#pragma warning disable IDE1006 // Naming Styles
using System.Collections.Generic;
using System.Linq;
namespace Vanara.PInvoke;
public static partial class FwpUClnt
{
/// The DL_ADDRESS_TYPE enumerated type specifies the type of datalink layer address.
// https://docs.microsoft.com/en-us/windows/win32/api/netiodef/ne-netiodef-dl_address_type typedef enum { DlUnicast, DlMulticast,
// DlBroadcast } DL_ADDRESS_TYPE, *PDL_ADDRESS_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:netiodef.__unnamed_enum_0")]
public enum DL_ADDRESS_TYPE
{
/// Specifies a unicast datalink layer address.
DlUnicast,
/// Specifies a multicast datalink layer address.
DlMulticast,
/// Specifies a broadcast datalink layer address.
DlBroadcast,
}
/// Action type
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_ACTION0_")]
[Flags]
public enum FWP_ACTION_TYPE : uint
{
/// Block the traffic.
FWP_ACTION_BLOCK = 0x00000001 | FWP_ACTION_FLAG_TERMINATING,
/// Permit the traffic.
FWP_ACTION_PERMIT = 0x00000002 | FWP_ACTION_FLAG_TERMINATING,
/// Invoke a callout that always returns block or permit.
FWP_ACTION_CALLOUT_TERMINATING = 0x00000003 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_TERMINATING,
/// Invoke a callout that never returns block or permit.
FWP_ACTION_CALLOUT_INSPECTION = 0x00000004 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_NON_TERMINATING,
/// Invoke a callout that may return block or permit.
FWP_ACTION_CALLOUT_UNKNOWN = 0x00000005 | FWP_ACTION_FLAG_CALLOUT,
///
FWP_ACTION_CONTINUE = 0x00000006 | FWP_ACTION_FLAG_NON_TERMINATING,
///
FWP_ACTION_NONE = 0x00000007,
///
FWP_ACTION_NONE_NO_MATCH = 0x00000008,
///
FWP_ACTION_FLAG_TERMINATING = 0x00001000,
///
FWP_ACTION_FLAG_NON_TERMINATING = 0x00002000,
///
FWP_ACTION_FLAG_CALLOUT = 0x00004000,
}
///
/// The FWPM_APPC_NETWORK_CAPABILITY_TYPE enumeration specifies the type of app container network capability that is associated
/// with the object or traffic in question.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_appc_network_capability_type typedef enum
// FWPM_APPC_NETWORK_CAPABILITY_TYPE_ { FWPM_APPC_NETWORK_CAPABILITY_INTERNET_CLIENT = 0,
// FWPM_APPC_NETWORK_CAPABILITY_INTERNET_CLIENT_SERVER, FWPM_APPC_NETWORK_CAPABILITY_INTERNET_PRIVATE_NETWORK } FWPM_APPC_NETWORK_CAPABILITY_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_APPC_NETWORK_CAPABILITY_TYPE_")]
public enum FWPM_APPC_NETWORK_CAPABILITY_TYPE
{
///
/// Value:
/// 0
/// Allows the app container to make network requests to servers on the Internet. It acts as a client.
///
FWPM_APPC_NETWORK_CAPABILITY_INTERNET_CLIENT,
///
/// Allows the app container to make requests and to receive requests to and from the Internet. It acts as a client and also as a server.
///
FWPM_APPC_NETWORK_CAPABILITY_INTERNET_CLIENT_SERVER,
///
/// Allows the app container to make requests and to receive requests to and from private networks (such as a home network, work
/// network, or the corporate domain network of the computer). It acts as a client and also as a server.
///
FWPM_APPC_NETWORK_CAPABILITY_INTERNET_PRIVATE_NETWORK,
}
/// Flags for FWPM_CALLOUT0
[PInvokeData("fwpmtypes.h")]
[Flags]
public enum FWPM_CALLOUT_FLAG : uint
{
/// The callout is persistent across reboots. As a result, it can be referenced by boot-time and other persistent filters.
FWPM_CALLOUT_FLAG_PERSISTENT = 0x00010000,
///
/// The callout needs access to the provider context stored in the filter invoking the callout. If this flag is set, the provider
/// context will be copied from the FWPM_FILTER0 structure to the FWPS_FILTER0 structure. The FWPS_FILTER0 structure is documented in
/// the WDK.
///
FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT = 0x00020000,
///
/// The callout is currently registered in the kernel. This flag must not be set when adding new callouts. It is used only in
/// querying the state of existing callouts.
///
FWPM_CALLOUT_FLAG_REGISTERED = 0x00040000,
}
/// The FWPM_CHANGE_TYPE enumerated type is used when dispatching change notifications to subscribers.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_change_type typedef enum FWPM_CHANGE_TYPE_ {
// FWPM_CHANGE_ADD = 1, FWPM_CHANGE_DELETE, FWPM_CHANGE_TYPE_MAX } FWPM_CHANGE_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_CHANGE_TYPE_")]
public enum FWPM_CHANGE_TYPE
{
///
/// Value:
/// 1
/// Specifies an add change notification.
///
FWPM_CHANGE_ADD = 1,
/// Specifies a delete change notification.
FWPM_CHANGE_DELETE,
/// Maximum value for testing purposes.
FWPM_CHANGE_TYPE_MAX,
}
/// Flags for FWPM_CONNECTION_ENUM_TEMPLATE0.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CONNECTION_ENUM_TEMPLATE0_")]
[Flags]
public enum FWPM_CONNECTION_ENUM_FLAG : uint
{
///
/// If set, the IPsec driver will be queried for the current bytes transferred via this connection (allowing monitoring tools to
/// collect accurate data without requiring that querying capabilities remain constantly on).
///
FWPM_CONNECTION_ENUM_FLAG_QUERY_BYTES_TRANSFERRED = 0x00000001
}
/// The FWPM_CONNECTION_EVENT_TYPE enumeration specifies the type of connection object change event.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_connection_event_type typedef enum
// FWPM_CONNECTION_EVENT_TYPE_ { FWPM_CONNECTION_EVENT_ADD = 0, FWPM_CONNECTION_EVENT_DELETE, FWPM_CONNECTION_EVENT_MAX } FWPM_CONNECTION_EVENT_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_CONNECTION_EVENT_TYPE_")]
public enum FWPM_CONNECTION_EVENT_TYPE
{
///
/// Value:
/// 0
/// A new connection object was added.
///
FWPM_CONNECTION_EVENT_ADD,
/// A connection object was deleted.
FWPM_CONNECTION_EVENT_DELETE,
/// Maximum value for testing purposes.
FWPM_CONNECTION_EVENT_MAX,
}
/// The FWPM_ENGINE_OPTION enumerated type specifies configurable options for the filter engine.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_engine_option typedef enum FWPM_ENGINE_OPTION_ {
// FWPM_ENGINE_COLLECT_NET_EVENTS = 0, FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDS, FWPM_ENGINE_NAME_CACHE,
// FWPM_ENGINE_MONITOR_IPSEC_CONNECTIONS, FWPM_ENGINE_PACKET_QUEUING, FWPM_ENGINE_TXN_WATCHDOG_TIMEOUT_IN_MSEC, FWPM_ENGINE_OPTION_MAX } FWPM_ENGINE_OPTION;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_ENGINE_OPTION_")]
public enum FWPM_ENGINE_OPTION
{
///
/// Value:
/// 0
/// The filter engine will collect WFP network events.
///
[CorrespondingType(typeof(BOOL), CorrespondingAction.GetSet)]
FWPM_ENGINE_COLLECT_NET_EVENTS,
/// The filter engine will collect WFP network events that match any supplied key words.
[CorrespondingType(typeof(FWPM_NET_EVENT_KEYWORD), CorrespondingAction.GetSet)]
FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDS,
///
/// Reserved for internal use.
/// Note Available only in Windows Server 2008 R2, Windows 7, and later.
///
FWPM_ENGINE_NAME_CACHE,
///
/// Enables the connection monitoring feature and starts logging creation and deletion events (and notifying any subscribers).
///
/// If the ETW operational log is already enabled, FwpmEngineGetOption0 will return showing the option as enabled.
/// FwpmEngineSetOption0 can be used set the value (but fails with FWP_E_STILL_ON ERROR when attempting to disable it).
///
/// Note Available only in Windows 8 and Windows Server 2012.
///
[CorrespondingType(typeof(BOOL), CorrespondingAction.GetSet)]
FWPM_ENGINE_MONITOR_IPSEC_CONNECTIONS,
///
///
/// Enables inbound or forward packet queuing independently. When enabled, the system is able to evenly distribute CPU load to
/// multiple CPUs for site-to-site IPsec tunnel scenarios.
///
/// Note Available only in Windows 8 and Windows Server 2012.
///
[CorrespondingType(typeof(FWPM_ENGINE_OPTION_PACKET_QUEUE), CorrespondingAction.GetSet)]
FWPM_ENGINE_PACKET_QUEUING,
///
/// Transactions lasting longer than this time (in milliseconds) will trigger a
/// watchdog event.
/// Note Available only in Windows 8 and Windows Server 2012.
///
[CorrespondingType(typeof(uint), CorrespondingAction.GetSet)]
FWPM_ENGINE_TXN_WATCHDOG_TIMEOUT_IN_MSEC,
/// Maximum value for testing purposes.
FWPM_ENGINE_OPTION_MAX,
}
/// Values get or set through FWP_VALUE0.
[Flags]
public enum FWPM_ENGINE_OPTION_PACKET_QUEUE : uint
{
/// Do not enable packet queuing.
FWPM_ENGINE_OPTION_PACKET_QUEUE_NONE = 0x00000000,
/// Enable inbound packet queuing.
FWPM_ENGINE_OPTION_PACKET_QUEUE_INBOUND = 0x00000001,
/// Enable outbound packet queuing.
FWPM_ENGINE_OPTION_PACKET_QUEUE_FORWARD = 0x00000002,
///
FWPM_ENGINE_OPTION_PACKET_BATCH_INBOUND = 0x00000004,
}
/// The FWPM_FIELD_TYPE enumerated type provides additional information about how the field's data should be interpreted.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_field_type typedef enum FWPM_FIELD_TYPE_ {
// FWPM_FIELD_RAW_DATA = 0, FWPM_FIELD_IP_ADDRESS, FWPM_FIELD_FLAGS, FWPM_FIELD_TYPE_MAX } FWPM_FIELD_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_FIELD_TYPE_")]
public enum FWPM_FIELD_TYPE
{
///
/// Value:
/// 0
/// Value contains raw data.
///
FWPM_FIELD_RAW_DATA,
/// Value contains an IP address.
FWPM_FIELD_IP_ADDRESS,
///
/// Value contains flags.
/// Note Available only on Windows Server 2008, Windows Vista with SP1, and later.
///
FWPM_FIELD_FLAGS,
/// Maximum value for testing purposes.
FWPM_FIELD_TYPE_MAX,
}
/// Flags for FWPM_FILTER0.
[PInvokeData("fwpmtypes.h")]
[Flags]
public enum FWPM_FILTER_FLAG : uint
{
/// Default.
FWPM_FILTER_FLAG_NONE = 0x00000000,
/// Filter is persistent, that is, it survives across BFE stop/start.
FWPM_FILTER_FLAG_PERSISTENT = 0x00000001,
/// Filter is enforced at boot-time, even before BFE starts.
FWPM_FILTER_FLAG_BOOTTIME = 0x00000002,
/// Filter references a provider context.
FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT = 0x00000004,
/// Clear filter action right.
FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT = 0x00000008,
/// If the callout is not registered, the filter is treated as a permit filter.
FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED = 0x00000010,
///
/// Filter is disabled. A provider's filters are disabled when the BFE starts if the provider has no associated Windows service name,
/// or if the associated service is not set to auto-start.
///
FWPM_FILTER_FLAG_DISABLED = 0x00000020,
/// Filter is indexed to help enable faster lookup during classification.
FWPM_FILTER_FLAG_INDEXED = 0x00000040,
///
FWPM_FILTER_FLAG_HAS_SECURITY_REALM_PROVIDER_CONTEXT = 0x00000080,
///
FWPM_FILTER_FLAG_SYSTEMOS_ONLY = 0x00000100,
///
FWPM_FILTER_FLAG_GAMEOS_ONLY = 0x00000200,
///
FWPM_FILTER_FLAG_SILENT_MODE = 0x00000400,
///
FWPM_FILTER_FLAG_IPSEC_NO_ACQUIRE_INITIATE = 0x00000800,
///
FWPM_FILTER_FLAG_RESERVED0 = 0x00001000,
///
FWPM_FILTER_FLAG_RESERVED1 = 0x00002000,
}
/// Flags for FWPM_LAYER0.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_LAYER0_")]
[Flags]
public enum FWPM_LAYER_FLAG : uint
{
/// Layer classified in kernel-mode.
FWPM_LAYER_FLAG_KERNEL = 0x00000001,
/// Layer built-in. Cannot be deleted.
FWPM_LAYER_FLAG_BUILTIN = 0x00000002,
/// Layer optimized for classification rather than enumeration.
FWPM_LAYER_FLAG_CLASSIFY_MOSTLY = 0x00000004,
/// Layer is buffered.
FWPM_LAYER_FLAG_BUFFERED = 0x00000008,
}
/// Flags indicating which of the following members are set. Unused fields must be zero-initialized.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_HEADER0_")]
[Flags]
public enum FWPM_NET_EVENT_FLAG : uint
{
/// The ipProtocol member is set.
FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET = 0x00000001,
///
/// Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET = 0x00000002,
///
/// Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET = 0x00000004,
/// The localPort member is set.
FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET = 0x00000008,
/// The remotePort member is set.
FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET = 0x00000010,
/// The appId member is set.
FWPM_NET_EVENT_FLAG_APP_ID_SET = 0x00000020,
/// The userId member is set.
FWPM_NET_EVENT_FLAG_USER_ID_SET = 0x00000040,
/// The scopeId member is set.
FWPM_NET_EVENT_FLAG_SCOPE_ID_SET = 0x00000080,
/// The ipVersion member is set.
FWPM_NET_EVENT_FLAG_IP_VERSION_SET = 0x00000100,
///
FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET = 0x00000200,
///
FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET = 0x00000400,
///
FWPM_NET_EVENT_FLAG_ENTERPRISE_ID_SET = 0x00000800,
///
FWPM_NET_EVENT_FLAG_POLICY_FLAGS_SET = 0x00001000,
///
FWPM_NET_EVENT_FLAG_EFFECTIVE_NAME_SET = 0x00002000,
}
/// Flags for the failure event.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IKEEXT_EM_FAILURE0_")]
[Flags]
public enum FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG : uint
{
/// Indicates that multiple IKE EM failure events have been reported.
FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_MULTIPLE = 0x00000001,
/// Indicates that the failure was benign or expected.
FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_BENIGN = 0x00000002,
}
/// Flags for the failure event.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IKEEXT_MM_FAILURE0_")]
[Flags]
public enum FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG : uint
{
/// Indicates that the failure was benign or expected.
FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_BENIGN = 0x00000001,
/// Indicates that multiple failure events have been reported.
FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_MULTIPLE = 0x00000002,
}
/// Flags get or set through .
[PInvokeData("fwpmtypes.h")]
[Flags]
public enum FWPM_NET_EVENT_KEYWORD : uint
{
/// Collect inbound multicast network events.
FWPM_NET_EVENT_KEYWORD_INBOUND_MCAST = 0x00000001,
/// Collect inbound broadcast network events.
