedirection = 33, InetDiscardReasonMaxEnumValue } INET_DISCARD_REASON, *PINET_DISCARD_REASON; #endif #ifndef _IP_DISCARD_REASON_DEFINE_ #define _IP_DISCARD_REASON_DEFINE_ typedef enum { // // Receive path discard reasons. // IpDiscardBadSourceAddress = 1, IpDiscardNotLocallyDestined, IpDiscardProtocolUnreachable, IpDiscardPortUnreachable, IpDiscardBadLength, IpDiscardMalformedHeader, IpDiscardNoRoute, IpDiscardBeyondScope, IpDiscardInspectionDrop, // Blocked by firewall, ICMP should not be sent. IpDiscardTooManyDecapsulations, IpDiscardAdministrativelyProhibited, // Blocked, ICMP should be sent. IpDiscardBadChecksum, IpDiscardFirstFragmentIncomplete, IpDiscardHeaderNotContiguous, IpDiscardHeaderNotAligned, IpDiscardReceivePathMax = 127, // // Forward path discard reasons. // IpDiscardHopLimitExceeded, IpDiscardAddressUnreachable, IpDiscardRscPacket, IpDiscardSourceViolation, IpDiscardForwardPathMax = 255, // // Internally used discard reasons. // IpDiscardArbitrationUnhandled, IpDiscardInspectionAbsorb, // WFP took ownership of the packet. // // Send path discard reasons not covered above. // IpDiscardDontFragmentMtuExceeded, IpDiscardBufferLengthExceeded, IpDiscardAddressResolutionTimeout, IpDiscardAddressResolutionFailure, IpDiscardIpsecFailure, IpDiscardExtensionHeadersFailure, IpDiscardAllocationFailure, // // Discard reasons common to all paths. // IpDiscardIpsnpiClientDrop, IpDiscardUnsupportedOffload, IpDiscardRoutingFailure, IpDiscardAncillaryDataFailure, IpDiscardRawDataFailure, IpDiscardSessionStateFailure, IpDiscardIpsnpiAllocationFailure, IpDiscardIpsnpiModifiedButNotForwarded, IpDiscardIpsnpiNoNextHop, IpDiscardIpsnpiNoCompartment, IpDiscardIpsnpiNoInterface, IpDiscardIpsnpiNoSubInterface, IpDiscardIpsnpiInterfaceDisabled, IpDiscardIpsnpiSegmentationFailed, IpDiscardIpsnpiNoEthernetHeader, IpDiscardIpsnpiUnexpectedFragment, IpDiscardIpsnpiUnsupportedInterfaceType, IpDiscardIpsnpiInvalidLsoInfo, IpDiscardIpsnpiInvalidUsoInfo, IpDiscardInternalError, IpDiscardAdministrativelyConfigured, IpDiscardBadOption, IpDiscardLoopbackDisallowed, IpDiscardSmallerScope, IpDiscardQueueFull, IpDiscardInterfaceDisabled, IpDiscardNlClientDiscard, IpDiscardIpsnpiUroSegmentSizeExceedsMtu, IpDiscardSwUsoFailure, IpDiscardMax } IP_DISCARD_REASON, *PIP_DISCARD_REASON; #endif /////////////////////////////////////////////////////////////////////////////// // // API for implementing a callout. // /////////////////////////////////////////////////////////////////////////////// ////////// // Flags that can specified which entries are present // in the FWPS_INCOMING_METADATA_VALUES0 structure. ////////// #define FWPS_METADATA_FIELD_DISCARD_REASON 0x00000001 #define FWPS_METADATA_FIELD_FLOW_HANDLE 0x00000002 #define FWPS_METADATA_FIELD_IP_HEADER_SIZE 0x00000004 #define FWPS_METADATA_FIELD_PROCESS_PATH 0x00000008 #define FWPS_METADATA_FIELD_TOKEN 0x00000010 #define FWPS_METADATA_FIELD_PROCESS_ID 0x00000020 #define FWPS_METADATA_FIELD_SYSTEM_FLAGS 0x00000040 #define FWPS_METADATA_FIELD_RESERVED 0x00000080 #define FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX 0x00000100 #define FWPS_METADATA_FIELD_DESTINATION_INTERFACE_INDEX 0x00000200 #define FWPS_METADATA_FIELD_TRANSPORT_HEADER_SIZE 0x00000400 #define FWPS_METADATA_FIELD_COMPARTMENT_ID 0x00000800 #define FWPS_METADATA_FIELD_FRAGMENT_DATA 0x00001000 #define FWPS_METADATA_FIELD_PATH_MTU 0x00002000 #define FWPS_METADATA_FIELD_COMPLETION_HANDLE 0x00004000 #define FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE 0x00008000 #define FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA 0x00010000 #define FWPS_METADATA_FIELD_REMOTE_SCOPE_ID 0x00020000 #define FWPS_METADATA_FIELD_PACKET_DIRECTION 0x00040000 #if (NTDDI_VERSION >= NTDDI_WIN6SP1) #define FWPS_METADATA_FIELD_PACKET_SYSTEM_CRITICAL 0x00080000 #define FWPS_METADATA_FIELD_FORWARD_LAYER_OUTBOUND_PASS_THRU 0x00100000 #define FWPS_METADATA_FIELD_FORWARD_LAYER_INBOUND_PASS_THRU 0x00200000 #define FWPS_METADATA_FIELD_ALE_CLASSIFY_REQUIRED 0x00400000 #define FWPS_METADATA_FIELD_TRANSPORT_HEADER_INCLUDE_HEADER 0x00800000 #if (NTDDI_VERSION >= NTDDI_WIN7) #define FWPS_METADATA_FIELD_DESTINATION_PREFIX 0x01000000 #define FWPS_METADATA_FIELD_ETHER_FRAME_LENGTH 0x02000000 #define FWPS_METADATA_FIELD_PARENT_ENDPOINT_HANDLE 0x04000000 #define FWPS_METADATA_FIELD_ICMP_ID_AND_SEQUENCE 0x08000000 #define FWPS_METADATA_FIELD_LOCAL_REDIRECT_TARGET_PID 0x10000000 #define FWPS_METADATA_FIELD_ORIGINAL_DESTINATION 0x20000000 #if (NTDDI_VERSION >= NTDDI_WIN8) #define FWPS_METADATA_FIELD_REDIRECT_RECORD_HANDLE 0x40000000 #define FWPS_METADATA_FIELD_SUB_PROCESS_TAG 0x80000000 #define FWPS_L2_METADATA_FIELD_ETHERNET_MAC_HEADER_SIZE 0x00000001 #define FWPS_L2_METADATA_FIELD_WIFI_OPERATION_MODE 0x00000002 #define FWPS_L2_METADATA_FIELD_VSWITCH_SOURCE_PORT_ID 0x00000004 #define FWPS_L2_METADATA_FIELD_VSWITCH_SOURCE_NIC_INDEX 0x00000008 #define FWPS_L2_METADATA_FIELD_VSWITCH_PACKET_CONTEXT 0x00000010 #define FWPS_L2_METADATA_FIELD_VSWITCH_DESTINATION_PORT_ID 0x00000020 #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WINBLUE) #define FWPS_L2_METADATA_FIELD_RESERVED 0x80000000 #endif // (NTDDI_VERSION >= NTDDI_WINBLUE) // Provides additional meta-information to the filter engine. This information // is not processed by the filter engine, but is supplied to the callouts. // Unlike the FWPS_INCOMING_VALUES0, the schema of the meta-information is not // fixed. Callouts should not assume that a given FWPS_METADATA_FIELD is // present or that it is located at a given index in the array. typedef struct FWPS_INCOMING_METADATA_VALUES0_ { // Bitmask representing which values are set. UINT32 currentMetadataValues; // Internal flags; UINT32 flags; // Reserved for system use. UINT64 reserved; // Discard module and reason. FWPS_DISCARD_METADATA0 discardMetadata; // Flow Handle. UINT64 flowHandle; // IP Header size. UINT32 ipHeaderSize; // Transport Header size UINT32 transportHeaderSize; // Process Path. FWP_BYTE_BLOB* processPath; // Token used for