FWPM_NET_EVENT_KEYWORD_INBOUND_BCAST = 0x00000002,
///
FWPM_NET_EVENT_KEYWORD_CAPABILITY_DROP = 0x00000004,
///
FWPM_NET_EVENT_KEYWORD_CAPABILITY_ALLOW = 0x00000008,
///
FWPM_NET_EVENT_KEYWORD_CLASSIFY_ALLOW = 0x00000010,
///
FWPM_NET_EVENT_KEYWORD_PORT_SCANNING_DROP = 0x00000020,
}
/// The FWPM_NET_EVENT_TYPE enumerated type specifies the type of net event.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_net_event_type typedef enum FWPM_NET_EVENT_TYPE_ {
// FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE = 0, FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE, FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE,
// FWPM_NET_EVENT_TYPE_CLASSIFY_DROP, FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP, FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP,
// FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW, FWPM_NET_EVENT_TYPE_CAPABILITY_DROP, FWPM_NET_EVENT_TYPE_CAPABILITY_ALLOW,
// FWPM_NET_EVENT_TYPE_CLASSIFY_DROP_MAC, FWPM_NET_EVENT_TYPE_LPM_PACKET_ARRIVAL, FWPM_NET_EVENT_TYPE_MAX } FWPM_NET_EVENT_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_NET_EVENT_TYPE_")]
public enum FWPM_NET_EVENT_TYPE
{
///
/// Value:
/// 0
/// An IKE/AuthIP main mode failure has occurred.
///
FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE,
/// An IKE/AuthIP quick mode failure has occurred.
FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE,
/// An AuthIP extended mode failure has occurred.
FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE,
/// A drop event has occurred.
FWPM_NET_EVENT_TYPE_CLASSIFY_DROP,
/// An IPsec kernel drop event has occurred.
FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP,
///
/// An IPsec DoS Protection drop event has occurred.
/// Note Available only in Windows 7, Windows Server 2008 R2, and later.
///
FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP,
///
/// An allow event has occurred.
/// Note Available only in Windows 8 and Windows Server 2012.
///
FWPM_NET_EVENT_TYPE_CLASSIFY_ALLOW,
///
/// An app container network capability drop event has occurred.
/// Note Available only in Windows 8 and Windows Server 2012.
///
FWPM_NET_EVENT_TYPE_CAPABILITY_DROP,
///
/// An app container network capability allow event has occurred.
/// Note Available only in Windows 8 and Windows Server 2012.
///
FWPM_NET_EVENT_TYPE_CAPABILITY_ALLOW,
///
/// A MAC layer drop event has occurred.
/// Note Available only in Windows 8 and Windows Server 2012.
///
FWPM_NET_EVENT_TYPE_CLASSIFY_DROP_MAC,
///
FWPM_NET_EVENT_TYPE_LPM_PACKET_ARRIVAL,
/// Maximum value for testing purposes.
FWPM_NET_EVENT_TYPE_MAX,
}
/// Flags for
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CONTEXT1_")]
[Flags]
public enum FWPM_PROVIDER_CONTEXT_FLAG : uint
{
/// The object is persistent, that is, it survives across BFE stop/start.
FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT = 0x00000001,
/// Reserved for internal use.
FWPM_PROVIDER_CONTEXT_FLAG_DOWNLEVEL = 0x00000002,
}
///
/// The FWPM_PROVIDER_CONTEXT_TYPE enumerated type specifies types of provider contexts that may be stored in Base Filtering
/// Engine (BFE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_provider_context_type typedef enum
// FWPM_PROVIDER_CONTEXT_TYPE_ { FWPM_IPSEC_KEYING_CONTEXT = 0, FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT, FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT,
// FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT, FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT, FWPM_IPSEC_IKE_MM_CONTEXT, FWPM_IPSEC_AUTHIP_MM_CONTEXT,
// FWPM_CLASSIFY_OPTIONS_CONTEXT, FWPM_GENERAL_CONTEXT, FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT, FWPM_IPSEC_IKEV2_MM_CONTEXT,
// FWPM_IPSEC_DOSP_CONTEXT, FWPM_IPSEC_IKEV2_QM_TRANSPORT_CONTEXT, FWPM_NETWORK_CONNECTION_POLICY_CONTEXT, FWPM_PROVIDER_CONTEXT_TYPE_MAX
// } FWPM_PROVIDER_CONTEXT_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_PROVIDER_CONTEXT_TYPE_")]
public enum FWPM_PROVIDER_CONTEXT_TYPE
{
///
/// Value:
/// 0
/// Specifies keying context type.
///
FWPM_IPSEC_KEYING_CONTEXT,
/// Specifies IPsec IKE quick mode transport context type.
FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT,
/// Specifies IPsec IKE quick mode tunnel context type.
FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT,
/// Specifies IPsec AuthIP quick mode transport context type.
FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT,
/// Specifies IPsec Authip quick mode tunnel context type.
FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT,
/// Specifies IKE main mode context type.
FWPM_IPSEC_IKE_MM_CONTEXT,
/// Specifies AuthIP main mode context type.
FWPM_IPSEC_AUTHIP_MM_CONTEXT,
/// Specifies classify options context type.
FWPM_CLASSIFY_OPTIONS_CONTEXT,
/// Specifies general context type.
FWPM_GENERAL_CONTEXT,
///
/// Specifies IKE v2 quick mode tunnel context type.
/// Note Available only in Windows Server 2008 R2, Windows 7, and later.
///
FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT,
///
/// Specifies IKE v2 main mode tunnel context type.
/// Note Available only in Windows Server 2008 R2, Windows 7, and later.
///
FWPM_IPSEC_IKEV2_MM_CONTEXT,
///
/// Specifies IPsec DoS Protection context type.
/// Note Available only in Windows Server 2008 R2, Windows 7, and later.
///
FWPM_IPSEC_DOSP_CONTEXT,
///
/// Specifies IKE v2 quick mode transport context type.
/// Note Available only in Windows 8 and Windows 8.
///
FWPM_IPSEC_IKEV2_QM_TRANSPORT_CONTEXT,
/// Maximum value for testing purposes.
FWPM_PROVIDER_CONTEXT_TYPE_MAX,
}
/// Bit flags that indicate information about the persistence of the provider.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER0_")]
[Flags]
public enum FWPM_PROVIDER_FLAG : uint
{
/// The provider is persistent.
FWPM_PROVIDER_FLAG_PERSISTENT = 0x00000001,
///
/// Provider's filters were disabled when the BFE started because the provider has no associated Windows service name, or because the
/// associated service was not set to auto-start.
///
FWPM_PROVIDER_FLAG_DISABLED = 0x00000010,
}
/// The FWPM_SERVICE_STATE enumeration specifies the current state of the filter engine.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_service_state typedef enum FWPM_SERVICE_STATE_ {
// FWPM_SERVICE_STOPPED = 0, FWPM_SERVICE_START_PENDING, FWPM_SERVICE_STOP_PENDING, FWPM_SERVICE_RUNNING, FWPM_SERVICE_STATE_MAX } FWPM_SERVICE_STATE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_SERVICE_STATE_")]
public enum FWPM_SERVICE_STATE
{
///
/// Value:
/// 0
/// The filter engine is not running.
///
FWPM_SERVICE_STOPPED,
/// The filter engine is starting.
FWPM_SERVICE_START_PENDING,
/// The filter engine is stopping.
FWPM_SERVICE_STOP_PENDING,
/// The filter engine is running.
FWPM_SERVICE_RUNNING,
/// Maximum value for testing purposes.
FWPM_SERVICE_STATE_MAX,
}
/// Settings to control session behavior.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SESSION0_")]
[Flags]
public enum FWPM_SESSION_FLAG : uint
{
/// When this flag is set, any objects added during the session are automatically deleted when the session ends.
FWPM_SESSION_FLAG_DYNAMIC = 0x00000001,
/// Reserved.
FWPM_SESSION_FLAG_RESERVED = 0x10000000,
}
/// Flags for FWPM_SUBLAYER0.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SUBLAYER0_")]
[Flags]
public enum FWPM_SUBLAYER_FLAG : uint
{
/// Causes sublayer to be persistent, surviving across BFE stop/start.
FWPM_SUBLAYER_FLAG_PERSISTENT = 0x00000001
}
/// The notification type(s) received by the subscription.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CALLOUT_SUBSCRIPTION0_")]
[Flags]
public enum FWPM_SUBSCRIPTION_FLAG : uint
{
/// Subscribe to callout add notifications.
FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD = 0x00000001,
/// Subscribe to callout delete notifications.
FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE = 0x00000002,
}
/// The FWPM_SYSTEM_PORT_TYPE enumerated type specifies the type of system port.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_system_port_type typedef enum FWPM_SYSTEM_PORT_TYPE_ {
// FWPM_SYSTEM_PORT_RPC_EPMAP = 0, FWPM_SYSTEM_PORT_TEREDO, FWPM_SYSTEM_PORT_IPHTTPS_IN, FWPM_SYSTEM_PORT_IPHTTPS_OUT,
// FWPM_SYSTEM_PORT_TYPE_MAX } FWPM_SYSTEM_PORT_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_SYSTEM_PORT_TYPE_")]
public enum FWPM_SYSTEM_PORT_TYPE
{
///
/// Value:
/// 0
/// Specifies a system port used by an RPC endpoint mapper.
///
FWPM_SYSTEM_PORT_RPC_EPMAP,
/// Specifies a system port used by the Teredo service.
FWPM_SYSTEM_PORT_TEREDO,
/// Specifies an inbound system port used by the IP in conjunction with HTTPS implementation.
FWPM_SYSTEM_PORT_IPHTTPS_IN,
/// Specifies an outbound system port used by the IP in conjunction with HTTPS implementation.
FWPM_SYSTEM_PORT_IPHTTPS_OUT,
/// Maximum value for testing purposes.
FWPM_SYSTEM_PORT_TYPE_MAX,
}
/// The FWPM_VSWITCH_EVENT_TYPE enumeration specifies the type of a vSwitch event.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ne-fwpmtypes-fwpm_vswitch_event_type typedef enum
// FWPM_VSWITCH_EVENT_TYPE_ { FWPM_VSWITCH_EVENT_FILTER_ADD_TO_INCOMPLETE_LAYER = 0,
// FWPM_VSWITCH_EVENT_FILTER_ENGINE_NOT_IN_REQUIRED_POSITION, FWPM_VSWITCH_EVENT_ENABLED_FOR_INSPECTION,
// FWPM_VSWITCH_EVENT_DISABLED_FOR_INSPECTION, FWPM_VSWITCH_EVENT_FILTER_ENGINE_REORDER, FWPM_VSWITCH_EVENT_MAX } FWPM_VSWITCH_EVENT_TYPE;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NE:fwpmtypes.FWPM_VSWITCH_EVENT_TYPE_")]
public enum FWPM_VSWITCH_EVENT_TYPE
{
///
/// Value:
/// 0
/// The filter engine is not enabled on all vSwitch instances. As a result, the filter(s) being added may not be fully enforced.
///
FWPM_VSWITCH_EVENT_FILTER_ADD_TO_INCOMPLETE_LAYER,
///
/// The filter engine to which the filter(s) are being added is not in its required position (typically the first filtering extension
/// in the vSwitch instance). As a result, the filter(s) could be bypassed.
///
FWPM_VSWITCH_EVENT_FILTER_ENGINE_NOT_IN_REQUIRED_POSITION,
/// The filter engine is being enabled for the vSwitch instance.
FWPM_VSWITCH_EVENT_ENABLED_FOR_INSPECTION,
/// The filter engine is being disabled for the vSwitch instance.
FWPM_VSWITCH_EVENT_DISABLED_FOR_INSPECTION,
///
/// The filter engine is being reordered and may not be in the
/// required position to enforce committed filters.
///
FWPM_VSWITCH_EVENT_FILTER_ENGINE_REORDER,
/// Maximum value for testing purposes.
FWPM_VSWITCH_EVENT_MAX,
}
/// The FWPM_ACTION0 structure specifies the action taken if all the filter conditions are true.
///
/// FWPM_ACTION0 is a specific implementation of FWPM_ACTION. See WFP Version-Independent Names and Targeting Specific Versions of
/// Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_action0 typedef struct FWPM_ACTION0_ { FWP_ACTION_TYPE
// type; union { GUID filterType; GUID calloutKey; }; } FWPM_ACTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_ACTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_ACTION0
{
///
/// Action type as specified by FWP_ACTION_TYPE which maps to a UINT32.
/// Possible values:
///
///
/// Value
/// Meaning
///
/// -
/// FWP_ACTION_BLOCK
/// Block the traffic. 0x00000001 | FWP_ACTION_FLAG_TERMINATING
///
/// -
/// FWP_ACTION_PERMIT
/// Permit the traffic. 0x00000002 | FWP_ACTION_FLAG_TERMINATING
///
/// -
/// FWP_ACTION_CALLOUT_TERMINATING
/// Invoke a callout that always returns block or permit. 0x00000003 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_TERMINATING
///
/// -
/// FWP_ACTION_CALLOUT_INSPECTION
/// Invoke a callout that never returns block or permit. 0x00000004 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_NON_TERMINATING
///
/// -
/// FWP_ACTION_CALLOUT_UNKNOWN
/// Invoke a callout that may return block or permit. 0x00000005 | FWP_ACTION_FLAG_CALLOUT
///
///
///
public FWP_ACTION_TYPE type;
///
/// An arbitrary GUID chosen by the policy provider.
/// Available when the action does not invoke a callout, that is, type does not contain FWP_ACTION_FLAG_CALLOUT.
///
public Guid filterType;
///
/// The GUID for a valid callout in the layer.
/// Available when the action invokes a callout, that is, type contains FWP_ACTION_FLAG_CALLOUT.
///
public Guid calloutKey;
}
/// The FWPM_CALLOUT_CHANGE0 structure specifies a change notification dispatched to subscribers.
///
/// FWPM_CALLOUT_CHANGE0 is a specific implementation of FWPM_CALLOUT_CHANGE. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_callout_change0 typedef struct FWPM_CALLOUT_CHANGE0_ {
// FWPM_CHANGE_TYPE changeType; GUID calloutKey; UINT32 calloutId; } FWPM_CALLOUT_CHANGE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CALLOUT_CHANGE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CALLOUT_CHANGE0
{
/// A FWPM_CHANGE_TYPE value that specifies the type of change.
public FWPM_CHANGE_TYPE changeType;
/// GUID of the callout that changed.
public Guid calloutKey;
/// LUID of the callout that changed.
public uint calloutId;
}
/// The FWPM_CALLOUT_ENUM_TEMPLATE0 structure is used for limiting callout enumerations.
///
/// FWPM_CALLOUT_ENUM_TEMPLATE0 is a specific implementation of FWPM_CALLOUT_ENUM_TEMPLATE. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_callout_enum_template0 typedef struct
// FWPM_CALLOUT_ENUM_TEMPLATE0_ { GUID *providerKey; GUID layerKey; } FWPM_CALLOUT_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CALLOUT_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CALLOUT_ENUM_TEMPLATE0
{
///
/// Uniquely identifies the provider associated with the callout. If this member is non-NULL, only objects associated with the
/// specified provider will be returned.
///
public GuidPtr providerKey;
///
/// Uniquely identifies a layer. If this member is non-NULL, only callouts associated with the specified layer will be returned.
///
public Guid layerKey;
}
/// The FWPM_CALLOUT_SUBSCRIPTION0 structure is used to subscribe for change notifications.