authorization. UINT64 token; // Process Id. UINT64 processId; // Source and Destination interface indices for discard indications. UINT32 sourceInterfaceIndex; UINT32 destinationInterfaceIndex; // Compartment Id for injection APIs. ULONG compartmentId; // Fragment data for inbound fragments. FWPS_INBOUND_FRAGMENT_METADATA0 fragmentMetadata; // Path MTU for outbound packets (to enable calculation of fragments). ULONG pathMtu; // Completion handle (required in order to be able to pend at this layer). HANDLE completionHandle; // Endpoint handle for use in outbound transport layer injection. UINT64 transportEndpointHandle; // Remote scope id for use in outbound transport layer injection. SCOPE_ID remoteScopeId; // Socket control data (and length) for use in outbound transport layer injection. WSACMSGHDR* controlData; ULONG controlDataLength; // Direction for the current packet. Only specified for ALE re-authorization. FWP_DIRECTION packetDirection; #if (NTDDI_VERSION >= NTDDI_WIN6SP1) // Raw IP header (and length) if the packet is sent with IP header from a RAW socket. PVOID headerIncludeHeader; ULONG headerIncludeHeaderLength; #if (NTDDI_VERSION >= NTDDI_WIN7) IP_ADDRESS_PREFIX destinationPrefix; UINT16 frameLength; UINT64 parentEndpointHandle; UINT32 icmpIdAndSequence; // PID of the process that will be accepting the redirected connection DWORD localRedirectTargetPID; // original destination of a redirected connection SOCKADDR* originalDestination; #if (NTDDI_VERSION >= NTDDI_WIN8) HANDLE redirectRecords; // Bitmask representing which L2 values are set. UINT32 currentL2MetadataValues; // L2 layer Flags; UINT32 l2Flags; UINT32 ethernetMacHeaderSize; UINT32 wiFiOperationMode; #if (NDIS_SUPPORT_NDIS630) NDIS_SWITCH_PORT_ID vSwitchSourcePortId; NDIS_SWITCH_NIC_INDEX vSwitchSourceNicIndex; NDIS_SWITCH_PORT_ID vSwitchDestinationPortId; #else UINT32 padding0; USHORT padding1; UINT32 padding2; #endif // (NDIS_SUPPORT_NDIS630) HANDLE vSwitchPacketContext; #endif // (NTDDI_VERSION >= NTDDI_WIN8) #endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN8) PVOID subProcessTag; // Reserved for system use. UINT64 reserved1; #endif } FWPS_INCOMING_METADATA_VALUES0; /////////////////////////////////////////////////////////////////////////////// // // Macro for checking for metadata fields // /////////////////////////////////////////////////////////////////////////////// #define FWPS_IS_METADATA_FIELD_PRESENT(metadataValues, metadataField) \ (((metadataValues)->currentMetadataValues & (metadataField)) == (metadataField)) #if (NTDDI_VERSION >= NTDDI_WIN8) #define FWPS_IS_L2_METADATA_FIELD_PRESENT(metadataValues, l2MetadataField) \ (((metadataValues)->currentL2MetadataValues & (l2MetadataField)) == (l2MetadataField)) #endif // (NTDDI_VERSION >= NTDDI_WIN8) // Invoked during classification when a callout filter matches. typedef void (NTAPI *FWPS_CALLOUT_CLASSIFY_FN0)( _In_ const FWPS_INCOMING_VALUES0* inFixedValues, _In_ const FWPS_INCOMING_METADATA_VALUES0* inMetaValues, _Inout_opt_ void* layerData, _In_ const FWPS_FILTER0* filter, _In_ UINT64 flowContext, _Inout_ FWPS_CLASSIFY_OUT0* classifyOut ); #if (NTDDI_VERSION >= NTDDI_WIN7) // Version-1 of function invoked during classification when a callout filter // matches. typedef void (NTAPI *FWPS_CALLOUT_CLASSIFY_FN1)( _In_ const FWPS_INCOMING_VALUES0* inFixedValues, _In_ const FWPS_INCOMING_METADATA_VALUES0* inMetaValues, _Inout_opt_ void* layerData, _In_opt_ const void* classifyContext, _In_ const FWPS_FILTER1* filter, _In_ UINT64 flowContext, _Inout_ FWPS_CLASSIFY_OUT0* classifyOut ); #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) // Version-2 of function invoked during classification when a callout filter // matches. typedef void (NTAPI *FWPS_CALLOUT_CLASSIFY_FN2)( _In_ const FWPS_INCOMING_VALUES0* inFixedValues, _In_ const FWPS_INCOMING_METADATA_VALUES0* inMetaValues, _Inout_opt_ void* layerData, _In_opt_ const void* classifyContext, _In_ const FWPS_FILTER2* filter, _In_ UINT64 flowContext, _Inout_ FWPS_CLASSIFY_OUT0* classifyOut ); #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN10_RS3) // Version-3 of function invoked during classification when a callout filter // matches. typedef void (NTAPI *FWPS_CALLOUT_CLASSIFY_FN3)( _In_ const FWPS_INCOMING_VALUES0* inFixedValues, _In_ const FWPS_INCOMING_METADATA_VALUES0* inMetaValues, _Inout_opt_ void* layerData, _In_opt_ const void* classifyContext, _In_ const FWPS_FILTER3* filter, _In_ UINT64 flowContext, _Inout_ FWPS_CLASSIFY_OUT0* classifyOut ); #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS3) // Notifies the callout that a filter invoking it has been added/deleted. typedef NTSTATUS (NTAPI *FWPS_CALLOUT_NOTIFY_FN0)( _In_ FWPS_CALLOUT_NOTIFY_TYPE notifyType, _In_ const GUID* filterKey, _Inout_ FWPS_FILTER0* filter ); #if (NTDDI_VERSION >= NTDDI_WIN7) // Version-1 of function that notifies the callout that a filter invoking it has // been added/deleted. typedef NTSTATUS (NTAPI *FWPS_CALLOUT_NOTIFY_FN1)( _In_ FWPS_CALLOUT_NOTIFY_TYPE notifyType, _In_ const GUID* filterKey, _Inout_ FWPS_FILTER1* filter ); #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) // Version-2 of function that notifies the callout that a filter invoking it has // been added/deleted. typedef NTSTATUS (NTAPI *FWPS_CALLOUT_NOTIFY_FN2)( _In_ FWPS_CALLOUT_NOTIFY_TYPE notifyType, _In_ const GUID* filterKey, _Inout_ FWPS_FILTER2* filter ); #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN10_RS3) // Version-3 of function invoked during classification when a callout filter // matches. typedef NTSTATUS (NTAPI *FWPS_CALLOUT_NOTIFY_FN3)( _In_ FWPS_CALLOUT_NOTIFY_TYPE notifyType, _In_ const GUID* filterKey, _Inout_ FWPS_FILTER3* filter ); #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS3) // Notifies the callout that a flow has been deleted. typedef void (NTAPI *FWPS_CALLOUT_FLOW_DELETE_NOTIFY_FN0)( _In_ UINT16 layerId, _In_ UINT32 calloutId, _In_ UINT64 flowContext ); // Notify callout that boottime callout has been removed typedef void (NTAPI *FWPS_CALLOUT_BOOTTIME_CALLOUT_DELETE_NOTIFY_FN0)( _In_ UINT32 calloutId ); // Run-time state necessary to invoke a callout. typedef struct FWPS_CALLOUT0_ { // Uniquely identifies the callout. This must be the same GUID supplied to // FwpmCalloutAdd0. GUID calloutKey; // Flags UINT32 flags; // Pointer to the classification function. FWPS_CALLOUT_CLASSIFY_FN0 classifyFn; // Pointer to the notification function. FWPS_CALLOUT_NOTIFY_FN0 notifyFn; // Pointer to the flow delete function. FWPS_CALLOUT_FLOW_DELETE_NOTIFY_FN0 flowDeleteFn; } FWPS_CALLOUT0; #if (NTDDI_VERSION >= NTDDI_WIN7) // Version-1 of run-time state necessary to invoke a callout. typedef struct FWPS_CALLOUT1_ { // Uniquely identifies the callout. This must be the same GUID supplied to // FwpmCalloutAdd0. GUID calloutKey; // Flags UINT32 flags; // Pointer to the classification function. FWPS_CALLOUT_CLASSIFY_FN1 classifyFn; // Pointer to the notification function. FWPS_CALLOUT_NOTIFY_FN1 notifyFn; // Pointer to the flow delete function. FWPS_CALLOUT_FLOW_DELETE_NOTIFY_FN0 flowDeleteFn; } FWPS_CALLOUT1; #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) // Version-1 of run-time state necessary to invoke a callout. typedef struct FWPS_CALLOUT2_ { // Uniquely identifies the callout. This must be the same GUID supplied to // FwpmCalloutAdd0. GUID calloutKey; // Flags UINT32 flags; // Pointer to the classification function. FWPS_CALLOUT_CLASSIFY_FN2 classifyFn; // Pointer to the notification function. FWPS_CALLOUT_NOTIFY_FN2 notifyFn; // Pointer to the flow delete function. FWPS_CALLOUT_FLOW_DELETE_NOTIFY_FN0 flowDeleteFn; } FWPS_CALLOUT2; #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN10_RS3) // Version-1 of run-time state necessary to invoke a callout. typedef struct FWPS_CALLOUT3_ { // Uniquely identifies the callout. This must be the same GUID supplied to // FwpmCalloutAdd0. GUID calloutKey; // Flags UINT32 flags; // Pointer to the classification function. FWPS_CALLOUT_CLASSIFY_FN3 classifyFn; // Pointer to the notification function. FWPS_CALLOUT_NOTIFY_FN3 notifyFn; // Pointer to the flow delete function. FWPS_CALLOUT_FLOW_DELETE_NOTIFY_FN0 flowDeleteFn; } FWPS_CALLOUT3; #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS3) // Register the function pointers for a version-0 callout. The callout driver // must call FwpsCalloutUnregisterById before unloading. _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsCalloutRegister0( _Inout_ void* deviceObject, _In_ const FWPS_CALLOUT0* callout, _Out_opt_ UINT32* calloutId ); #if (NTDDI_VERSION >= NTDDI_WIN7) // Register the function pointers for a version-1 callout. The callout driver // must call FwpsCalloutUnregisterById before unloading. _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsCalloutRegister1( _Inout_ void* deviceObject, _In_ const FWPS_CALLOUT1* callout, _Out_opt_ UINT32* calloutId ); #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) // Register the function pointers for a version-2 callout. The callout driver // must call FwpsCalloutUnregisterById before unloading. _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsCalloutRegister2( _Inout_ void* deviceObject, _In_ const FWPS_CALLOUT2* callout, _Out_opt_ UINT32* calloutId ); #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN10_RS2) // Register the function pointers for a version-3 callout. The callout driver // must call FwpsCalloutUnregisterById before unloading. _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsCalloutRegister3( _Inout_ void* deviceObject, _In_ const FWPS_CALLOUT3* callout, _Out_opt_ UINT32* calloutId ); #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2) _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsCalloutUnregisterById0(_In_ const UINT32 calloutId); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsCalloutUnregisterByKey0(_In_ const GUID* calloutKey); // Allows a callout to associate an opaque flowContext with a flow. _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsFlowAssociateContext0( _In_ UINT64 flowId, _In_ UINT16 layerId, _In_ UINT32 calloutId, _In_ UINT64 flowContext ); // Remote a flow context added with FwpsFlowAssociateContext0. _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsFlowRemoveContext0( _In_ UINT64 flowId, _In_ UINT16 layerId, _In_ UINT32 calloutId ); #if (NTDDI_VERSION >= NTDDI_WIN8) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsFlowAbort0( _In_ UINT64 flowId ); #endif // (NTDDI_VERSION >= NTDDI_WIN8) /////////////////////////////////////////////////////////////////////////////// // // Declarations for Packet List Information. // /////////////////////////////////////////////////////////////////////////////// typedef struct FWPS_PACKET_LIST_INBOUND_IPSEC_INFORMATION0_ { unsigned isSecure:1; unsigned isTransportMode:1; unsigned isTunnelMode:1; unsigned isTransportModeVerified:1; unsigned isTunnelModeVerified:1; unsigned isDeTunneled:1; } FWPS_PACKET_LIST_INBOUND_IPSEC_INFORMATION0; typedef struct FWPS_PACKET_LIST_OUTBOUND_IPSEC_INFORMATION0_ { unsigned isIPsecPolicyMatch:1; unsigned isTransportPolicyMatch:1; unsigned isTunnelPolicyMatch:1; unsigned isTunnelIPinIP:1; } FWPS_PACKET_LIST_OUTBOUND_IPSEC_INFORMATION0; #pragma warning(push) #pragma warning(disable:4201)//nameless struct/union typedef struct FWPS_PACKET_LIST_IPSEC_INFORMATION0_ { union { FWPS_PACKET_LIST_INBOUND_IPSEC_INFORMATION0 inbound; FWPS_PACKET_LIST_OUTBOUND_IPSEC_INFORMATION0 outbound; UINT32 flags; }; } FWPS_PACKET_LIST_IPSEC_INFORMATION0; #pragma warning(pop) typedef struct FWPS_PACKET_LIST_FWP_INFORMATION0_ { unsigned isReinjected:1; } FWPS_PACKET_LIST_FWP_INFORMATION0; #define FWPS_PACKET_LIST_INFORMATION_QUERY_INBOUND 0x00000001 #define FWPS_PACKET_LIST_INFORMATION_QUERY_OUTBOUND 0x00000002 #define FWPS_PACKET_LIST_INFORMATION_QUERY_IPSEC 0x00000004 #define FWPS_PACKET_LIST_INFORMATION_QUERY_FWP 0x00000008 #define FWPS_PACKET_LIST_INFORMATION_QUERY_ALL_INBOUND 0xfffffffd #define FWPS_PACKET_LIST_INFORMATION_QUERY_ALL_OUTBOUND 0xfffffffe #define