///
/// Notifications are only dispatched for callouts that match the template.
/// If the template is NULL, it matches all callouts.
///
/// FWPM_CALLOUT_SUBSCRIPTION0 is a specific implementation of FWPM_CALLOUT_SUBSCRIPTION. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_callout_subscription0 typedef struct
// FWPM_CALLOUT_SUBSCRIPTION0_ { FWPM_CALLOUT_ENUM_TEMPLATE0 *enumTemplate; UINT32 flags; GUID sessionKey; } FWPM_CALLOUT_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CALLOUT_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CALLOUT_SUBSCRIPTION0
{
/// A FWPM_CALLOUT_ENUM_TEMPLATE0 structure that is used to limit the subscription.
public IntPtr enumTemplate;
///
/// The notification type(s) received by the subscription.
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD
/// Subscribe to callout add notifications.
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE
/// Subscribe to callout delete notifications.
///
///
///
public FWPM_SUBSCRIPTION_FLAG flags;
/// Uniquely identifies this session.
public Guid sessionKey;
}
/// The FWPM_CALLOUT0 structure stores the state associated with a callout.
///
/// The first six members of this structure contain data supplied when adding objects.
/// The last member, calloutId, provides additional information returned when getting/enumerating objects.
///
/// FWPM_CALLOUT0 is a specific implementation of FWPM_CALLOUT. See WFP Version-Independent Names and Targeting Specific Versions
/// of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_callout0 typedef struct FWPM_CALLOUT0_ { GUID
// calloutKey; FWPM_DISPLAY_DATA0 displayData; UINT32 flags; GUID *providerKey; FWP_BYTE_BLOB providerData; GUID applicableLayer; UINT32
// calloutId; } FWPM_CALLOUT0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CALLOUT0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CALLOUT0
{
///
/// Uniquely identifies the session.
/// If the GUID is initialized to zero in the call to FwpmCalloutAdd0, the base filtering engine (BFE) will generate one.
///
public Guid calloutKey;
///
/// A FWPM_DISPLAY_DATA0 structure that contains human-readable annotations associated with the callout. The name member of
/// the FWPM_DISPLAY_DATA0 structure is required.
///
public FWPM_DISPLAY_DATA0 displayData;
///
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_CALLOUT_FLAG_PERSISTENT
/// The callout is persistent across reboots. As a result, it can be referenced by boot-time and other persistent filters.
///
/// -
/// FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT
///
/// The callout needs access to the provider context stored in the filter invoking the callout. If this flag is set, the provider
/// context will be copied from the [FWPM_FILTER0](/windows/desktop/api/fwpmtypes/ns-fwpmtypes-fwpm_filter0) structure to the
/// FWPS_FILTER0 structure. The FWPS_FILTER0 structure is documented in the WDK.
///
///
/// -
/// FWPM_CALLOUT_FLAG_REGISTERED
///
/// The callout is currently registered in the kernel. This flag must not be set when adding new callouts. It is used only in
/// querying the state of existing callouts.
///
///
///
///
public FWPM_CALLOUT_FLAG flags;
///
/// Uniquely identifies the provider associated with the callout. If the member is non-NULL, only objects associated with the
/// specified provider will be returned.
///
public GuidPtr providerKey;
///
/// A FWP_BYTE_BLOB structure that contains optional provider-specific data that allows providers to store additional context
/// information with the object.
///
public FWP_BYTE_BLOB providerData;
///
/// Specifies the layer in which the callout can be used. Only filters in this layer can invoke the callout. For more information,
/// see Filtering Layer Identifiers.
///
public Guid applicableLayer;
///
/// LUID identifying the callout. This is the calloutId stored in the FWPS_ACTION0 structure for filters that invoke a
/// callout. The FWPS_ACTION0 structure is documented in the WDK.
///
public uint calloutId;
}
/// The FWPM_CLASSIFY_OPTION0 structure is used to define unicast and multicast timeout options and data.
///
/// The following table lists possible values for the members of a FWPM_CLASSIFY_OPTION0 structure.
///
///
/// type
/// value
///
/// -
/// FWP_CLASSIFY_OPTION_MULTICAST_STATE
///
///
/// -
/// FWP_CLASSIFY_OPTION_LOOSE_SOURCE_MAPPING
///
///
/// -
/// FWP_CLASSIFY_OPTION_UNICAST_LIFETIME
///
///
/// -
/// FWP_CLASSIFY_OPTION_MCAST_BCAST_LIFETIME
///
///
///
///
/// FWPM_CLASSIFY_OPTION0 is a specific implementation of FWPM_CLASSIFY_OPTION. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_classify_option0 typedef struct FWPM_CLASSIFY_OPTION0_
// { FWP_CLASSIFY_OPTION_TYPE type; FWP_VALUE0 value; } FWPM_CLASSIFY_OPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CLASSIFY_OPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CLASSIFY_OPTION0
{
/// An FWP_CLASSIFY_OPTION_TYPE value.
public FWP_CLASSIFY_OPTION_TYPE type;
/// An FWP_VALUE0 structure.
public FWP_VALUE0 value;
}
/// The FWPM_CLASSIFY_OPTIONS0 structure is used to store FWPM_CLASSIFY_OPTION0 structures.
///
/// FWPM_CLASSIFY_OPTIONS0 is a specific implementation of FWPM_CLASSIFY_OPTIONS. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_classify_options0 typedef struct
// FWPM_CLASSIFY_OPTIONS0_ { UINT32 numOptions; FWPM_CLASSIFY_OPTION0 *options; } FWPM_CLASSIFY_OPTIONS0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CLASSIFY_OPTIONS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CLASSIFY_OPTIONS0
{
/// Number of FWPM_CLASSIFY_OPTION0 structures in the options member.
public uint numOptions;
///
/// [size_is(numCredentials)]
/// Pointer to an array of structures.
///
public IntPtr options;
}
/// The FWPM_CONNECTION_ENUM_TEMPLATE0 structure is used for limiting connection object enumerations.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_connection_enum_template0 typedef struct
// FWPM_CONNECTION_ENUM_TEMPLATE0_ { UINT64 connectionId; UINT32 flags; } FWPM_CONNECTION_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CONNECTION_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CONNECTION_ENUM_TEMPLATE0
{
/// Uniquely identifies a connection object.
public ulong connectionId;
///
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_CONNECTION_ENUM_FLAG_QUERY_BYTES_TRANSFERRED 0x00000001
///
/// If set, the IPsec driver will be queried for the current bytes transferred via this connection (allowing monitoring tools to
/// collect accurate data without requiring that querying capabilities remain constantly on).
///
///
///
///
public FWPM_CONNECTION_ENUM_FLAG flags;
}
///
/// The FWPM_CONNECTION_SUBSCRIPTION0 structure stores information used to subscribe to notifications about a connection object.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_connection_subscription0 typedef struct
// FWPM_CONNECTION_SUBSCRIPTION0_ { FWPM_CONNECTION_ENUM_TEMPLATE0 *enumTemplate; UINT32 flags; GUID sessionKey; } FWPM_CONNECTION_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CONNECTION_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CONNECTION_SUBSCRIPTION0
{
/// Enumeration template for limiting the subscription.
public IntPtr enumTemplate;
/// Reserved for system use.
public uint flags;
/// Identifies the session that created the subscription.
public Guid sessionKey;
}
/// The FWPM_CONNECTION0 structure stores the state associated with a connection object.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_connection0 typedef struct FWPM_CONNECTION0_ { UINT64
// connectionId; FWP_IP_VERSION ipVersion; union { UINT32 localV4Address; UINT8 localV6Address[16]; }; union { UINT32 remoteV4Address;
// UINT8 remoteV6Address[16]; }; GUID *providerKey; IPSEC_TRAFFIC_TYPE ipsecTrafficModeType; IKEEXT_KEY_MODULE_TYPE keyModuleType;
// IKEEXT_PROPOSAL0 mmCrypto; IKEEXT_CREDENTIAL2 mmPeer; IKEEXT_CREDENTIAL2 emPeer; UINT64 bytesTransferredIn; UINT64
// bytesTransferredOut; UINT64 bytesTransferredTotal; FILETIME startSysTime; } FWPM_CONNECTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_CONNECTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_CONNECTION0
{
///
/// Type: UINT64
/// The run-time identifier for the connection.
///
public ulong connectionId;
///
/// Type: FWP_IP_VERSION
/// The IP version being used.
///
public FWP_IP_VERSION ipVersion;
private FWP_BYTE_ARRAY_ADDR local;
///
/// Type: UINT32
/// The IPv4 local address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR localV4Address { get => local.addr; set => local.addr = value; }
///
/// Type: UINT8[16]
/// The IPv6 local address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR localV6Address { get => local.addr6; set => local.addr6 = value; }
private FWP_BYTE_ARRAY_ADDR remote;
///
/// Type: UINT32
/// The IPv4 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR remoteV4Address { get => remote.addr; set => remote.addr = value; }
///
/// Type: UINT8[16]
/// The IPv6 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR remoteV6Address { get => remote.addr6; set => remote.addr6 = value; }
///
/// Type: GUID*
/// Uniquely identifies the provider associated with this connection.
///
public GuidPtr providerKey;
///
/// Type: IPSEC_TRAFFIC_TYPE
/// The type of IPsec traffic.
///
public IPSEC_TRAFFIC_TYPE ipsecTrafficModeType;
///
/// Type: IKEEXT_KEY_MODULE_TYPE
/// The type of keying module.
///
public IKEEXT_KEY_MODULE_TYPE keyModuleType;
///
/// Type: IKEEXT_PROPOSAL0
/// An IKE/AuthIP main mode proposal.
///
public IKEEXT_PROPOSAL0 mmCrypto;
///
/// Type: IKEEXT_CREDENTIAL2
/// Main mode credential information.
///
public IKEEXT_CREDENTIAL2 mmPeer;
///
/// Type: IKEEXT_CREDENTIAL2
/// Extended mode credential information.
///
public IKEEXT_CREDENTIAL2 emPeer;
///
/// Type: UINT64
/// The total number of incoming bytes transferred by the connection.
///
public ulong bytesTransferredIn;
///
/// Type: UINT64
/// The total number of outgoing bytes transferred by the connection.
///
public ulong bytesTransferredOut;
///
/// Type: UINT64
/// The total number of bytes (incoming and outgoing) transferred by the connection.
///
public ulong bytesTransferredTotal;
///
/// Type: FILETIME
/// Time that the connection was created.
///
public FILETIME startSysTime;
}
/// The FWPM_FIELD0 structure specifies schema information for a field.
///
/// FWPM_FIELD0 is a specific implementation of FWPM_FIELD. See WFP Version-Independent Names and Targeting Specific Versions of
/// Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_field0 typedef struct FWPM_FIELD0_ { GUID *fieldKey;
// FWPM_FIELD_TYPE type; FWP_DATA_TYPE dataType; } FWPM_FIELD0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_FIELD0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_FIELD0
{
/// Uniquely identifies the field. See FWPM_CONDITION_* identifiers in the topic Filtering Condition Identifiers.
public GuidPtr fieldKey;
///
/// Determines how dataType is interpreted.
/// See FWPM_FIELD_TYPE for more information.
///
public FWPM_FIELD_TYPE type;
///
/// Data type passed to classify.
/// See FWP_DATA_TYPE for more information.
///
public FWP_DATA_TYPE dataType;
}
/// The FWPM_FILTER_CHANGE0 structure stores change notification dispatched to subscribers.
///
/// FWPM_FILTER_CHANGE0 is a specific implementation of FWPM_FILTER_CHANGE. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_filter_change0 typedef struct FWPM_FILTER_CHANGE0_ {
// FWPM_CHANGE_TYPE changeType; GUID filterKey; UINT64 filterId; } FWPM_FILTER_CHANGE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_FILTER_CHANGE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_FILTER_CHANGE0
{
/// A FWPM_CHANGE_TYPE value that specifies the type of change notification to be dispatched.
public FWPM_CHANGE_TYPE changeType;
/// GUID of the filter that changed.
public Guid filterKey;
/// LUID of the filter that changed.
public ulong filterId;
}
/// The FWPM_FILTER_CONDITION0 structure expresses a filter condition that must be true for the action to be taken.
///
/// Field GUIDs are only unique within a layer, so both the field GUID and the layer GUID are required to uniquely identify a field.
/// The data type of FWP_MATCH_TYPE for detailed compatibility rules.
///
/// FWPM_FILTER_CONDITION0 is a specific implementation of FWPM_FILTER_CONDITION. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
/// Examples
/// The following C++ example shows how to initialize and add conditions to a filter.
///
/// #include <windows.h> #include <fwpmu.h> #include <stdio.h> #pragma comment(lib, "Fwpuclnt.lib") // Some application to use for filter testing. #define FILE0_PATH L"C:\\Program Files\\AppDirectory\\SomeApplication.exe" void main() { FWP_BYTE_BLOB *fwpApplicationByteBlob; FWPM_FILTER0 fwpFilter; FWPM_FILTER_CONDITION0 fwpConditions[4]; int conCount = 0; DWORD result = ERROR_SUCCESS; fwpApplicationByteBlob = (FWP_BYTE_BLOB*) malloc(sizeof(FWP_BYTE_BLOB)); printf("Retrieving application identifier for filter testing.\n"); result = FwpmGetAppIdFromFileName0(FILE0_PATH, &fwpApplicationByteBlob); if (result != ERROR_SUCCESS) { printf("FwpmGetAppIdFromFileName failed (%d).\n", result); return; } // Application identifier filter condition. fwpConditions[conCount].fieldKey = FWPM_CONDITION_ALE_APP_ID; fwpConditions[conCount].matchType = FWP_MATCH_EQUAL; fwpConditions[conCount].conditionValue.type = FWP_BYTE_BLOB_TYPE; fwpConditions[conCount].conditionValue.byteBlob = fwpApplicationByteBlob; ++conCount; // TCP protocol filter condition fwpConditions[conCount].fieldKey = FWPM_CONDITION_IP_PROTOCOL; fwpConditions[conCount].matchType = FWP_MATCH_EQUAL; fwpConditions[conCount].conditionValue.type = FWP_UINT8; fwpConditions[conCount].conditionValue.uint8 = IPPROTO_TCP; ++conCount; // Add conditions and condition count to a filter. memset(&fwpFilter, 0, sizeof(FWPM_FILTER0)); fwpFilter.numFilterConditions = conCount; if (conCount > 0) fwpFilter.filterCondition = fwpConditions; // Finish initializing filter... return; }
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_filter_condition0 typedef struct
// FWPM_FILTER_CONDITION0_ { GUID fieldKey; FWP_MATCH_TYPE matchType; FWP_CONDITION_VALUE0 conditionValue; } FWPM_FILTER_CONDITION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_FILTER_CONDITION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_FILTER_CONDITION0
{
/// GUID of the field to be tested.
public Guid fieldKey;
/// A FWP_MATCH_TYPE value that specifies the type of match to be performed.
public FWP_MATCH_TYPE matchType;
/// A FWP_CONDITION_VALUE0 structure that contains the value to match the field against.
public FWP_CONDITION_VALUE0 conditionValue;
}
/// The FWPM_FILTER_ENUM_TEMPLATE0 structure is used for enumerating filters.
///
/// FWPM_FILTER_ENUM_TEMPLATE0 is a specific implementation of FWPM_FILTER_ENUM_TEMPLATE. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_filter_enum_template0 typedef struct
// FWPM_FILTER_ENUM_TEMPLATE0_ { GUID *providerKey; GUID layerKey; FWP_FILTER_ENUM_TYPE enumType; UINT32 flags;
// FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0 *providerContextTemplate; UINT32 numFilterConditions; FWPM_FILTER_CONDITION0 *filterCondition;
// UINT32 actionMask; GUID *calloutKey; } FWPM_FILTER_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_FILTER_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_FILTER_ENUM_TEMPLATE0
{
/// Uniquely identifies the provider associated with this filter.
public GuidPtr providerKey;
/// Layer whose fields are to be enumerated.
public Guid layerKey;
/// A FWP_FILTER_ENUM_TYPE value that determines how the filter conditions are interpreted.
public FWP_FILTER_ENUM_TYPE enumType;
///
///
///
/// Value
/// Meaning
///
/// -
/// FWP_FILTER_ENUM_FLAG_BEST_TERMINATING_MATCH
/// Only return the terminating filter with the highest weight.
///
/// -
/// FWP_FILTER_ENUM_FLAG_SORTED
/// Return all matching filters sorted by weight (highest to lowest).
///
/// -
/// FWP_FILTER_ENUM_FLAG_BOOTTIME_ONLY
/// Return only boot-time filters.
///
/// -
/// FWP_FILTER_ENUM_FLAG_INCLUDE_BOOTTIME
/// Include boot-time filters; ignored if the FWP_FILTER_ENUM_FLAG_BOOTTIME_ONLY flag is set.
///
/// -
/// FWP_FILTER_ENUM_FLAG_INCLUDE_DISABLED
/// Include disabled filters; ignored if the FWP_FILTER_ENUM_FLAG_BOOTTIME_ONLY flag is set.
///
///
///
public FWP_FILTER_ENUM_FLAG flags;
///
/// A structure that is used to limit the number of filters enumerated. If non-
/// NULL, only enumerate filters whose provider context matches the template.
///
public IntPtr providerContextTemplate;
/// Number of filter conditions. If zero, then all filters match.
public uint numFilterConditions;
///
/// An array of FWPM_FILTER_CONDITION0 structures that contain distinct filter conditions (duplicated filter conditions will generate
/// an error).
///
public IntPtr filterCondition;
///
/// Only filters whose action type contains at least one of the bits in actionMask will be returned.
///
///
/// Value
/// Meaning
///
/// -
/// 0xFFFFFFFF
/// Ignore the filter's action type when enumerating.
///
/// -
/// FWP_ACTION_FLAG_CALLOUT
/// Enumerate callouts only.
///
///
///
public FWP_ACTION_TYPE actionMask;
/// Uniquely identifies the callout.
public GuidPtr calloutKey;
}
/// The FWPM_FILTER_SUBSCRIPTION0 structure is used to subscribe for change notifications.
///
/// Notifications are only dispatched for filters that match the template.
/// If the template is NULL, it matches all filters.
///
/// FWPM_FILTER_SUBSCRIPTION0 is a specific implementation of FWPM_FILTER_SUBSCRIPTION. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_filter_subscription0 typedef struct
// FWPM_FILTER_SUBSCRIPTION0_ { FWPM_FILTER_ENUM_TEMPLATE0 *enumTemplate; UINT32 flags; GUID sessionKey; } FWPM_FILTER_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_FILTER_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_FILTER_SUBSCRIPTION0
{
/// A FWPM_FILTER_ENUM_TEMPLATE0 structure used to limit the subscription.
public IntPtr enumTemplate;
///
/// The notification type(s) received by the subscription.
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD
/// Subscribe to filter add notifications.
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE
/// Subscribe to filter delete notifications.
///
///
///
public FWPM_SUBSCRIPTION_FLAG flags;
/// Uniquely identifies this session.
public Guid sessionKey;
}
/// The FWPM_FILTER0 structure stores the state associated with a filter.
///
/// The first ten members of this structure contain information supplied when adding objects.
/// The last members, filterId and effectiveWeight, provides additional information when getting/enumerating objects.
///
/// FWPM_FILTER0 is a specific implementation of FWPM_FILTER. See WFP Version-Independent Names and Targeting Specific Versions of
/// Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_filter0 typedef struct FWPM_FILTER0_ { GUID filterKey;
// FWPM_DISPLAY_DATA0 displayData; UINT32 flags; GUID *providerKey; FWP_BYTE_BLOB providerData; GUID layerKey; GUID subLayerKey;
// FWP_VALUE0 weight; UINT32 numFilterConditions; FWPM_FILTER_CONDITION0 *filterCondition; FWPM_ACTION0 action; union { UINT64
// rawContext; GUID providerContextKey; }; GUID *reserved; UINT64 filterId; FWP_VALUE0 effectiveWeight; } FWPM_FILTER0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_FILTER0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_FILTER0
{
///
/// Uniquely identifies the session.
/// If the GUID is initialized to zero in the call to FwpmFilterAdd0, the Base Filtering Engine (BFE) will generate one.
///
public Guid filterKey;
///
/// A FWPM_DISPLAY_DATA0 structure that contains human-readable annotations associated with the filter. The name member of the
/// FWPM_DISPLAY_DATA0 structure is required.
///
public FWPM_DISPLAY_DATA0 displayData;
///
/// A combination of the following values.
///
///
/// Filter flag
/// Meaning
///
/// -
/// FWPM_FILTER_FLAG_NONE
/// Default.
///
/// -
/// FWPM_FILTER_FLAG_PERSISTENT
/// Filter is persistent, that is, it survives across BFE stop/start.
///
/// -
/// FWPM_FILTER_FLAG_BOOTTIME
/// Filter is enforced at boot-time, even before BFE starts.
///
/// -
/// FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT
/// Filter references a provider context.
///
/// -
/// FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT
/// Clear filter action right.
///
/// -
/// FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED
/// If the callout is not registered, the filter is treated as a permit filter.
///
/// -
/// FWPM_FILTER_FLAG_DISABLED
///
/// Filter is disabled. A provider's filters are disabled when the BFE starts if the provider has no associated Windows service name,
/// or if the associated service is not set to auto-start.
///
///
/// -
/// FWPM_FILTER_FLAG_INDEXED
/// Filter is indexed to help enable faster lookup during classification.
///
///
///
public FWPM_FILTER_FLAG flags;
///
/// Optional GUID of the policy provider that manages this filter. See Built-in Provider Identifiers for a list of predefined policy providers.
///
public GuidPtr providerKey;
///
/// A FWP_BYTE_BLOB structure that contains optional provider-specific data used by providers to store additional context information
/// with the object.
///
public FWP_BYTE_BLOB providerData;
/// GUID of the layer where the filter resides. See Filtering Layer Identifiers for a list of possible values.
public Guid layerKey;
///
/// GUID of the sub-layer where the filter resides. See Filtering Sub-Layer Identifiers for a list of built-in sub-layers.
/// If this is set to IID_NULL, the filter is added to the default sublayer.
///
public Guid subLayerKey;
///
/// A FWP_VALUE0 structure that specifies the weight of the filter. Possible type values for weight are as follows.
///
///
/// weight type
/// Meaning
///
/// -
/// FWP_UINT64
/// BFE will use the supplied value as the filter's weight.
///
/// -
/// FWP_UINT8 0–15
///
/// BFE will use the supplied value as a weight range index and will compute the filter's weight in that range. See Filter Weight
/// Assignment for more information.
///
///
/// -
/// FWP_EMPTY
/// BFE will automatically assign a weight based on the filter conditions.
///
///
/// See Filter Weight Identifiers for built-in constants that may be used to compute the filter weight.
///
public FWP_VALUE0 weight;
/// Number of filter conditions.
public uint numFilterConditions;
///
///
/// Array of FWPM_FILTER_CONDITION0 structures that contain all the filtering conditions. All must be true for the action to be
/// performed. In other words, the conditions are evaluated using the AND operator. If no conditions are specified, the action is
/// always performed.
///
///
/// Note In Windows 7 and Windows Server 2008 R2, consecutive conditions with the same fieldKey will be evaluated using the OR operator.
///
///
public IntPtr filterCondition;
///
///
/// Array of FWPM_FILTER_CONDITION0 structures that contain all the filtering conditions. All must be true for the action to be
/// performed. In other words, the conditions are evaluated using the AND operator. If no conditions are specified, the action is
/// always performed.
///
///
/// Note In Windows 7 and Windows Server 2008 R2, consecutive conditions with the same fieldKey will be evaluated using the OR operator.
///
///
public IEnumerable FilterConditions => filterCondition.ToIEnum((int)numFilterConditions);
/// A FWPM_ACTION0 structure that specifies the action to be performed if all the filter conditions are true.
public FWPM_ACTION0 action;
///
///
/// Available when the filter does not have provider context information, that is, flags does not contain
/// FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT. See Filter Context Identifiers for a list of built-in possible values.
///
///
/// The rawContext is placed 'as is' in the context member of the corresponding FWPS_FILTER0 structure, which is
/// documented in the WDK.
///
///
public ulong rawContext;
///
///
/// Available when the filter has provider context information, that is, flags contains
/// FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT. See Built-in Provider Context Identifiers for a list of predefined policy provider contexts.
///
///
/// The LUID of the provider context specified by the providerContextKey is used to fill in the context member of the
/// corresponding FWPS_FILTER0 structure, which is documented in the WDK.
///
///
public Guid providerContextKey;
/// Reserved for system use.
public GuidPtr reserved;
///
/// LUID identifying the filter. This is also the LUID of the corresponding FWPS_FILTER0 structure, which is documented in the WDK.
///
public ulong filterId;
/// An FWP_VALUE0 structure that contains the weight assigned to FWPS_FILTER0, which is documented in the WDK.
public FWP_VALUE0 effectiveWeight;
}
/// The FWPM_LAYER_ENUM_TEMPLATE0 structure is used for enumerating layers.
///
/// Currently, there is no way to limit the enumeration — all layers are returned.
///
/// FWPM_LAYER_ENUM_TEMPLATE0 is a specific implementation of FWPM_LAYER_ENUM_TEMPLATE. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_layer_enum_template0 typedef struct
// FWPM_LAYER_ENUM_TEMPLATE0_ { UINT64 reserved; } FWPM_LAYER_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_LAYER_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_LAYER_ENUM_TEMPLATE0
{
/// Reserved for system use.
public ulong reserved;
}
/// The FWPM_LAYER_STATISTICS0 structure stores statistics related to a layer.
///
/// FWPM_LAYER_STATISTICS0 is a specific implementation of FWPM_LAYER_STATISTICS. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_layer_statistics0 typedef struct
// FWPM_LAYER_STATISTICS0_ { GUID layerId; UINT32 classifyPermitCount; UINT32 classifyBlockCount; UINT32 classifyVetoCount; UINT32
// numCacheEntries; } FWPM_LAYER_STATISTICS0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_LAYER_STATISTICS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_LAYER_STATISTICS0
{
///
/// Type: GUID
/// Identifier of the layer.
///
public Guid layerId;
///
/// Type: UINT32
/// Number of permitted connections.
///
public uint classifyPermitCount;
///
/// Type: UINT32
/// Number of blocked connections.
///
public uint classifyBlockCount;
///
/// Type: UINT32
/// Number of vetoed connections.
///
public uint classifyVetoCount;
/// Type: UINT32
public uint numCacheEntries;
}
/// The FWPM_LAYER0 structure contains schema information for a layer.
///
/// FWPM_LAYER0 is a specific implementation of FWPM_LAYER. See WFP Version-Independent Names and Targeting Specific Versions of
/// Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_layer0 typedef struct FWPM_LAYER0_ { GUID layerKey;
// FWPM_DISPLAY_DATA0 displayData; UINT32 flags; UINT32 numFields; FWPM_FIELD0 *field; GUID defaultSubLayerKey; UINT16 layerId; } FWPM_LAYER0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_LAYER0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_LAYER0
{
/// Uniquely identifies the layer.
public Guid layerKey;
/// Allows layers to be annotated in a human-readable form. The FWPM_DISPLAY_DATA0 structure is not NULL.
public FWPM_DISPLAY_DATA0 displayData;
///
/// Possible values:
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_LAYER_FLAG_KERNEL
/// Layer classified in kernel-mode.
///
/// -
/// FWPM_LAYER_FLAG_BUILTIN
/// Layer built-in. Cannot be deleted.
///
/// -
/// FWPM_LAYER_FLAG_CLASSIFY_MOSTLY
/// Layer optimized for classification rather than enumeration.
///
/// -
/// FWPM_LAYER_FLAG_BUFFERED
/// Layer is buffered.
///
///
///
public FWPM_LAYER_FLAG flags;
/// Number of fields in the layer.
public uint numFields;
///
/// Schema information for the layer's fields.
/// See for more information.
///
public IntPtr field;
///
/// Schema information for the layer's fields.
/// See for more information.
///
public IEnumerable Fields => field.ToIEnum((int)numFields);
/// Sublayer used when a filter is added with a null sublayer.
public Guid defaultSubLayerKey;
/// LUID that identifies this layer.
public ushort layerId;
}
///
/// The FWPM_NET_EVENT_CAPABILITY_ALLOW0 structure contains information about network traffic allowed in relation to an app
/// container network capability.. The specified app container network capability grants access to network resources, and the specified
/// filter identifier enforces allowing access.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_capability_allow0 typedef struct
// FWPM_NET_EVENT_CAPABILITY_ALLOW0_ { FWPM_APPC_NETWORK_CAPABILITY_TYPE networkCapabilityId; UINT64 filterId; BOOL isLoopback; } FWPM_NET_EVENT_CAPABILITY_ALLOW0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_CAPABILITY_ALLOW0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_CAPABILITY_ALLOW0
{
///
/// Type: FWPM_APPC_NETWORK_CAPABILITY_TYPE
/// The specific app container network capability allowing this traffic.
///
public FWPM_APPC_NETWORK_CAPABILITY_TYPE networkCapabilityId;
///
/// Type: UINT64
/// A LUID identifying the WFP filter enforcing the allowed access intended by the capability in networkCapabilityId.
///
public ulong filterId;
///
/// Type: BOOL
/// True if the packet originated from (or was heading to) the loopback adapter; otherwise, false.
///
[MarshalAs(UnmanagedType.Bool)]
public bool isLoopback;
}
///
/// The FWPM_NET_EVENT_CAPABILITY_DROP0 structure contains information about network traffic dropped in relation to an app
/// container network capability. Traffic is dropped due to the specified app container network capability and enforced by the specified
/// filter identifier.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_capability_drop0 typedef struct
// FWPM_NET_EVENT_CAPABILITY_DROP0_ { FWPM_APPC_NETWORK_CAPABILITY_TYPE networkCapabilityId; UINT64 filterId; BOOL isLoopback; } FWPM_NET_EVENT_CAPABILITY_DROP0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_CAPABILITY_DROP0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_CAPABILITY_DROP0
{
///
/// Type: FWPM_APPC_NETWORK_CAPABILITY_TYPE
/// The specific app container network capability which was missing, therefore causing this traffic to be denied.
///
public FWPM_APPC_NETWORK_CAPABILITY_TYPE networkCapabilityId;
///
/// Type: UINT64
/// A LUID identifying the WFP filter where the traffic drop occurred.
///
public ulong filterId;
///
/// Type: BOOL
/// True if the packet originated from (or was heading to) the loopback adapter; otherwise, false.