FWPS_PACKET_LIST_INFORMATION_QUERY_INVALID_MASK 0x00000003 typedef struct FWPS_PACKET_LIST_INFORMATION0_ { FWPS_PACKET_LIST_IPSEC_INFORMATION0 ipsecInformation; FWPS_PACKET_LIST_FWP_INFORMATION0 fwpInformation; } FWPS_PACKET_LIST_INFORMATION0; _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsGetPacketListSecurityInformation0( _In_ NET_BUFFER_LIST* packetList, _In_ UINT32 queryFlags, _Inout_ FWPS_PACKET_LIST_INFORMATION0* packetInformation ); /////////////////////////////////////////////////////////////////////////////// // // Pend APIs for ALE layers. // /////////////////////////////////////////////////////////////////////////////// _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsPendOperation0( _In_ HANDLE completionHandle, _Out_ HANDLE* completionContext ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsCompleteOperation0( _In_ HANDLE completionContext, _In_opt_ PNET_BUFFER_LIST netBufferList ); #if (NTDDI_VERSION >= NTDDI_WIN7) /////////////////////////////////////////////////////////////////////////////// // // New Async Classify APIs for All WFP layers. // /////////////////////////////////////////////////////////////////////////////// #define FWPS_CLASSIFY_FLAG_REAUTHORIZE_IF_MODIFIED_BY_OTHERS 0x00000001 _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsAcquireClassifyHandle0( _In_ void* classifyContext, _In_ UINT32 flags, _Out_ UINT64* classifyHandle ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsReleaseClassifyHandle0( _In_ UINT64 classifyHandle ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsPendClassify0( _In_ UINT64 classifyHandle, _In_ UINT64 filterId, _In_ UINT32 flags, _Inout_ FWPS_CLASSIFY_OUT0* classifyOut ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsCompleteClassify0( _In_ UINT64 classifyHandle, _In_ UINT32 flags, _In_opt_ const FWPS_CLASSIFY_OUT0* classifyOut ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsAcquireWritableLayerDataPointer0( _In_ UINT64 classifyHandle, _In_ UINT64 filterId, _In_ UINT32 flags, _Out_ PVOID* writableLayerData, _Inout_opt_ FWPS_CLASSIFY_OUT0* classifyOut ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsApplyModifiedLayerData0( _In_ UINT64 classifyHandle, _In_ PVOID modifiedLayerData, _In_ UINT32 flags ); /////////////////////////////////////////////////////////////////////////////// // // Modifiable layer data types. // /////////////////////////////////////////////////////////////////////////////// // // Layer data type of ALE_CONNECT_REDIRECT layers // typedef struct _FWPS_CONNECT_REQUEST0 { // // Read-Write fields on a writable copy of the structure. // /* IN OUT */ SOCKADDR_STORAGE localAddressAndPort; /* IN OUT */ SOCKADDR_STORAGE remoteAddressAndPort; /* OUT */ UINT64 portReservationToken; // // When redirecting a connection to localhost, the callout must supply // the PID of the process that will be accepting the redirected connection. // /* OUT */ DWORD localRedirectTargetPID; // // Modification History. (Read-Only) // struct _FWPS_CONNECT_REQUEST0* previousVersion; UINT64 modifierFilterId; #if (NTDDI_VERSION >= NTDDI_WIN8) // // Handle created using the FwpsRedirectHandleCreate0 function. // /* OUT */ HANDLE localRedirectHandle; // // Arbitrary callout supplied context allocated using the // ExAllocatePoolWithTag function. // /* OUT */ void* localRedirectContext; /* OUT */ SIZE_T localRedirectContextSize; #endif // NTDDI_VERSION >= NTDDI_WIN8 } FWPS_CONNECT_REQUEST0; // // Layer data type of ALE_BIND_REDIRECT layers // typedef struct _FWPS_BIND_REQUEST0 { // // Read-Write fields on a writable copy of the structure. // /* IN OUT */ SOCKADDR_STORAGE localAddressAndPort; /* OUT */ UINT64 portReservationToken; // // Modification History. (Read-Only) // struct _FWPS_BIND_REQUEST0* previousVersion; UINT64 modifierFilterId; } FWPS_BIND_REQUEST0; #endif // NTDDI_VERSION >= NTDDI_WIN7 // // Layer data type of OUTBOUND_NETWORK_CONNECTION_POLICY layers // typedef struct _FWPS_CONNECTION_POLICY0 { // // Read-Write fields on a writable copy of the structure. // /* OUT */ SOCKADDR_STORAGE localAddress; /* OUT */ SOCKADDR_STORAGE nextHopAddress; /* OUT */ IF_LUID interfaceLuid; } FWPS_CONNECTION_POLICY0; /////////////////////////////////////////////////////////////////////////////// // // Functions for setting Classify Options // /////////////////////////////////////////////////////////////////////////////// _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsClassifyOptionSet0( _In_ const FWPS_INCOMING_METADATA_VALUES0* inMetadataValues, _In_ const FWP_CLASSIFY_OPTION_TYPE option, _In_ const FWP_VALUE0* newValue ); /////////////////////////////////////////////////////////////////////////////// // // Packet injection API. // /////////////////////////////////////////////////////////////////////////////// typedef struct FWPS_TRANSPORT_SEND_PARAMS0_ { UCHAR* remoteAddress; SCOPE_ID remoteScopeId; WSACMSGHDR* controlData OPTIONAL; ULONG controlDataLength OPTIONAL; } FWPS_TRANSPORT_SEND_PARAMS0; #if (NTDDI_VERSION >= NTDDI_WIN7) typedef struct FWPS_TRANSPORT_SEND_PARAMS1_ { UCHAR* remoteAddress; SCOPE_ID remoteScopeId; WSACMSGHDR* controlData OPTIONAL; ULONG controlDataLength OPTIONAL; UCHAR* headerIncludeHeader OPTIONAL; ULONG headerIncludeHeaderLength OPTIONAL; } FWPS_TRANSPORT_SEND_PARAMS1; #endif // (NTDDI_VERSION >= NTDDI_WIN7) #define FWPS_INJECTION_TYPE_STREAM 0x00000001 #define FWPS_INJECTION_TYPE_TRANSPORT 0x00000002 #define FWPS_INJECTION_TYPE_NETWORK 0x00000004 #define FWPS_INJECTION_TYPE_FORWARD 0x00000008 #define FWPS_INJECTION_TYPE_L2 0x00000010 #define FWPS_INJECTION_TYPE_VSWITCH_TRANSPORT 0x00000020 _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsInjectionHandleCreate0( _In_opt_ ADDRESS_FAMILY addressFamily, _In_ UINT32 flags, _Out_ HANDLE* injectionHandle ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsInjectionHandleDestroy0(_In_ HANDLE injectionHandle); typedef void (NTAPI *FWPS_INJECT_COMPLETE0)( _In_ void* context, _Inout_ NET_BUFFER_LIST* netBufferList, _In_ BOOLEAN dispatchLevel ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsAllocateNetBufferAndNetBufferList0( _In_ NDIS_HANDLE poolHandle, _In_ USHORT contextSize, _In_ USHORT contextBackFill, _In_opt_ MDL* mdlChain, _In_ ULONG dataOffset, _In_ SIZE_T dataLength, _Outptr_ NET_BUFFER_LIST** netBufferList ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsFreeNetBufferList0( _In_ NET_BUFFER_LIST* netBufferList ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsAllocateCloneNetBufferList0( _Inout_ NET_BUFFER_LIST* originalNetBufferList, _In_opt_ NDIS_HANDLE netBufferListPoolHandle, _In_opt_ NDIS_HANDLE netBufferPoolHandle, _In_ ULONG allocateCloneFlags, _Outptr_ NET_BUFFER_LIST** netBufferList ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsAllocateDeepCloneNetBufferList0( _Inout_ NET_BUFFER_LIST* originalNetBufferList, _In_opt_ NDIS_HANDLE netBufferListPoolHandle, _In_opt_ NDIS_HANDLE netBufferPoolHandle, _Outptr_ NET_BUFFER_LIST** netBufferList ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsFreeCloneNetBufferList0( _In_ NET_BUFFER_LIST* netBufferList, _In_ ULONG freeCloneFlags ); #if (NTDDI_VERSION >= NTDDI_WIN6SP1) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsReassembleForwardFragmentGroup0( _In_ ADDRESS_FAMILY addressFamily, _Inout_ NET_BUFFER_LIST* fragmentGroupNblChain, _In_opt_ NDIS_HANDLE netBufferAndNetBufferListPoolHandle, _In_ ULONG dataBackFill, _In_ ULONG flags, _Outptr_ NET_BUFFER_LIST** reassembledNbl ); #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) #if (NTDDI_VERSION >= NTDDI_WIN8) #define FWPS_SEND_INJECT_PRESERVE_IPID 0x00000001 #endif // (NTDDI_VERSION >= NTDDI_WIN8) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsInjectNetworkSendAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT32 flags, _In_ COMPARTMENT_ID compartmentId, _Inout_ NET_BUFFER_LIST* netBufferList, _In_ FWPS_INJECT_COMPLETE0 completionFn, _In_opt_ HANDLE completionContext ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsInjectForwardAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT32 flags, _In_ ADDRESS_FAMILY addressFamily, _In_ COMPARTMENT_ID compartmentId, _In_ IF_INDEX interfaceIndex, _Inout_ NET_BUFFER_LIST* netBufferList, _In_ FWPS_INJECT_COMPLETE0 completionFn, _In_opt_ HANDLE completionContext ); #if (NTDDI_VERSION >= NTDDI_WIN11_ZN) #define FWPS_CONSTRUCT_IPHEADER_FOR_SEND 0x00000001 #define FWPS_CONSTRUCT_IPHEADER_FOR_RECEIVE 0x00000002 #endif // (NTDDI_VERSION >= NTDDI_WIN11_ZN) #if (NTDDI_VERSION >= NTDDI_WIN6SP1) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsConstructIpHeaderForTransportPacket0( _Inout_ NET_BUFFER_LIST* netBufferList, _In_ ULONG headerIncludeHeaderLength, _In_ ADDRESS_FAMILY addressFamily, _In_ const UCHAR* sourceAddress, _In_ const UCHAR* remoteAddress, _In_ IPPROTO nextProtocol, _In_opt_ UINT64 endpointHandle, _In_opt_ const WSACMSGHDR* controlData, _In_ ULONG controlDataLength, _In_ UINT32 flags, _Reserved_ PVOID reserved, _In_opt_ IF_INDEX interfaceIndex, _In_opt_ IF_INDEX subInterfaceIndex ); #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsInjectTransportSendAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT64 endpointHandle, _In_ UINT32 flags, _In_opt_ FWPS_TRANSPORT_SEND_PARAMS0* sendArgs, _In_ ADDRESS_FAMILY addressFamily, _In_ COMPARTMENT_ID compartmentId, _Inout_ NET_BUFFER_LIST* netBufferList, _In_ FWPS_INJECT_COMPLETE0 completionFn, _In_opt_ HANDLE completionContext ); #if (NTDDI_VERSION >= NTDDI_WIN7) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsInjectTransportSendAsync1( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT64 endpointHandle, _In_ UINT32 flags, _In_opt_ FWPS_TRANSPORT_SEND_PARAMS1* sendArgs, _In_ ADDRESS_FAMILY addressFamily, _In_ COMPARTMENT_ID compartmentId, _Inout_ NET_BUFFER_LIST* netBufferList, _In_ FWPS_INJECT_COMPLETE0 completionFn, _In_opt_ HANDLE completionContext ); #endif // (NTDDI_VERSION >= NTDDI_WIN7) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsInjectTransportReceiveAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _Reserved_ PVOID reserved, _In_ UINT32 flags, _In_ ADDRESS_FAMILY addressFamily, _In_ COMPARTMENT_ID compartmentId, _In_ IF_INDEX interfaceIndex, _In_ IF_INDEX subInterfaceIndex, _Inout_ NET_BUFFER_LIST* netBufferList, _In_ FWPS_INJECT_COMPLETE0 completionFn, _In_opt_ HANDLE completionContext ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsInjectNetworkReceiveAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT32 flags, _In_ COMPARTMENT_ID compartmentId, _In_ IF_INDEX interfaceIndex, _In_ IF_INDEX subInterfaceIndex, _Inout_ NET_BUFFER_LIST* netBufferList, _In_ FWPS_INJECT_COMPLETE0 completionFn, _In_opt_ HANDLE completionContext ); #if (NTDDI_VERSION >= NTDDI_WIN8) _IRQL_requires_min_(PASSIVE_LEVEL) _IRQL_requires_max_(DISPATCH_LEVEL) _Must_inspect_result_ NTSTATUS NTAPI FwpsInjectMacReceiveAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT32 flags, _In_ UINT16 layerId, _In_ IF_INDEX interfaceIndex, _In_ NDIS_PORT_NUMBER NdisPortNumber, _Inout_ NET_BUFFER_LIST* netBufferLists, _In_ FWPS_INJECT_COMPLETE completionFn, _In_opt_ HANDLE completionContext ); _IRQL_requires_min_(PASSIVE_LEVEL) _IRQL_requires_max_(DISPATCH_LEVEL) _Must_inspect_result_ NTSTATUS NTAPI FwpsInjectMacSendAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT32 flags, _In_ UINT16 layerId, _In_ IF_INDEX interfaceIndex, _In_ NDIS_PORT_NUMBER NdisPortNumber, _Inout_ NET_BUFFER_LIST* netBufferLists, _In_ FWPS_INJECT_COMPLETE completionFn, _In_opt_ HANDLE completionContext ); #if (NDIS_SUPPORT_NDIS630) _IRQL_requires_min_(PASSIVE_LEVEL) _IRQL_requires_max_(DISPATCH_LEVEL) _Must_inspect_result_ NTSTATUS NTAPI FwpsInjectvSwitchEthernetIngressAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _Reserved_ UINT32 flags, _Reserved_ void* reserved, _In_ const FWP_BYTE_BLOB* vSwitchId, _In_ NDIS_SWITCH_PORT_ID vSwitchSourcePortId, _In_ NDIS_SWITCH_NIC_INDEX vSwitchSourceNicIndex, _Inout_ NET_BUFFER_LIST* netBufferLists, _In_ FWPS_INJECT_COMPLETE completionFn, _In_opt_ HANDLE completionContext ); void NTAPI FwpsReferencevSwitchPacketContext0( _Inout_ HANDLE packetContext ); void NTAPI FwpsDereferencevSwitchPacketContext0( _Inout_ HANDLE packetContext ); #endif // (NDIS_SUPPORT_NDIS630) #endif // (NTDDI_VERSION >= NTDDI_WIN8) _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsReferenceNetBufferList0( _Inout_ NET_BUFFER_LIST* netBufferList, _In_ BOOLEAN intendToModify ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsDereferenceNetBufferList0( _Inout_ NET_BUFFER_LIST* netBufferList, _In_ BOOLEAN dispatchLevel ); /////////////////////////////////////////////////////////////////////////////// // // Packet injection state tracking API. // /////////////////////////////////////////////////////////////////////////////// typedef enum FWPS_PACKET_INJECTION_STATE_ { // Packet was not injected by the FwpsInject* APIs. FWPS_PACKET_NOT_INJECTED, // Packet was injected by the calling injection handle. FWPS_PACKET_INJECTED_BY_SELF, // Packet was injected by a different injection handle. FWPS_PACKET_INJECTED_BY_OTHER, // Packet was injected by the calling injection handle but later // cloned and re-injected by other injector(s). FWPS_PACKET_PREVIOUSLY_INJECTED_BY_SELF, FWPS_PACKET_INJECTION_STATE_MAX } FWPS_PACKET_INJECTION_STATE; _IRQL_requires_max_(DISPATCH_LEVEL) FWPS_PACKET_INJECTION_STATE NTAPI FwpsQueryPacketInjectionState0( _In_ HANDLE injectionHandle, _In_ const NET_BUFFER_LIST* netBufferList, _Out_opt_ HANDLE* injectionContext ); #if (NTDDI_VERSION >= NTDDI_WIN8) typedef enum FWPS_CONNECTION_REDIRECT_STATE_ { // Connection was not redirected. FWPS_CONNECTION_NOT_REDIRECTED, // Connection was redirected by the calling redirect handle. FWPS_CONNECTION_REDIRECTED_BY_SELF, // Connection was redirected by a different redirect handle. FWPS_CONNECTION_REDIRECTED_BY_OTHER, // Connection was redirected by the calling redirect handle but later // redirected once more by a different redirect handle. FWPS_CONNECTION_PREVIOUSLY_REDIRECTED_BY_SELF, FWPS_CONNECTION_REDIRECT_STATE_MAX } FWPS_CONNECTION_REDIRECT_STATE; _IRQL_requires_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsRedirectHandleCreate0( _In_ const GUID* providerGuid, _Reserved_ UINT32 flags, _Out_ HANDLE* redirectHandle ); _IRQL_requires_(PASSIVE_LEVEL) void NTAPI FwpsRedirectHandleDestroy0(_In_ HANDLE redirectHandle); _IRQL_requires_min_(PASSIVE_LEVEL) _IRQL_requires_max_(DISPATCH_LEVEL) FWPS_CONNECTION_REDIRECT_STATE NTAPI FwpsQueryConnectionRedirectState0( _In_ HANDLE redirectRecords, _In_ HANDLE redirectHandle, _Outptr_opt_result_maybenull_ void** redirectContext ); _IRQL_requires_min_(PASSIVE_LEVEL) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsQueryConnectionSioFormatRedirectRecords0( _In_ HANDLE RedirectRecords, _Out_opt_ PVOID OutputBuffer, _In_ SIZE_T OutputBufferLength, _Out_opt_ PSIZE_T BytesTransferred ); #endif // (NTDDI_VERSION >= NTDDI_WIN8) #if (NTDDI_VERSION >= NTDDI_WIN7) /////////////////////////////////////////////////////////////////////////////// // // Packet tagging API. // /////////////////////////////////////////////////////////////////////////////// typedef enum FWPS_NET_BUFFER_LIST_EVENT_TYPE0_ { FWPS_NET_BUFFER_LIST_ENTERED_NETIO, FWPS_NET_BUFFER_LIST_CLONED_BY_NETIO, FWPS_NET_BUFFER_LIST_CLONED_VIA_WFP_API, FWPS_NET_BUFFER_LIST_DUPLICATED_BY_NETIO, FWPS_NET_BUFFER_LIST_EXIT_NETIO, FWPS_NET_BUFFER_LIST_CONTEXT_REMOVED, FWPS_NET_BUFFER_LIST_NDIS_SEND_COMPLETE, FWPS_NET_BUFFER_LIST_NDIS_RECV_COMPLETE #if (NTDDI_VERSION >= NTDDI_WIN8) , FWPS_NET_BUFFER_LIST_NDIS_ETHERNET_SEND_COMPLETE = FWPS_NET_BUFFER_LIST_NDIS_SEND_COMPLETE, FWPS_NET_BUFFER_LIST_NDIS_ETHERNET_RECV_COMPLETE = FWPS_NET_BUFFER_LIST_NDIS_RECV_COMPLETE, FWPS_NET_BUFFER_LIST_NDIS_NATIVE_SEND_COMPLETE, FWPS_NET_BUFFER_LIST_NDIS_NATIVE_RECV_COMPLETE, FWPS_NET_BUFFER_LIST_NDIS_VSWITCH_INGRESS_COMPLETE, FWPS_NET_BUFFER_LIST_NDIS_VSWITCH_EGRESS_COMPLETE, FWPS_NET_BUFFER_LIST_CLONED_BY_NDIS // TODO: remove comment below // #if (NTDDI_VERSION >= NTDDI_WINBLUE) , FWPS_NET_BUFFER_LIST_REASSEMBLED_FRAGMENT, FWPS_NET_BUFFER_LIST_REASSEMBLY_COMPLETE // #endif // (NTDDI_VERSION >= NTDDI_WINBLUE) #endif // (NTDDI_VERSION >= NTDDI_WIN8) } FWPS_NET_BUFFER_LIST_EVENT_TYPE0; typedef void (NTAPI *FWPS_NET_BUFFER_LIST_NOTIFY_FN0)( _In_ FWPS_NET_BUFFER_LIST_EVENT_TYPE0 eventType, _Inout_opt_ NET_BUFFER_LIST* netBufferList, _Inout_opt_ NET_BUFFER_LIST* newNetBufferList, _In_ UINT16 layerId, _In_ UINT64 context, _In_ UINT64 contextTag ); _IRQL_requires_max_(DISPATCH_LEVEL) UINT64 NTAPI FwpsNetBufferListGetTagForContext0(); #define FWPS_LAYER_NON_WFP 0xFFFF _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsNetBufferListAssociateContext0( _Inout_ NET_BUFFER_LIST* netBufferList, _In_ UINT16 layerId, // Use FWPS_LAYER_NON_WFP if context is being associated // from NDIS receive path. _In_ UINT64 context, _In_ UINT64 contextTag, _In_ GUID* providerGuid, _Inout_ void* deviceObject, _In_ FWPS_NET_BUFFER_LIST_NOTIFY_FN0 notifyFn, _In_ UINT32 flags ); #if (NTDDI_VERSION >= NTDDI_WIN8) #define FWPS_NET_BUFFER_LIST_EVENT_TYPE FWPS_NET_BUFFER_LIST_EVENT_TYPE0 typedef NTSTATUS (NTAPI *FWPS_NET_BUFFER_LIST_NOTIFY_FN1)( _In_ FWPS_NET_BUFFER_LIST_EVENT_TYPE0 eventType, _Inout_ _When_(eventType == FWPS_NET_BUFFER_LIST_CONTEXT_REMOVED, _Maybenull_) NET_BUFFER_LIST* netBufferList, _Inout_opt_ NET_BUFFER_LIST* newNetBufferList, _In_ UINT16 layerId, _In_ UINT64 context, _In_ UINT64 contextTag ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsNetBufferListAssociateContext1( _Inout_ NET_BUFFER_LIST* netBufferList, _In_ UINT16 layerId, // Use FWPS_LAYER_NON_WFP if context is being associated // from NDIS receive path. _In_ UINT64 context, _In_ UINT64 contextTag, _In_ GUID* providerGuid, _Inout_ void* deviceObject, _In_ FWPS_NET_BUFFER_LIST_NOTIFY_FN1 notifyFn, _In_ UINT32 flags ); #endif // (NTDDI_VERSION >= NTDDI_WIN8) _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsNetBufferListRetrieveContext0( _Inout_ NET_BUFFER_LIST* netBufferList, _In_ UINT64 contextTag, _In_ BOOLEAN removeContext, _In_ UINT32 flags, _Out_ UINT64* context ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsNetBufferListRemoveContext0( _Inout_opt_ NET_BUFFER_LIST* netBufferList, _In_ UINT64 contextTag, _In_ UINT32 flags ); #endif // (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN8) #if (NDIS_SUPPORT_NDIS630) /////////////////////////////////////////////////////////////////////////////// // // API for vSwitch filtering processing. // /////////////////////////////////////////////////////////////////////////////// typedef enum FWPS_VSWITCH_EVENT_TYPE_ { FWPS_VSWITCH_EVENT_VSWITCH_NONE, FWPS_VSWITCH_EVENT_VSWITCH_CREATE, FWPS_VSWITCH_EVENT_VSWITCH_DELETE, FWPS_VSWITCH_EVENT_PORT_CREATE, FWPS_VSWITCH_EVENT_PORT_DELETE, FWPS_VSWITCH_EVENT_INTERFACE_CREATE, FWPS_VSWITCH_EVENT_INTERFACE_DELETE, FWPS_VSWITCH_EVENT_INTERFACE_CONNECT, FWPS_VSWITCH_EVENT_INTERFACE_DISCONNECT, FWPS_VSWITCH_EVENT_POLICY_ADD, FWPS_VSWITCH_EVENT_POLICY_UPDATE, FWPS_VSWITCH_EVENT_POLICY_DELETE, FWPS_VSWITCH_EVENT_RUNTIME_STATE_SAVE, FWPS_VSWITCH_EVENT_RUNTIME_STATE_RESTORE } FWPS_VSWITCH_EVENT_TYPE; typedef struct _NDIS_SWITCH_PARAMETERS NDIS_SWITCH_PARAMETERS; typedef struct _NDIS_SWITCH_PORT_ARRAY NDIS_SWITCH_PORT_ARRAY; typedef struct _NDIS_SWITCH_NIC_ARRAY NDIS_SWITCH_NIC_ARRAY; typedef struct _NDIS_SWITCH_PORT_PARAMETERS NDIS_SWITCH_PORT_PARAMETERS; typedef struct _NDIS_SWITCH_NIC_PARAMETERS NDIS_SWITCH_NIC_PARAMETERS; typedef struct _NDIS_SWITCH_PORT_PROPERTY_PARAMETERS NDIS_SWITCH_PORT_PROPERTY_PARAMETERS; typedef struct _NDIS_SWITCH_PORT_PROPERTY_DELETE_PARAMETERS NDIS_SWITCH_PORT_PROPERTY_DELETE_PARAMETERS; typedef struct _NDIS_SWITCH_NIC_SAVE_STATE NDIS_SWITCH_NIC_SAVE_STATE; typedef UINT32 NDIS_SWITCH_PORT_ID; typedef NTSTATUS (NTAPI *FWPS_VSWITCH_LIFETIME_EVENT_CALLBACK0)( _In_opt_ void* notifyContext, _In_ FWPS_VSWITCH_EVENT_TYPE eventType, _In_ const NDIS_SWITCH_PARAMETERS* vSwitch, _In_opt_ const NDIS_SWITCH_PORT_ARRAY* vSwitchPorts, _In_opt_ const NDIS_SWITCH_NIC_ARRAY* vSwitchInterfaces ); typedef NTSTATUS (NTAPI *FWPS_VSWITCH_PORT_EVENT_CALLBACK0)( _In_opt_ void* notifyContext, _In_ void* completionContext, _In_ FWPS_VSWITCH_EVENT_TYPE eventType, _In_ const NDIS_SWITCH_PARAMETERS* vSwitch, _In_ const NDIS_SWITCH_PORT_PARAMETERS* vSwitchPort ); typedef NTSTATUS (NTAPI *FWPS_VSWITCH_INTERFACE_EVENT_CALLBACK0)( _In_opt_ void* notifyContext, _In_ void* completionContext, _In_ FWPS_VSWITCH_EVENT_TYPE eventType, _In_ const NDIS_SWITCH_PARAMETERS* vSwitch, _In_ const NDIS_SWITCH_NIC_PARAMETERS* vSwitchNic ); typedef NTSTATUS (NTAPI *FWPS_VSWITCH_FILTER_ENGINE_REORDER_CALLBACK0)( _In_opt_ void* notifyContext, _In_ void* completionContext, _In_ BOOLEAN isInRequiredPosition, _In_ const NDIS_ENUM_FILTERS* vSwitchExtensionLwfList ); typedef NTSTATUS (NTAPI *FWPS_VSWITCH_POLICY_EVENT_CALLBACK0)( _In_opt_ void* notifyContext, _In_ void* completionContext, _In_ FWPS_VSWITCH_EVENT_TYPE eventType, _In_ const NDIS_SWITCH_PARAMETERS* vSwitch, _In_opt_ _When_(eventType == FWPS_VSWITCH_EVENT_POLICY_DELETE, _Null_) const NDIS_SWITCH_PORT_PROPERTY_PARAMETERS* vSwitchPortProperty, _In_opt_ _When_(eventType == FWPS_VSWITCH_EVENT_POLICY_DELETE, _Notnull_) const NDIS_SWITCH_PORT_PROPERTY_DELETE_PARAMETERS* vSwitchPortPropertyDelete ); typedef NTSTATUS (NTAPI *FWPS_VSWITCH_RUNTIME_STATE_SAVE_CALLBACK0)( _In_opt_ void* notifyContext, _In_ void* completionContext, _In_ FWPS_VSWITCH_EVENT_TYPE eventType, _In_ const NDIS_SWITCH_PARAMETERS* vSwitch, _In_ NDIS_SWITCH_PORT_ID portId, _Outptr_result_buffer_(*runtimeStateLength) void** runtimeState, _Out_ SIZE_T* runtimeStateLength ); typedef NTSTATUS (NTAPI *FWPS_VSWITCH_RUNTIME_STATE_RESTORE_CALLBACK0)( _In_opt_ void* notifyContext, _In_ void* completionContext, _In_ FWPS_VSWITCH_EVENT_TYPE eventType, _In_ const NDIS_SWITCH_PARAMETERS* vSwitch, _In_ NDIS_SWITCH_PORT_ID portId, _In_reads_bytes_(runtimeStateLength) void* runtimeState, _In_ SIZE_T runtimeStateLength ); typedef struct FWPS_VSWITCH_EVENT_DISPATCH_TABLE0_ { _Maybenull_ FWPS_VSWITCH_LIFETIME_EVENT_CALLBACK0 vSwitchLifetimeNotifyFn; _Maybenull_ FWPS_VSWITCH_PORT_EVENT_CALLBACK0 vSwitchPortEventNotifyFn; _Maybenull_ FWPS_VSWITCH_INTERFACE_EVENT_CALLBACK0 vSwitchInterfaceEventNotifyFn; _Maybenull_ FWPS_VSWITCH_FILTER_ENGINE_REORDER_CALLBACK0 vSwitchFilterEngineReorderNotifyRn; _Maybenull_ FWPS_VSWITCH_POLICY_EVENT_CALLBACK0 vSwitchPolicyEventNotifyFn; _Maybenull_ FWPS_VSWITCH_RUNTIME_STATE_SAVE_CALLBACK0 vSwitchRuntimeStateSaveNotifyFn; _Maybenull_ FWPS_VSWITCH_RUNTIME_STATE_RESTORE_CALLBACK0 vSwitchRuntimeStateRestoreNotifyFn; }FWPS_VSWITCH_EVENT_DISPATCH_TABLE0; _IRQL_requires_max_(PASSIVE_LEVEL) _Check_return_ NTSTATUS NTAPI FwpsvSwitchEventsSubscribe0( _In_opt_ const GUID* providerGuid, _In_opt_ void* notifyContext, _Reserved_ UINT32 flags, _Reserved_ void* reserved, _In_ const FWPS_VSWITCH_EVENT_DISPATCH_TABLE* eventDispatchTable, _Out_ UINT32* subscriptionId ); _IRQL_requires_max_(PASSIVE_LEVEL) void NTAPI FwpsvSwitchEventsUnsubscribe0( _In_ UINT32 subscriptionId, _Reserved_ UINT32 flags, _Reserved_ void* reserved ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsvSwitchNotifyComplete0( _In_ void* completionContext, _In_ NTSTATUS status, _Reserved_ UINT32 flags, _Reserved_ void* reserved ); #endif // (NDIS_SUPPORT_NDIS630) #endif // (NTDDI_VERSION >= NTDDI_WIN8) /////////////////////////////////////////////////////////////////////////////// // // API for stream processing. // /////////////////////////////////////////////////////////////////////////////// // The FWPS_STREAM_DATA_OFFSET0 specifies an offset into a data stream defined in // an FWPS_STREAM_DATA0. Generally, it is only necessary to know the byte // offset, however this means searching for the NET_BUFFER_LIST, NET_BUFFER, MDL // and offset into the MDL to find the byte of interest. FWPS_STREAM_DATA_OFFSET0 // helps by keeping track of this information. The netBufferList, netBuffer, mdl, // and mdlOffset and offset combined give the location of the byte of interest. // netBufferOffset and streamBufferOffset are used internally to optimize // computations. typedef struct FWPS_STREAM_DATA_OFFSET0_ { // NET_BUFFER_LIST in which offset lies. NET_BUFFER_LIST* netBufferList; // NET_BUFFER in which offset lies. NET_BUFFER* netBuffer; // MDL in which offset lies. MDL* mdl; // Byte offset from the beginning of the MDL in which data lies. UINT32 mdlOffset; // Offset relative to the DataOffset of the NET_BUFFER. UINT32 netBufferOffset; // Offset from the beginning of the entire stream buffer. SIZE_T streamDataOffset; } FWPS_STREAM_DATA_OFFSET0; // Flags set on receives (inbound stream layer). #define FWPS_STREAM_FLAG_RECEIVE (0x00000001) // Received TCP urgent data. #define FWPS_STREAM_FLAG_RECEIVE_EXPEDITED (0x00000002) #define FWPS_STREAM_FLAG_RECEIVE_DISCONNECT (0x00000004) #define FWPS_STREAM_FLAG_RECEIVE_ABORT (0x00000008) #if (NTDDI_VERSION >= NTDDI_WIN6SP1) #define FWPS_STREAM_FLAG_RECEIVE_PUSH (0x00000010) #endif // (NTDDI_VERSION >= NTDDI_WIN6SP1) // Flags set on sends (outbound stream layer). #define FWPS_STREAM_FLAG_SEND (0x00010000) #define FWPS_STREAM_FLAG_SEND_EXPEDITED (0x00020000) #define FWPS_STREAM_FLAG_SEND_NODELAY (0x00040000) #define FWPS_STREAM_FLAG_SEND_DISCONNECT (0x00080000) #define FWPS_STREAM_FLAG_SEND_ABORT (0x00100000) // FWPS_STREAM_DATA0 is used to store a section of the stream and provide it // to a callout for processing. typedef struct FWPS_STREAM_DATA0_ { UINT32 flags; FWPS_STREAM_DATA_OFFSET0 dataOffset; SIZE_T dataLength; NET_BUFFER_LIST* netBufferListChain; } FWPS_STREAM_DATA0; typedef enum FWPS_STREAM_ACTION_TYPE_ { FWPS_STREAM_ACTION_NONE, FWPS_STREAM_ACTION_NEED_MORE_DATA, FWPS_STREAM_ACTION_DROP_CONNECTION, FWPS_STREAM_ACTION_DEFER, #if (NTDDI_VERSION >= NTDDI_WIN7) FWPS_STREAM_ACTION_ALLOW_CONNECTION, #endif // (NTDDI_VERSION >= NTDDI_WIN7) FWPS_STREAM_ACTION_TYPE_MAX } FWPS_STREAM_ACTION_TYPE; typedef struct FWPS_STREAM_CALLOUT_IO_PACKET0_ { /* IN */ FWPS_STREAM_DATA0* streamData; /* IN */ SIZE_T missedBytes; /* OUT */ UINT32 countBytesRequired; /* OUT */ SIZE_T countBytesEnforced; /* OUT */ FWPS_STREAM_ACTION_TYPE streamAction; } FWPS_STREAM_CALLOUT_IO_PACKET0; _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsStreamInjectAsync0( _In_ HANDLE injectionHandle, _In_opt_ HANDLE injectionContext, _In_ UINT32 flags, _In_ UINT64 flowId, _In_ UINT32 calloutId, _In_ UINT16 layerId, _In_ UINT32 streamFlags, _Inout_opt_ NET_BUFFER_LIST* netBufferList, _In_ SIZE_T dataLength, _In_ FWPS_INJECT_COMPLETE0 completionFn, _In_opt_ HANDLE completionContext ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsStreamContinue0( _In_ UINT64 flowId, _In_ UINT32 calloutId, _In_ UINT16 layerId, _In_ UINT32 streamFlags ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsCopyStreamDataToBuffer0( _In_ const FWPS_STREAM_DATA0* calloutStreamData, _Inout_updates_bytes_to_(bytesToCopy, *bytesCopied) PVOID buffer, _In_ SIZE_T bytesToCopy, _Out_ _Deref_out_range_(<=, bytesToCopy) SIZE_T* bytesCopied ); _IRQL_requires_max_(DISPATCH_LEVEL) NTSTATUS NTAPI FwpsCloneStreamData0( _Inout_ FWPS_STREAM_DATA0* calloutStreamData, _In_opt_ NDIS_HANDLE netBufferListPoolHandle, _In_opt_ NDIS_HANDLE netBufferPoolHandle, _In_ ULONG allocateCloneFlags, _Outptr_ NET_BUFFER_LIST** netBufferListChain ); _IRQL_requires_max_(DISPATCH_LEVEL) void NTAPI FwpsDiscardClonedStreamData0( _Inout_ NET_BUFFER_LIST* netBufferListChain, _In_ UINT32 allocateCloneFlags, _In_ BOOLEAN dispatchLevel ); #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) /////////////////////////////////////////////////////////////////////////////// // // Virtual Interface Tunneling APIs // /////////////////////////////////////////////////////////////////////////////// NTSTATUS NTAPI FwpsVirtualIfTunnelInfoGet0( _In_ const FWPS_INCOMING_METADATA_VALUES0* metadata, _Out_ IPSEC_VIRTUAL_IF_TUNNEL_INFO0* virtualIfTunnelInfo ); NTSTATUS NTAPI FwpsVirtualIfTunnelInfoSet0( _Inout_ NET_BUFFER_LIST* netBufferList, _In_ const IPSEC_VIRTUAL_IF_TUNNEL_INFO0* virtualIfTunnelInfo ); #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) #if (NTDDI_VERSION >= NTDDI_WIN7) /////////////////////////////////////////////////////////////////////////////// // // ALE endpoint API. // /////////////////////////////////////////////////////////////////////////////// _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsOpenToken0( IN HANDLE engineHandle, IN LUID modifiedId, IN DWORD desiredAccess, OUT HANDLE* accessToken ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsAleEndpointGetById0( _In_ HANDLE engineHandle, _In_ UINT64 endpointId, _Out_ FWPS_ALE_ENDPOINT_PROPERTIES0** properties ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsAleEndpointCreateEnumHandle0( _In_ HANDLE engineHandle, _In_opt_ const FWPS_ALE_ENDPOINT_ENUM_TEMPLATE0* enumTemplate, _Out_ HANDLE* enumHandle ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsAleEndpointEnum0( _In_ HANDLE engineHandle, _In_ HANDLE enumHandle, _In_ UINT32 numEntriesRequested, _Outptr_result_buffer_(*numEntriesReturned) FWPS_ALE_ENDPOINT_PROPERTIES0*** entries, _Out_ UINT32* numEntriesReturned ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsAleEndpointDestroyEnumHandle0( _In_ HANDLE engineHandle, _Inout_ HANDLE enumHandle ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsAleEndpointGetSecurityInfo0( _In_ HANDLE engineHandle, _In_ SECURITY_INFORMATION securityInfo, _Outptr_result_maybenull_ PSID* sidOwner, _Outptr_result_maybenull_ PSID* sidGroup, _Outptr_result_maybenull_ PACL* dacl, _Outptr_result_maybenull_ PACL* sacl, _Outptr_ PSECURITY_DESCRIPTOR* securityDescriptor ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSTATUS NTAPI FwpsAleEndpointSetSecurityInfo0( _In_ HANDLE engineHandle, _In_ SECURITY_INFORMATION securityInfo, _In_opt_ const SID* sidOwner, _In_opt_ const SID* sidGroup, _In_opt_ const ACL* dacl, _In_opt_ const ACL* sacl ); #endif // (NTDDI_VERSION >= NTDDI_WIN7) #ifdef __cplusplus } #endif #endif // (NTDDI_VERSION >= NTDDI_WIN6) #endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_PKG_APPRUNTIME) */ #pragma endregion #endif // FWPSX_H