///
[MarshalAs(UnmanagedType.Bool)]
public bool isLoopback;
}
///
/// The FWPM_NET_EVENT_CLASSIFY_ALLOW0 structure contains information that describes allowed traffic as enforced by the WFP
/// classify engine.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_classify_allow0 typedef struct
// FWPM_NET_EVENT_CLASSIFY_ALLOW0 { UINT64 filterId; UINT16 layerId; UINT32 reauthReason; UINT32 originalProfile; UINT32 currentProfile;
// UINT32 msFwpDirection; BOOL isLoopback; } FWPM_NET_EVENT_CLASSIFY_ALLOW0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_CLASSIFY_ALLOW0")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_CLASSIFY_ALLOW0
{
///
/// Type: UINT64
/// A LUID identifying the WFP filter allowing this traffic.
///
public ulong filterId;
///
/// Type: UINT16
///
/// The identifier of the WFP filtering layer where the filter specified in filterId is stored. For more information, see
/// Filtering Layer Identifiers.
///
///
public ushort layerId;
///
/// Type: UINT32
/// The reason for reauthorizing a previously authorized connection.
///
public uint reauthReason;
///
/// Type: UINT32
/// The identifier of the profile to which the packet was received (or from which the packet was sent).
///
public uint originalProfile;
///
/// Type: UINT32
/// The identifier of the profile where the packet was when the failure occurred.
///
public uint currentProfile;
///
/// Type: UINT32
/// Indicates the direction of the packet transmission. Possible values are FWP_DIRECTION_INBOUND or FWP_DIRECTION_OUTBOUND.
///
public FWP_DIRECTION msFwpDirection;
///
/// Type: BOOL
/// If true, indicates that the packet originated from (or was heading to) the loopback adapter; otherwise, false.
///
[MarshalAs(UnmanagedType.Bool)]
public bool isLoopback;
}
/// The FWPM_NET_EVENT_CLASSIFY_DROP_MAC0 structure contains information that describes a MAC layer drop failure.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_classify_drop_mac0 typedef struct
// FWPM_NET_EVENT_CLASSIFY_DROP_MAC0_ { FWP_BYTE_ARRAY6 localMacAddr; FWP_BYTE_ARRAY6 remoteMacAddr; UINT32 mediaType; UINT32 ifType;
// UINT16 etherType; UINT32 ndisPortNumber; UINT32 reserved; UINT16 vlanTag; UINT64 ifLuid; UINT64 filterId; UINT16 layerId; UINT32
// reauthReason; UINT32 originalProfile; UINT32 currentProfile; UINT32 msFwpDirection; BOOL isLoopback; FWP_BYTE_BLOB vSwitchId; UINT32
// vSwitchSourcePort; UINT32 vSwitchDestinationPort; } FWPM_NET_EVENT_CLASSIFY_DROP_MAC0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_CLASSIFY_DROP_MAC0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_CLASSIFY_DROP_MAC0
{
/// The local MAC address.
public FWP_BYTE_ARRAY6 localMacAddr;
/// The remote MAC address.
public FWP_BYTE_ARRAY6 remoteMacAddr;
/// The media type of the NDIS port.
public uint mediaType;
///
/// The interface type, as defined by the Internet Assigned Names Authority (IANA). Possible values for the interface type are listed
/// in the Ipifcons.h include file.
///
public uint ifType;
///
/// Indicates which protocol is encapsulated in the frame data. The values used for this field comes from the Ethernet V2
/// specification's numbering space.
///
public ushort etherType;
/// The number assigned to the NDIS port.
public uint ndisPortNumber;
/// Reserved for internal use.
public uint reserved;
/// The VLAN (802.1p/q) VID, CFI, and Priority fields marshaled into a 16-bit value. (See VLAN_TAG in netiodef.h.)
public ushort vlanTag;
/// The interface LUID corresponding to the network interface with which this packet is associated.
public ulong ifLuid;
/// The LUID identifying the filter where the failure occurred.
public ulong filterId;
/// The identifier of the filtering layer where the failure occurred. For more information, see Filtering Layer Identifiers
public ushort layerId;
/// Indicates the reason for reauthorizing a previously authorized connection.
public uint reauthReason;
/// Indicates the identifier of the profile to which the packet was received (or from which the packet was sent).
public uint originalProfile;
/// Indicates the identifier of the profile where the packet was when the failure occurred.
public uint currentProfile;
///
/// Indicates the direction of the packet transmission.
/// Possible values:
///
///
/// Value
/// Meaning
///
/// -
/// FWP_DIRECTION_IN
/// The packet is inbound. 0x00003900L
///
/// -
/// FWP_DIRECTION_OUT
/// The packet is outbound. 0x00003901L
///
/// -
/// FWP_DIRECTION_FORWARD
/// The packet is traversing an interface which it must pass through on the way to its destination. 0x00003902L
///
///
///
public FWP_DIRECTION msFwpDirection;
/// Indicates whether the packet originated from (or was heading to) the loopback adapter.
[MarshalAs(UnmanagedType.Bool)] public bool isLoopback;
/// GUID identifier of a vSwitch.
public FWP_BYTE_BLOB vSwitchId;
/// Transient source port of a packet within the vSwitch.
public uint vSwitchSourcePort;
/// Transient destination port of a packet within the vSwitch.
public uint vSwitchDestinationPort;
}
///
/// The FWPM_NET_EVENT_CLASSIFY_DROP0 structure contains information that describes a layer drop failure.
/// FWPM_NET_EVENT_CLASSIFY_DROP1 is available. For Windows 8, FWPM_NET_EVENT_CLASSIFY_DROP2 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_classify_drop0 typedef struct
// FWPM_NET_EVENT_CLASSIFY_DROP0_ { UINT64 filterId; UINT16 layerId; } FWPM_NET_EVENT_CLASSIFY_DROP0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_CLASSIFY_DROP0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_CLASSIFY_DROP0
{
/// A LUID identifying the filter where the failure occurred.
public ulong filterId;
///
/// Indicates the identifier of the filtering layer where the failure occurred. For more information, see Filtering Layer Identifiers.
///
public ushort layerId;
}
///
/// The FWPM_NET_EVENT_CLASSIFY_DROP1 structure contains information that describes a layer drop failure.
/// FWPM_NET_EVENT_CLASSIFY_DROP0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_classify_drop1 typedef struct
// FWPM_NET_EVENT_CLASSIFY_DROP1_ { UINT64 filterId; UINT16 layerId; UINT32 reauthReason; UINT32 originalProfile; UINT32 currentProfile;
// UINT32 msFwpDirection; BOOL isLoopback; } FWPM_NET_EVENT_CLASSIFY_DROP1;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_CLASSIFY_DROP1_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_CLASSIFY_DROP1
{
/// A LUID identifying the filter where the failure occurred.
public ulong filterId;
///
/// Indicates the identifier of the filtering layer where the failure occurred. For more information, see Filtering Layer Identifiers.
///
public ushort layerId;
/// Indicates the reason for reauthorizing a previously authorized connection.
public uint reauthReason;
/// Indicates the identifier of the profile to which the packet was received (or from which the packet was sent).
public uint originalProfile;
/// Indicates the identifier of the profile where the packet was when the failure occurred.
public uint currentProfile;
///
/// Indicates the direction of the packet transmission.
/// Possible values:
///
///
/// Value
/// Meaning
///
/// -
/// FWP_DIRECTION_IN 0x00003900L
/// The packet is inbound.
///
/// -
/// FWP_DIRECTION_OUT 0x00003901L
/// The packet is outbound.
///
/// -
/// FWP_DIRECTION_FORWARD 0x00003902L
/// The packet is traversing an interface which it must pass through on the way to its destination.
///
///
///
public FWP_DIRECTION msFwpDirection;
/// Indicates whether the packet originated from (or was heading to) the loopback adapter.
[MarshalAs(UnmanagedType.Bool)]
public bool isLoopback;
}
///
/// The FWPM_NET_EVENT_CLASSIFY_DROP2 structure contains information that describes a layer drop failure.
/// FWPM_NET_EVENT_CLASSIFY_DROP1 is available. For Windows Vista, FWPM_NET_EVENT_CLASSIFY_DROP0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_classify_drop2 typedef struct
// FWPM_NET_EVENT_CLASSIFY_DROP2_ { UINT64 filterId; UINT16 layerId; UINT32 reauthReason; UINT32 originalProfile; UINT32 currentProfile;
// UINT32 msFwpDirection; BOOL isLoopback; FWP_BYTE_BLOB vSwitchId; UINT32 vSwitchSourcePort; UINT32 vSwitchDestinationPort; } FWPM_NET_EVENT_CLASSIFY_DROP2;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_CLASSIFY_DROP2_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_CLASSIFY_DROP2
{
/// A LUID identifying the filter where the failure occurred.
public ulong filterId;
///
/// Indicates the identifier of the filtering layer where the failure occurred. For more information, see Filtering Layer Identifiers.
///
public ushort layerId;
/// Indicates the reason for reauthorizing a previously authorized connection.
public uint reauthReason;
/// Indicates the identifier of the profile to which the packet was received (or from which the packet was sent).
public uint originalProfile;
/// Indicates the identifier of the profile where the packet was when the failure occurred.
public uint currentProfile;
///
/// Indicates the direction of the packet transmission.
/// Possible values:
///
///
/// Value
/// Meaning
///
/// -
/// FWP_DIRECTION_IN 0x00003900L
/// The packet is inbound.
///
/// -
/// FWP_DIRECTION_OUT 0x00003901L
/// The packet is outbound.
///
/// -
/// FWP_DIRECTION_FORWARD 0x00003902L
/// The packet is traversing an interface which it must pass through on the way to its destination.
///
///
///
public FWP_DIRECTION msFwpDirection;
/// Indicates whether the packet originated from (or was heading to) the loopback adapter.
[MarshalAs(UnmanagedType.Bool)] public bool isLoopback;
/// GUID identifier of a vSwitch.
public FWP_BYTE_BLOB vSwitchId;
/// Transient source port of a packet within the vSwitch.
public uint vSwitchSourcePort;
/// Transient destination port of a packet within the vSwitch.
public uint vSwitchDestinationPort;
}
/// The FWPM_NET_EVENT_ENUM_TEMPLATE0 structure is used for enumerating net events.
///
/// FWPM_NET_EVENT_ENUM_TEMPLATE0 is a specific implementation of FWPM_NET_EVENT_ENUM_TEMPLATE. See WFP Version-Independent Names
/// and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_enum_template0 typedef struct
// FWPM_NET_EVENT_ENUM_TEMPLATE0_ { FILETIME startTime; FILETIME endTime; UINT32 numFilterConditions; FWPM_FILTER_CONDITION0
// *filterCondition; } FWPM_NET_EVENT_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_ENUM_TEMPLATE0
{
/// A FILETIME structure that specifies the start time of the period to be checked for net events.
public FILETIME startTime;
///
/// A FILETIME structure that specifies the end time of the period to be checked for net events. It must be greater than or equal to startTime.
///
public FILETIME endTime;
///
/// Indicates the number of filter conditions in the filterCondition member. If this field is 0, all events will be returned.
///
public uint numFilterConditions;
///
///
/// An array of structures that contain distinct filter conditions (duplicated filter conditions
/// will generate an error). All conditions must be true for the action to be performed. In other words, the conditions are AND'ed
/// together. If no conditions are specified, the action is always performed.
///
/// Supported filtering conditions.
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_CONDITION_IP_PROTOCOL
/// The IP protocol number, as specified in RFC 1700.
///
/// -
/// FWPM_CONDITION_IP_LOCAL_ADDRESS
/// The local IP address.
///
/// -
/// FWPM_CONDITION_IP_REMOTE_ADDRESS
/// The remote IP address.
///
/// -
/// FWPM_CONDITION_IP_LOCAL_PORT
/// The local transport protocol port number. For ICMP, the message type.
///
/// -
/// FWPM_CONDITION_IP_REMOTE_PORT
/// The remote transport protocol port number. For ICMP, the message code.
///
/// -
/// FWPM_CONDITION_SCOPE_ID
/// The interface IPv6 scope identifier. Reserved for internal use.
///
/// -
/// FWPM_CONDITION_ALE_APP_ID
/// The full path of the application.
///
/// -
/// FWPM_CONDITION_ALE_USER_ID
/// The identification of the local user.
///
///
///
public IntPtr filterCondition;
}
/// The FWPM_NET_EVENT_HEADER0 structure contains information common to all events. FWPM_NET_EVENT_HEADER2 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_header0 typedef struct
// FWPM_NET_EVENT_HEADER0_ { FILETIME timeStamp; UINT32 flags; FWP_IP_VERSION ipVersion; UINT8 ipProtocol; union { UINT32 localAddrV4;
// FWP_BYTE_ARRAY16 localAddrV6; }; union { UINT32 remoteAddrV4; FWP_BYTE_ARRAY16 remoteAddrV6; }; UINT16 localPort; UINT16 remotePort;
// UINT32 scopeId; FWP_BYTE_BLOB appId; SID *userId; } FWPM_NET_EVENT_HEADER0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_HEADER0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_HEADER0
{
/// A FILETIME structure that specifies the time the event occurred
public FILETIME timeStamp;
///
/// Flags indicating which of the following members are set. Unused fields must be zero-initialized.
///
///
/// Net event flag
/// Meaning
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
/// The ipProtocol member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
///
/// Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
///
/// Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
/// The localPort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
/// The remotePort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_APP_ID_SET
/// The appId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_USER_ID_SET
/// The userId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_SCOPE_ID_SET
/// The scopeId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET
/// The ipVersion member is set.
///
///
///
public FWPM_NET_EVENT_FLAG flags;
/// A FWP_IP_VERSION value that specifies the IP version being used.
public FWP_IP_VERSION ipVersion;
///
/// IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.
///
public byte ipProtocol;
private FWP_BYTE_ARRAY_ADDR local;
///
/// Specifies an IPv4 local address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR localAddrV4 { get => local.addr; set => local.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 local address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR localAddrV6 { get => local.addr6; set => local.addr6 = value; }
private FWP_BYTE_ARRAY_ADDR remote;
///
/// Specifies an IPv4 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR remoteAddrV4 { get => remote.addr; set => remote.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR remoteAddrV6 { get => remote.addr6; set => remote.addr6 = value; }
/// Specifies a local port.
public ushort localPort;
/// Specifies a remote port.
public ushort remotePort;
/// IPv6 scope ID.
public uint scopeId;
/// A FWP_BYTE_BLOB that contains the application ID of the local application associated with the event.
public FWP_BYTE_BLOB appId;
/// Contains a user ID that corresponds to the traffic.
public PSID userId;
}
///
/// The FWPM_NET_EVENT_HEADER1 structure contains information common to all events. Reserved.
/// FWPM_NET_EVENT_HEADER2 is available.
///
///
/// The unnamed struct specifies details related to Ethernet traffic. It's available when addressFamily is FWP_AF_ETHER.
/// This structure is reserved for system use. FWPM_NET_EVENT_HEADER2 should be used in place of FWPM_NET_EVENT_HEADER1.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_header1 typedef struct
// FWPM_NET_EVENT_HEADER1_ { FILETIME timeStamp; UINT32 flags; FWP_IP_VERSION ipVersion; UINT8 ipProtocol; union { UINT32 localAddrV4;
// FWP_BYTE_ARRAY16 localAddrV6; }; union { UINT32 remoteAddrV4; FWP_BYTE_ARRAY16 remoteAddrV6; }; UINT16 localPort; UINT16 remotePort;
// UINT32 scopeId; FWP_BYTE_BLOB appId; SID *userId; union { struct { FWP_AF reserved1; union { struct { FWP_BYTE_ARRAY6 reserved2;
// FWP_BYTE_ARRAY6 reserved3; UINT32 reserved4; UINT32 reserved5; UINT16 reserved6; UINT32 reserved7; UINT32 reserved8; UINT16 reserved9;
// UINT64 reserved10; }; }; }; }; } FWPM_NET_EVENT_HEADER1;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_HEADER1_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_HEADER1
{
/// A FILETIME structure that specifies the time the event occurred.
public FILETIME timeStamp;
///
/// Flags indicating which of the following members are set. Unused fields must be zero-initialized.
///
///
/// Net event flag
/// Meaning
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
/// The ipProtocol member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
///
/// Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
///
/// Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
/// The localPort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
/// The remotePort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_APP_ID_SET
/// The appId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_USER_ID_SET
/// The userId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_SCOPE_ID_SET
/// The scopeId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET
/// The ipVersion member is set.
///
///
///
public FWPM_NET_EVENT_FLAG flags;
/// An FWP_IP_VERSION value that specifies the IP version being used.
public FWP_IP_VERSION ipVersion;
///
/// IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.
///
public IPPROTO ipProtocol;
private FWP_BYTE_ARRAY_ADDR local;
///
/// Specifies an IPv4 local address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR localAddrV4 { get => local.addr; set => local.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 local address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR localAddrV6 { get => local.addr6; set => local.addr6 = value; }
private FWP_BYTE_ARRAY_ADDR remote;
///
/// Specifies an IPv4 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR remoteAddrV4 { get => remote.addr; set => remote.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR remoteAddrV6 { get => remote.addr6; set => remote.addr6 = value; }
/// Specifies a local port.
public ushort localPort;
/// Specifies a remote port.
public ushort remotePort;
/// IPv6 scope ID.
public uint scopeId;
/// An FWP_BYTE_BLOB that specifies the application ID of the local application associated with the event.
public FWP_BYTE_BLOB appId;
/// Contains a user ID that corresponds to the traffic.
public PSID userId;
///
/// Specifies a superset of non-Internet protocols.
/// Available when ipVersion is FWP_IP_VERSION_NONE.
///
public FWP_AF reserved1;
private readonly uint pad1;
/// A FWP_BYTE_ARRAY6 structure.
public FWP_BYTE_ARRAY6 reserved2;
/// A FWP_BYTE_ARRAY6 structure.
public FWP_BYTE_ARRAY6 reserved3;
/// A DL_ADDRESS_TYPE enumeration.
public uint reserved4;
/// A FWP_ETHER_ENCAP_METHOD enumeration.
public uint reserved5;
/// Indicates which protocol is encapsulated in the frame data.
public ushort reserved6;
/// The SNAP (IEEE 802.2) DSAP, SSAP, and Control fields marshaled into a 32-bit value.
public uint reserved7;
/// The SNAP (IEEE 802.2) Organizationally Unique Identifier (OUI) marshaled into a 32-bit value.
public uint reserved8;
/// The VLAN (802.1p/q) VID, CFI, and Priority bits marshaled into a 16-bit value.
public ushort reserved9;
private readonly uint pad2;
/// The interface LUID corresponding to the network interface with which this packet is associated.
public ulong reserved10;
}
/// The FWPM_NET_EVENT_HEADER2 structure contains information common to all events. FWPM_NET_EVENT_HEADER0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_header2 typedef struct
// FWPM_NET_EVENT_HEADER2_ { FILETIME timeStamp; UINT32 flags; FWP_IP_VERSION ipVersion; UINT8 ipProtocol; union { UINT32 localAddrV4;
// FWP_BYTE_ARRAY16 localAddrV6; }; union { UINT32 remoteAddrV4; FWP_BYTE_ARRAY16 remoteAddrV6; }; UINT16 localPort; UINT16 remotePort;
// UINT32 scopeId; FWP_BYTE_BLOB appId; SID *userId; FWP_AF addressFamily; SID *packageSid; } FWPM_NET_EVENT_HEADER2;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_HEADER2_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_HEADER2
{
///
/// Type: FILETIME
/// Time that the event occurred.
///
public FILETIME timeStamp;
///
/// Type: UINT32
/// Flags indicating which of the following members are set. Unused fields must be zero-initialized.
///
///
/// Net event flag
/// Meaning
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
/// The ipProtocol member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
///
/// Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
///
/// Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
/// The localPort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
/// The remotePort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_APP_ID_SET
/// The appId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_USER_ID_SET
/// The userId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_SCOPE_ID_SET
/// The scopeId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET
/// The ipVersion member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET
/// Indicates an existing connection was reauthorized.
///
/// -
/// FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
/// The packageSid member is set.
///
///
///
public FWPM_NET_EVENT_FLAG flags;
///
/// Type: FWP_IP_VERSION
/// The IP version being used.
///
public FWP_IP_VERSION ipVersion;
///
/// Type: UINT8
///
/// The IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.
///
///
public IPPROTO ipProtocol;
private FWP_BYTE_ARRAY_ADDR local;
///
/// Specifies an IPv4 local address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR localAddrV4 { get => local.addr; set => local.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 local address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR localAddrV6 { get => local.addr6; set => local.addr6 = value; }
private FWP_BYTE_ARRAY_ADDR remote;
///
/// Specifies an IPv4 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR remoteAddrV4 { get => remote.addr; set => remote.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR remoteAddrV6 { get => remote.addr6; set => remote.addr6 = value; }
///
/// Type: UINT16
/// The local port.
///
public ushort localPort;
///
/// Type: UINT16
/// The remote port.
///
public ushort remotePort;
///
/// Type: UINT32
/// The IPv6 scope ID.
///
public uint scopeId;
///
/// Type: FWP_BYTE_BLOB
/// The application ID of the local application associated with the event.
///
public FWP_BYTE_BLOB appId;
///
/// Type: SID*
/// The user ID corresponding to the traffic.
///
public PSID userId;
///
/// Type: FWP_AF
/// A superset of non-Internet protocols.
/// Available when ipVersion is FWP_IP_VERSION_NONE.
///
public FWP_AF addressFamily;
///
/// Type: SID*
///
/// The security identifier (SID) representing the package identifier (also referred to as the app container SID) intending to send
/// or receive the network traffic.
///
///
public PSID packageSid;
}
/// The FWPM_NET_EVENT_HEADER3 structure contains information common to all events. FWPM_NET_EVENT_HEADER0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_header3 typedef struct
// FWPM_NET_EVENT_HEADER3_ { FILETIME timeStamp; UINT32 flags; FWP_IP_VERSION ipVersion; UINT8 ipProtocol; union { UINT32 localAddrV4;
// FWP_BYTE_ARRAY16 localAddrV6; }; union { UINT32 remoteAddrV4; FWP_BYTE_ARRAY16 remoteAddrV6; }; UINT16 localPort; UINT16 remotePort;
// UINT32 scopeId; FWP_BYTE_BLOB appId; SID *userId; FWP_AF addressFamily; SID *packageSid; wchar_t *enterpriseId; UINT64 policyFlags;
// FWP_BYTE_BLOB effectiveName; } FWPM_NET_EVENT_HEADER3;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_HEADER3_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_HEADER3
{
/// Time that the event occurred.
public FILETIME timeStamp;
///
/// Flags indicating which of the following members are set. Unused fields must be zero-initialized.
///
///
/// Net event flag
/// Meaning
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET
/// The ipProtocol member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET
///
/// Either the localAddrV4 member or the localAddrV6 member is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET
///
/// Either the remoteAddrV4 member of the remoteAddrV6 field is set. If this flag is present,
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET must also be present.
///
///
/// -
/// FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
/// The localPort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
/// The remotePort member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_APP_ID_SET
/// The appId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_USER_ID_SET
/// The userId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_SCOPE_ID_SET
/// The scopeId member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_IP_VERSION_SET
/// The ipVersion member is set.
///
/// -
/// FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET
/// Indicates an existing connection was reauthorized.
///
/// -
/// FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
/// The packageSid member is set.
///
///
///
public FWPM_NET_EVENT_FLAG flags;
/// The IP version being used.
public FWP_IP_VERSION ipVersion;
///
/// The IP protocol specified as an IPPROTO value. See the socket reference topic for more information on possible protocol values.
///
public IPPROTO ipProtocol;
private FWP_BYTE_ARRAY_ADDR local;
///
/// Specifies an IPv4 local address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR localAddrV4 { get => local.addr; set => local.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 local address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR localAddrV6 { get => local.addr6; set => local.addr6 = value; }
private FWP_BYTE_ARRAY_ADDR remote;
///
/// Specifies an IPv4 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR remoteAddrV4 { get => remote.addr; set => remote.addr = value; }
///
/// A FWP_BYTE_ARRAY16 that contains an IPv6 remote address.
/// Available when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR remoteAddrV6 { get => remote.addr6; set => remote.addr6 = value; }
/// The local port.
public ushort localPort;
/// The remote port.
public ushort remotePort;
/// The IPv6 scope ID.
public uint scopeId;
/// The application ID of the local application associated with the event.
public FWP_BYTE_BLOB appId;
/// The user ID corresponding to the traffic.
public PSID userId;
///
/// A superset of non-Internet protocols.
/// Available when ipVersion is FWP_IP_VERSION_NONE.
///
public FWP_AF addressFamily;
///
/// The security identifier (SID) representing the package identifier (also referred to as the app container SID) intending to send
/// or receive the network traffic.
///
public PSID packageSid;
/// The enterprise identifier for use with enterprise data protection (EDP).
[MarshalAs(UnmanagedType.LPWStr)]
public string enterpriseId;
/// The policy flags for EDP.
public ulong policyFlags;
/// The EDP remote server used for name-based policy.
public FWP_BYTE_BLOB effectiveName;
}
///
/// The FWPM_NET_EVENT_IKEEXT_EM_FAILURE0 structure contains information that describes an IKE Extended Mode (EM) failure.
/// FWPM_NET_EVENT_IKEEXT_EM_FAILURE1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_ikeext_em_failure0 typedef struct
// FWPM_NET_EVENT_IKEEXT_EM_FAILURE0_ { UINT32 failureErrorCode; IPSEC_FAILURE_POINT failurePoint; UINT32 flags; IKEEXT_EM_SA_STATE
// emState; IKEEXT_SA_ROLE saRole; IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod; UINT8 endCertHash[20]; UINT64 mmId; UINT64 qmFilterId;
// } FWPM_NET_EVENT_IKEEXT_EM_FAILURE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IKEEXT_EM_FAILURE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_IKEEXT_EM_FAILURE0
{
/// Windows error code for the failure.
public Win32Error failureErrorCode;
/// An IPSEC_FAILURE_POINT value that indicates the IPsec state when the failure occurred.
public IPSEC_FAILURE_POINT failurePoint;
///
/// Flags for the failure event.
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_MULTIPLE
/// Indicates that multiple IKE EM failure events have been reported.
///
///
///
public FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG flags;
/// An IKEEXT_EM_SA_STATE value that indicates the EM state when the failure occurred.
public IKEEXT_EM_SA_STATE emState;
/// An IKEEXT_SA_ROLE value that specifies the SA role when the failure occurred.
public IKEEXT_SA_ROLE saRole;
/// An IKEEXT_AUTHENTICATION_METHOD_TYPE value that specifies the authentication method.
public IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod;
///
///
/// SHA thumbprint hash of the end certificate corresponding to the failures that happen during building or validating certificate chains.
///
/// IKEEXT_CERT_HASH_LEN maps to 20.
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] endCertHash;
/// LUID for the Main Mode (MM) SA.
public ulong mmId;
/// Quick Mode (QM) filter ID associated with this failure.
public ulong qmFilterId;
}
///
/// The FWPM_NET_EVENT_IKEEXT_EM_FAILURE1 structure contains information that describes an IKE Extended mode (EM) failure.
/// FWPM_NET_EVENT_IKEEXT_EM_FAILURE0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_ikeext_em_failure1 typedef struct
// FWPM_NET_EVENT_IKEEXT_EM_FAILURE1_ { UINT32 failureErrorCode; IPSEC_FAILURE_POINT failurePoint; UINT32 flags; IKEEXT_EM_SA_STATE
// emState; IKEEXT_SA_ROLE saRole; IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod; UINT8 endCertHash[20]; UINT64 mmId; UINT64 qmFilterId;
// wchar_t *localPrincipalNameForAuth; wchar_t *remotePrincipalNameForAuth; UINT32 numLocalPrincipalGroupSids; LPWSTR
// *localPrincipalGroupSids; UINT32 numRemotePrincipalGroupSids; LPWSTR *remotePrincipalGroupSids; IPSEC_TRAFFIC_TYPE saTrafficType; } FWPM_NET_EVENT_IKEEXT_EM_FAILURE1;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IKEEXT_EM_FAILURE1_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_IKEEXT_EM_FAILURE1
{
/// Windows error code for the failure.
public Win32Error failureErrorCode;
/// An IPSEC_FAILURE_POINT value that indicates the IPsec state when the failure occurred.
public IPSEC_FAILURE_POINT failurePoint;
///
/// Flags for the failure event.
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_MULTIPLE
/// Indicates that multiple IKE EM failure events have been reported.
///
/// -
/// FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_BENIGN
/// Indicates that IKE EM failure events have been reported, but that the events are benign.
///
///
///
public FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG flags;
/// An IKEEXT_EM_SA_STATE value that indicates the EM state when the failure occurred.
public IKEEXT_EM_SA_STATE emState;
/// An IKEEXT_SA_ROLE value that specifies the SA role when the failure occurred.
public IKEEXT_SA_ROLE saRole;
/// An IKEEXT_AUTHENTICATION_METHOD_TYPE value that specifies the authentication method.
public IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod;
///
///
/// SHA thumbprint hash of the end certificate corresponding to the failures that happen during building or validating certificate chains.
///
/// IKEEXT_CERT_HASH_LEN maps to 20.
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] endCertHash;
/// LUID for the Main Mode (MM) SA.
public ulong mmId;
/// Quick Mode (QM) filter ID associated with this failure.
public ulong qmFilterId;
/// Name of the EM local security principal.
[MarshalAs(UnmanagedType.LPWStr)]
public string localPrincipalNameForAuth;
/// Name of the EM remote security principal.
[MarshalAs(UnmanagedType.LPWStr)]
public string remotePrincipalNameForAuth;
/// Number of groups in the local security principal's token.
public uint numLocalPrincipalGroupSids;
private readonly IntPtr _localPrincipalGroupSids;
/// Groups in the local security principal's token.
public string[] localPrincipalGroupSids => _localPrincipalGroupSids.ToStringEnum((int)numLocalPrincipalGroupSids, CharSet.Unicode).WhereNotNull().ToArray();
/// Number of groups in the remote security principal's token.
public uint numRemotePrincipalGroupSids;
private readonly IntPtr _remotePrincipalGroupSids;
/// Groups in the remote security principal's token.
public string[] remotePrincipalGroupSids => _remotePrincipalGroupSids.ToStringEnum((int)numRemotePrincipalGroupSids, CharSet.Unicode).WhereNotNull().ToArray();
/// Type of traffic for which the embedded quick mode was being negotiated.
public IPSEC_TRAFFIC_TYPE saTrafficType;
}
///
/// The FWPM_NET_EVENT_IKEEXT_MM_FAILURE0 structure contains information that describes an IKE/AuthIP Main Mode (MM) failure.
/// FWPM_NET_EVENT_IKEEXT_MM_FAILURE1 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_ikeext_mm_failure0 typedef struct
// FWPM_NET_EVENT_IKEEXT_MM_FAILURE0_ { UINT32 failureErrorCode; IPSEC_FAILURE_POINT failurePoint; UINT32 flags; IKEEXT_KEY_MODULE_TYPE
// keyingModuleType; IKEEXT_MM_SA_STATE mmState; IKEEXT_SA_ROLE saRole; IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod; UINT8
// endCertHash[20]; UINT64 mmId; UINT64 mmFilterId; } FWPM_NET_EVENT_IKEEXT_MM_FAILURE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IKEEXT_MM_FAILURE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_IKEEXT_MM_FAILURE0
{
/// Windows error code for the failure.
public Win32Error failureErrorCode;
/// An IPSEC_FAILURE_POINT value that indicates the IPsec state when the failure occurred.
public IPSEC_FAILURE_POINT failurePoint;
///
/// Flags for the failure event.
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_BENIGN
/// Indicates that the failure was benign or expected.
///
/// -
/// FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_MULTIPLE
/// Indicates that multiple failure events have been reported.
///
///
///
public FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG flags;
/// An IKEEXT_KEY_MODULE_TYPE value that specifies the type of keying module.
public IKEEXT_KEY_MODULE_TYPE keyingModuleType;
/// An IKEEXT_MM_SA_STATE value that indicates the Main Mode state when the failure occurred.
public IKEEXT_MM_SA_STATE mmState;
/// An IKEEXT_SA_ROLE value that specifies the security association (SA) role when the failure occurred.
public IKEEXT_SA_ROLE saRole;
/// An IKEEXT_AUTHENTICATION_METHOD_TYPE value that specifies the authentication method.
public IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod;
///
///
/// SHA thumbprint hash of the end certificate corresponding to the failures that happen during building or validating certificate chains.
///
/// IKEEXT_CERT_HASH_LEN maps to 20.
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] endCertHash;
/// LUID for the MM SA.
public ulong mmId;
/// Main mode filter ID.
public ulong mmFilterId;
}
///
/// The FWPM_NET_EVENT_IKEEXT_MM_FAILURE1 structure contains information that describes an IKE/AuthIP Main Mode (MM) failure.
/// FWPM_NET_EVENT_IKEEXT_MM_FAILURE0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_ikeext_mm_failure1 typedef struct
// FWPM_NET_EVENT_IKEEXT_MM_FAILURE1_ { UINT32 failureErrorCode; IPSEC_FAILURE_POINT failurePoint; UINT32 flags; IKEEXT_KEY_MODULE_TYPE
// keyingModuleType; IKEEXT_MM_SA_STATE mmState; IKEEXT_SA_ROLE saRole; IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod; UINT8
// endCertHash[20]; UINT64 mmId; UINT64 mmFilterId; wchar_t *localPrincipalNameForAuth; wchar_t *remotePrincipalNameForAuth; UINT32
// numLocalPrincipalGroupSids; LPWSTR *localPrincipalGroupSids; UINT32 numRemotePrincipalGroupSids; LPWSTR *remotePrincipalGroupSids; } FWPM_NET_EVENT_IKEEXT_MM_FAILURE1;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IKEEXT_MM_FAILURE1_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_IKEEXT_MM_FAILURE1
{
/// Windows error code for the failure.
public Win32Error failureErrorCode;
/// An IPSEC_FAILURE_POINT value that indicates the IPsec state when the failure occurred.
public IPSEC_FAILURE_POINT failurePoint;
///
/// Flags for the failure event.
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_BENIGN
/// Indicates that the failure was benign or expected.
///
/// -
/// FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_MULTIPLE
/// Indicates that multiple failure events have been reported.
///
///
///
public FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG flags;
/// An IKEEXT_KEY_MODULE_TYPE value that specifies the type of keying module.
public IKEEXT_KEY_MODULE_TYPE keyingModuleType;
/// An IKEEXT_MM_SA_STATE value that indicates the Main Mode state when the failure occurred.
public IKEEXT_MM_SA_STATE mmState;
/// An IKEEXT_SA_ROLE value that specifies the security association (SA) role when the failure occurred.
public IKEEXT_SA_ROLE saRole;
/// An IKEEXT_AUTHENTICATION_METHOD_TYPE value that specifies the authentication method.
public IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod;
///
///
/// SHA thumbprint hash of the end certificate corresponding to the failures that happen during building or validating certificate chains.
///
/// IKEEXT_CERT_HASH_LEN maps to 20.
///
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] endCertHash;
/// LUID for the MM SA.
public ulong mmId;
/// Main mode filter ID.
public ulong mmFilterId;
/// Name of the MM local security principal.
[MarshalAs(UnmanagedType.LPWStr)]
public string localPrincipalNameForAuth;
/// Name of the MM remote security principal.
[MarshalAs(UnmanagedType.LPWStr)]
public string remotePrincipalNameForAuth;
/// Number of groups in the local security principal's token.
public uint numLocalPrincipalGroupSids;
private readonly IntPtr _localPrincipalGroupSids;
/// Groups in the local security principal's token.
public string[] localPrincipalGroupSids => _localPrincipalGroupSids.ToStringEnum((int)numLocalPrincipalGroupSids, CharSet.Unicode).WhereNotNull().ToArray();
/// Number of groups in the remote security principal's token.
public uint numRemotePrincipalGroupSids;
private readonly IntPtr _remotePrincipalGroupSids;
/// Groups in the remote security principal's token.
public string[] remotePrincipalGroupSids => _remotePrincipalGroupSids.ToStringEnum((int)numRemotePrincipalGroupSids, CharSet.Unicode).WhereNotNull().ToArray();
}
///
/// The FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 structure contains information that describes an IKE/AuthIP Quick Mode (QM) failure.
///
///
/// FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 is a specific implementation of FWPM_NET_EVENT_IKEEXT_QM_FAILURE. See WFP
/// Version-Independent Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_ikeext_qm_failure0 typedef struct
// FWPM_NET_EVENT_IKEEXT_QM_FAILURE0_ { UINT32 failureErrorCode; IPSEC_FAILURE_POINT failurePoint; IKEEXT_KEY_MODULE_TYPE
// keyingModuleType; IKEEXT_QM_SA_STATE qmState; IKEEXT_SA_ROLE saRole; IPSEC_TRAFFIC_TYPE saTrafficType; union { FWP_CONDITION_VALUE0
// localSubNet; }; union { FWP_CONDITION_VALUE0 remoteSubNet; }; UINT64 qmFilterId; } FWPM_NET_EVENT_IKEEXT_QM_FAILURE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IKEEXT_QM_FAILURE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_IKEEXT_QM_FAILURE0
{
/// Windows error code for the failure.
public Win32Error failureErrorCode;
/// An IPSEC_FAILURE_POINT value that indicates the IPsec state when the failure occurred.
public IPSEC_FAILURE_POINT failurePoint;
/// An IKEEXT_KEY_MODULE_TYPE value that specifies the type of keying module.
public IKEEXT_KEY_MODULE_TYPE keyingModuleType;
/// An IKEEXT_QM_SA_STATE value that specifies the QM state when the failure occurred.
public IKEEXT_QM_SA_STATE qmState;
/// An IKEEXT_SA_ROLE value that specifies the SA role when the failure occurred.
public IKEEXT_SA_ROLE saRole;
/// An IPSEC_TRAFFIC_TYPE value that specifies the type of traffic.
public IPSEC_TRAFFIC_TYPE saTrafficType;
///
/// An FWP_CONDITION_VALUE0 structure that contains values that conditions can use when testing for matches.
/// Available when saTrafficType is IPSEC_TRAFFIC_TYPE_TUNNEL.
///
public FWP_CONDITION_VALUE0 localSubNet;
///
/// An FWP_CONDITION_VALUE0 structure that contains values that conditions can use when testing for matches.
/// Available when saTrafficType is IPSEC_TRAFFIC_TYPE_TUNNEL.
///
public FWP_CONDITION_VALUE0 remoteSubNet;
/// Quick Mode filter ID.
public ulong qmFilterId;
}
///
/// The FWPM_NET_EVENT_IPSEC_DOSP_DROP0 structure contains information that describes an IPsec DoS Protection drop event.
///
///
/// FWPM_NET_EVENT_IPSEC_DOSP_DROP0 is a specific implementation of FWPM_NET_EVENT_IPSEC_DOSP_DROP. See WFP Version-Independent
/// Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_ipsec_dosp_drop0 typedef struct
// FWPM_NET_EVENT_IPSEC_DOSP_DROP0_ { FWP_IP_VERSION ipVersion; union { UINT32 publicHostV4Addr; UINT8 publicHostV6Addr[16]; }; union {
// UINT32 internalHostV4Addr; UINT8 internalHostV6Addr[16]; }; INT32 failureStatus; FWP_DIRECTION direction; } FWPM_NET_EVENT_IPSEC_DOSP_DROP0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IPSEC_DOSP_DROP0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_IPSEC_DOSP_DROP0
{
///
/// Internet Protocol (IP) version.
/// See FWP_IP_VERSION for more information.
///
public FWP_IP_VERSION ipVersion;
private FWP_BYTE_ARRAY_ADDR pub;
///
/// The public IPv4 address of the Internet host.
/// Specified when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR publicHostV4Addr { get => pub.addr; set => pub.addr = value; }
///
/// The public IPv6 address of the Internet host.
/// Specified when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR publicHostV6Addr { get => pub.addr6; set => pub.addr6 = value; }
private FWP_BYTE_ARRAY_ADDR intern;
///
/// The internal IPv4 address of the Internet host.
/// Specified when ipVersion is FWP_IP_VERSION_V4.
///
public IN_ADDR internalHostV4Addr { get => intern.addr; set => intern.addr = value; }
///
/// The internal IPv6 address of the Internet host.
/// Specified when ipVersion is FWP_IP_VERSION_V6.
///
public IN6_ADDR internalHostV6Addr { get => intern.addr6; set => intern.addr6 = value; }
/// Contains the error code for the failure.
public Win32Error failureStatus;
/// An FWP_DIRECTION value that specifies whether the dropped packet is inbound or outbound.
public FWP_DIRECTION direction;
}
/// The FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 structure contains information that describes an IPsec kernel drop event.
///
/// FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 is a specific implementation of FWPM_NET_EVENT_IPSEC_KERNEL_DROP. See WFP
/// Version-Independent Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_ipsec_kernel_drop0 typedef struct
// FWPM_NET_EVENT_IPSEC_KERNEL_DROP0_ { INT32 failureStatus; FWP_DIRECTION direction; IPSEC_SA_SPI spi; UINT64 filterId; UINT16 layerId;
// } FWPM_NET_EVENT_IPSEC_KERNEL_DROP0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_IPSEC_KERNEL_DROP0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_IPSEC_KERNEL_DROP0
{
/// Contains the error code for the failure.
public Win32Error failureStatus;
/// An FWP_DIRECTION value that specifies whether the dropped packet is inbound or outbound.
public FWP_DIRECTION direction;
///
/// Contains the security parameters index (SPI) on the IPsec header of the packet. This will be 0 for clear text packets. The
/// IPSEC_SA_SPI is identical to a UINT32.
///
public uint spi;
///
/// Filter ID that corresponds to the IPsec callout filter. This will be available only if the packet was dropped by the IPsec callout.
///
public ulong filterId;
///
/// Layer ID that corresponds to the IPsec callout filter. This will be available only if the packet was dropped by the IPsec callout.
///
public ushort layerId;
}
///
/// The FWPM_NET_EVENT_SUBSCRIPTION0 structure stores information used to subscribe to notifications about a network event.
///
///
/// FWPM_NET_EVENT_SUBSCRIPTION0 is a specific implementation of FWPM_NET_EVENT_SUBSCRIPTION. See WFP Version-Independent Names
/// and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event_subscription0 typedef struct
// FWPM_NET_EVENT_SUBSCRIPTION0_ { FWPM_NET_EVENT_ENUM_TEMPLATE0 *enumTemplate; UINT32 flags; GUID sessionKey; } FWPM_NET_EVENT_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT_SUBSCRIPTION0
{
private readonly IntPtr _enumTemplate;
///
/// Address of an structure. Notifications are only dispatched for objects that match the
/// template. If enumTemplate is NULL, it matches all objects.
///
public FWPM_NET_EVENT_ENUM_TEMPLATE0? enumTemplate => _enumTemplate.ToNullableStructure();
/// Unused.
public uint flags;
/// Identifies the session which created the subscription.
public Guid sessionKey;
}
///
/// The FWPM_NET_EVENT0 structure contains information about all event types. FWPM_NET_EVENT1 is available. For Windows 8,
/// FWPM_NET_EVENT2 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event0 typedef struct FWPM_NET_EVENT0_ {
// FWPM_NET_EVENT_HEADER0 header; FWPM_NET_EVENT_TYPE type; union { FWPM_NET_EVENT_IKEEXT_MM_FAILURE0 *ikeMmFailure;
// FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 *ikeQmFailure; FWPM_NET_EVENT_IKEEXT_EM_FAILURE0 *ikeEmFailure; FWPM_NET_EVENT_CLASSIFY_DROP0
// *classifyDrop; FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 *ipsecDrop; FWPM_NET_EVENT_IPSEC_DOSP_DROP0 *idpDrop; }; } FWPM_NET_EVENT0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT0
{
/// A FWPM_NET_EVENT_HEADER0 structure that contains information common to all events.
public FWPM_NET_EVENT_HEADER0 header;
/// A FWPM_NET_EVENT_TYPE value that specifies the type of event.
public FWPM_NET_EVENT_TYPE type;
private IntPtr ptr;
///
/// Address of an FWPM_NET_EVENT_IKEEXT_MM_FAILURE0 structure that contains information about an IKE main mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE.
///
public SafeCoTaskMemStruct ikeMmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 structure that contains information about an IKE quick mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE.
///
public SafeCoTaskMemStruct ikeQmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IKEEXT_EM_FAILURE0 structure that contains information about an IKE user mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE.
///
public SafeCoTaskMemStruct ikeEmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_CLASSIFY_DROP0 structure that contains information about a drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_CLASSIFY_DROP.
///
public SafeCoTaskMemStruct classifyDrop { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 structure that contains information about an IPsec kernel drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP.
///
public SafeCoTaskMemStruct ipsecDrop { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IPSEC_DOSP_DROP0 structure that contains information about an IPsec DoS Protection event.
/// Available when type is FWPM_NET_EVENT_IPSEC_DOSP_DROP.
///
/// Note
/// Available only in Windows Server 2008 R2, Windows 7, and later.
///
///
public SafeCoTaskMemStruct idpDrop { get => new(ptr, false); set => ptr = value; }
}
/// The FWPM_NET_EVENT1 structure contains information about all event types. FWPM_NET_EVENT0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event1 typedef struct FWPM_NET_EVENT1_ {
// FWPM_NET_EVENT_HEADER1 header; FWPM_NET_EVENT_TYPE type; union { FWPM_NET_EVENT_IKEEXT_MM_FAILURE1 *ikeMmFailure;
// FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 *ikeQmFailure; FWPM_NET_EVENT_IKEEXT_EM_FAILURE1 *ikeEmFailure; FWPM_NET_EVENT_CLASSIFY_DROP1
// *classifyDrop; FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 *ipsecDrop; FWPM_NET_EVENT_IPSEC_DOSP_DROP0 *idpDrop; }; } FWPM_NET_EVENT1;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT1_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT1
{
/// An FWPM_NET_EVENT_HEADER1 structure that contains information common to all events.
public FWPM_NET_EVENT_HEADER1 header;
/// An FWPM_NET_EVENT_TYPE value that specifies the type of event.
public FWPM_NET_EVENT_TYPE type;
private IntPtr ptr;
///
/// Address of an FWPM_NET_EVENT_IKEEXT_MM_FAILURE1 structure that contains information about an IKE main mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE.
///
public SafeCoTaskMemStruct ikeMmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 structure that contains information about an IKE quick mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE.
///
public SafeCoTaskMemStruct ikeQmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IKEEXT_EM_FAILURE1 structure that contains information about an IKE user mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE.
///
public SafeCoTaskMemStruct ikeEmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_CLASSIFY_DROP1 structure that contains information about a drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_CLASSIFY_DROP.
///
public SafeCoTaskMemStruct classifyDrop { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 structure that contains information about an IPsec kernel drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP.
///
public SafeCoTaskMemStruct ipsecDrop { get => new(ptr, false); set => ptr = value; }
///
/// Address of an FWPM_NET_EVENT_IPSEC_DOSP_DROP0 structure that contains information about an IPsec DoS Protection event.
/// Available when type is FWPM_NET_EVENT_IPSEC_DOSP_DROP.
///
public SafeCoTaskMemStruct idpDrop { get => new(ptr, false); set => ptr = value; }
}
/// The FWPM_NET_EVENT2 structure contains information about all event types. FWPM_NET_EVENT0 is available.
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event2 typedef struct FWPM_NET_EVENT2_ {
// FWPM_NET_EVENT_HEADER2 header; FWPM_NET_EVENT_TYPE type; union { FWPM_NET_EVENT_IKEEXT_MM_FAILURE1 *ikeMmFailure;
// FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 *ikeQmFailure; FWPM_NET_EVENT_IKEEXT_EM_FAILURE1 *ikeEmFailure; FWPM_NET_EVENT_CLASSIFY_DROP2
// *classifyDrop; FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 *ipsecDrop; FWPM_NET_EVENT_IPSEC_DOSP_DROP0 *idpDrop; FWPM_NET_EVENT_CLASSIFY_ALLOW0
// *classifyAllow; FWPM_NET_EVENT_CAPABILITY_DROP0 *capabilityDrop; FWPM_NET_EVENT_CAPABILITY_ALLOW0 *capabilityAllow;
// FWPM_NET_EVENT_CLASSIFY_DROP_MAC0 *classifyDropMac; }; } FWPM_NET_EVENT2;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT2_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT2
{
///
/// Type: FWPM_NET_EVENT_HEADER2
/// Information common to all events.
///
public FWPM_NET_EVENT_HEADER2 header;
///
/// Type: FWPM_NET_EVENT_TYPE
/// The type of event.
///
public FWPM_NET_EVENT_TYPE type;
private IntPtr ptr;
///
/// Type: FWPM_NET_EVENT_IKEEXT_MM_FAILURE1*
/// Information about an IKE main mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE.
///
public SafeCoTaskMemStruct ikeMmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_IKEEXT_QM_FAILURE0*
/// Information about an IKE quick mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE.
///
public SafeCoTaskMemStruct ikeQmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_IKEEXT_EM_FAILURE1*
/// Information about an IKE user mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE.
///
public SafeCoTaskMemStruct ikeEmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_CLASSIFY_DROP2*
/// Information about a drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_CLASSIFY_DROP.
///
public SafeCoTaskMemStruct classifyDrop { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_IPSEC_KERNEL_DROP0*
/// Information about an IPsec kernel drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP.
///
public SafeCoTaskMemStruct ipsecDrop { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_IPSEC_DOSP_DROP0*
/// Information about an IPsec DoS Protection event.
/// Available when type is FWPM_NET_EVENT_IPSEC_DOSP_DROP.
///
public SafeCoTaskMemStruct idpDrop { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_CLASSIFY_ALLOW0*
/// Information about an allow event.
///
public SafeCoTaskMemStruct classifyAllow { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_CAPABILITY_DROP0*
/// Information about a capability-related drop event.
///
public SafeCoTaskMemStruct capabilityDrop { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_CAPABILITY_ALLOW0*
/// Information about a capability-related allow event.
///
public SafeCoTaskMemStruct capabilityAllow { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_NET_EVENT_CLASSIFY_DROP_MAC0*
/// Information about a MAC layer drop event.
///
public SafeCoTaskMemStruct classifyDropMac { get => new(ptr, false); set => ptr = value; }
}
///
/// The FWPM_NET_EVENT3 structure contains information about all event types. FWPM_NET_EVENT2 is available. For Windows 7,
/// FWPM_NET_EVENT1 is available. For Windows Vista, FWPM_NET_EVENT0 is available.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_net_event3 typedef struct FWPM_NET_EVENT3_ {
// FWPM_NET_EVENT_HEADER3 header; FWPM_NET_EVENT_TYPE type; union { FWPM_NET_EVENT_IKEEXT_MM_FAILURE1 *ikeMmFailure;
// FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 *ikeQmFailure; FWPM_NET_EVENT_IKEEXT_EM_FAILURE1 *ikeEmFailure; FWPM_NET_EVENT_CLASSIFY_DROP2
// *classifyDrop; FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 *ipsecDrop; FWPM_NET_EVENT_IPSEC_DOSP_DROP0 *idpDrop; FWPM_NET_EVENT_CLASSIFY_ALLOW0
// *classifyAllow; FWPM_NET_EVENT_CAPABILITY_DROP0 *capabilityDrop; FWPM_NET_EVENT_CAPABILITY_ALLOW0 *capabilityAllow;
// FWPM_NET_EVENT_CLASSIFY_DROP_MAC0 *classifyDropMac; }; } FWPM_NET_EVENT3;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_NET_EVENT3_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_NET_EVENT3
{
/// Information common to all events.
public FWPM_NET_EVENT_HEADER3 header;
/// The type of event.
public FWPM_NET_EVENT_TYPE type;
private IntPtr ptr;
///
/// Information about an IKE main mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE.
///
public SafeCoTaskMemStruct ikeMmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Information about an IKE quick mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE.
///
public SafeCoTaskMemStruct ikeQmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Information about an IKE user mode failure.
/// Available when type is FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE.
///
public SafeCoTaskMemStruct ikeEmFailure { get => new(ptr, false); set => ptr = value; }
///
/// Information about a drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_CLASSIFY_DROP.
///
public SafeCoTaskMemStruct classifyDrop { get => new(ptr, false); set => ptr = value; }
///
/// Information about an IPsec kernel drop event.
/// Available when type is FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP.
///
public SafeCoTaskMemStruct ipsecDrop { get => new(ptr, false); set => ptr = value; }
///
/// Information about an IPsec DoS Protection event.
/// Available when type is FWPM_NET_EVENT_IPSEC_DOSP_DROP.
///
public SafeCoTaskMemStruct idpDrop { get => new(ptr, false); set => ptr = value; }
/// Information about an allow event.
public SafeCoTaskMemStruct classifyAllow { get => new(ptr, false); set => ptr = value; }
/// Information about a capability-related drop event.
public SafeCoTaskMemStruct capabilityDrop { get => new(ptr, false); set => ptr = value; }
/// Information about a capability-related allow event.
public SafeCoTaskMemStruct capabilityAllow { get => new(ptr, false); set => ptr = value; }
/// Information about a MAC layer drop event.
public SafeCoTaskMemStruct classifyDropMac { get => new(ptr, false); set => ptr = value; }
}
/// The FWPM_PROVIDER_CHANGE0 structure specifies a change notification dispatched to subscribers.
///
/// FWPM_PROVIDER_CHANGE0 is a specific implementation of FWPM_PROVIDER_CHANGE. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_change0 typedef struct FWPM_PROVIDER_CHANGE0_
// { FWPM_CHANGE_TYPE changeType; GUID providerKey; } FWPM_PROVIDER_CHANGE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CHANGE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_CHANGE0
{
///
/// Type of change.
/// See FWPM_CHANGE_TYPE for more information.
///
public FWPM_CHANGE_TYPE changeType;
/// GUID of the provider that changed.
public Guid providerKey;
}
/// The FWPM_PROVIDER_CONTEXT_CHANGE0 structure contains a change notification dispatched to subscribers.
///
/// FWPM_PROVIDER_CONTEXT_CHANGE0 is a specific implementation of FWPM_PROVIDER_CONTEXT_CHANGE. See WFP Version-Independent Names
/// and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_context_change0 typedef struct
// FWPM_PROVIDER_CONTEXT_CHANGE0_ { FWPM_CHANGE_TYPE changeType; GUID providerContextKey; UINT64 providerContextId; } FWPM_PROVIDER_CONTEXT_CHANGE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CONTEXT_CHANGE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_CONTEXT_CHANGE0
{
///
/// Type of change.
/// See FWPM_CHANGE_TYPE for more information.
///
public FWPM_CHANGE_TYPE changeType;
/// GUID of the provider context that changed.
public Guid providerContextKey;
/// LUID of the provider context that changed.
public ulong providerContextId;
}
/// The FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0 structure is used for enumerating provider contexts.
///
/// FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0 is a specific implementation of FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE. See WFP
/// Version-Independent Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_context_enum_template0 typedef struct
// FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0_ { GUID *providerKey; FWPM_PROVIDER_CONTEXT_TYPE providerContextType; } FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0
{
/// Uniquely identifies a provider. If this value is non-NULL, only options with the specifies provider will be returned.
public GuidPtr providerKey;
///
/// Only return provider contexts of the specified type.
/// See FWPM_PROVIDER_CONTEXT_TYPE for more information.
///
public FWPM_PROVIDER_CONTEXT_TYPE providerContextType;
}
/// The FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0 structure is used to subscribe for change notifications.
///
/// FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0 is a specific implementation of FWPM_PROVIDER_CONTEXT_SUBSCRIPTION. See WFP
/// Version-Independent Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_context_subscription0 typedef struct
// FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0_ { FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0 *enumTemplate; UINT32 flags; GUID sessionKey; } FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0
{
private readonly IntPtr _enumTemplate;
///
/// Notifications are only dispatched for objects that match the template. If the template is NULL, it matches all objects.
/// See FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0 for more information
///
public FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0? enumTemplate => _enumTemplate.ToNullableStructure();
///
/// The notifications to subscribe to, as one of the following values.
///
///
/// Subscription flag
/// Meaning
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD
/// Subscribe to provider add notifications.
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE
/// Subscribe to provider delete notifications.
///
///
///
public FWPM_SUBSCRIPTION_FLAG flags;
/// Uniquely identifies this session.
public Guid sessionKey;
}
///
/// The FWPM_PROVIDER_CONTEXT0 structure stores the state associated with a provider context. FWPM_PROVIDER_CONTEXT2 is available.
///
///
/// The first seven elements of the union are information supplied when adding objects.
/// The last element is additional information returned when getting/enumerating objects.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_context0 typedef struct
// FWPM_PROVIDER_CONTEXT0_ { GUID providerContextKey; FWPM_DISPLAY_DATA0 displayData; UINT32 flags; GUID *providerKey; FWP_BYTE_BLOB
// providerData; FWPM_PROVIDER_CONTEXT_TYPE type; union { IPSEC_KEYING_POLICY0 *keyingPolicy; IPSEC_TRANSPORT_POLICY0
// *ikeQmTransportPolicy; IPSEC_TUNNEL_POLICY0 *ikeQmTunnelPolicy; IPSEC_TRANSPORT_POLICY0 *authipQmTransportPolicy; IPSEC_TUNNEL_POLICY0
// *authipQmTunnelPolicy; IKEEXT_POLICY0 *ikeMmPolicy; IKEEXT_POLICY0 *authIpMmPolicy; FWP_BYTE_BLOB *dataBuffer; FWPM_CLASSIFY_OPTIONS0
// *classifyOptions; }; UINT64 providerContextId; } FWPM_PROVIDER_CONTEXT0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CONTEXT0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_CONTEXT0
{
///
/// Uniquely identifies the provider context. If the GUID is zero-initialized in the call to FwpmProviderContextAdd0, Base Filtering
/// Engine (BFE) will generate one.
///
public Guid providerContextKey;
/// Allows provider contexts to be annotated in a human-readable form. The FWPM_DISPLAY_DATA0 structure is required.
public FWPM_DISPLAY_DATA0 displayData;
///
/// Possible values:
///
///
/// Provider context flag
/// Meaning
///
/// -
/// FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT
/// The object is persistent, that is, it survives across BFE stop/start.
///
///
///
public FWPM_PROVIDER_CONTEXT_FLAG flags;
/// GUID of the policy provider that manages this object.
public GuidPtr providerKey;
///
/// An FWP_BYTE_BLOB structure that contains optional provider-specific data that allows providers to store additional context info
/// with the object.
///
public FWP_BYTE_BLOB providerData;
/// A FWPM_PROVIDER_CONTEXT_TYPE value specifying the type of provider context..
public FWPM_PROVIDER_CONTEXT_TYPE type;
private IntPtr ptr;
///
/// Available when type is FWPM_IPSEC_KEYING_CONTEXT.
/// See IPSEC_KEYING_POLICY0 for more information.
///
public SafeCoTaskMemStruct keyingPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT.
/// See IPSEC_TRANSPORT_POLICY0 for more information.
///
public SafeCoTaskMemStruct ikeQmTransportPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT.
/// See IPSEC_TUNNEL_POLICY0 for more information.
///
public SafeCoTaskMemStruct ikeQmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT.
/// See IPSEC_TRANSPORT_POLICY0 for more information.
///
public SafeCoTaskMemStruct authipQmTransportPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT.
/// See IPSEC_TUNNEL_POLICY0 for more information.
///
public SafeCoTaskMemStruct authipQmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKE_MM_CONTEXT.
/// See IKEEXT_POLICY0 for more information.
///
public SafeCoTaskMemStruct ikeMmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_AUTHIP_MM_CONTEXT.
/// See IKEEXT_POLICY0 for more information.
///
public SafeCoTaskMemStruct authIpMmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_GENERAL_CONTEXT.
/// See FWP_BYTE_BLOB for more information.
///
public SafeCoTaskMemStruct dataBuffer { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_CLASSIFY_OPTIONS_CONTEXT.
/// See FWPM_CLASSIFY_OPTIONS0 for more information.
///
public SafeCoTaskMemStruct classifyOptions { get => new(ptr, false); set => ptr = value; }
///
/// LUID identifying the context. This is the context value stored in the FWPS_FILTER0 structure for filters that reference a
/// provider context. The FWPS_FILTER0 structure is documented in the WDK.
///
public ulong providerContextId;
}
///
/// The FWPM_PROVIDER_CONTEXT1 structure stores the state associated with a provider context. FWPM_PROVIDER_CONTEXT2 is available.
/// For Windows Vista, FWPM_PROVIDER_CONTEXT0 is available.
///
///
/// The first seven elements of the union are information supplied when adding objects.
/// The last element is additional information returned when getting/enumerating objects.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_context1 typedef struct
// FWPM_PROVIDER_CONTEXT1_ { GUID providerContextKey; FWPM_DISPLAY_DATA0 displayData; UINT32 flags; GUID *providerKey; FWP_BYTE_BLOB
// providerData; FWPM_PROVIDER_CONTEXT_TYPE type; union { IPSEC_KEYING_POLICY0 *keyingPolicy; IPSEC_TRANSPORT_POLICY1
// *ikeQmTransportPolicy; IPSEC_TUNNEL_POLICY1 *ikeQmTunnelPolicy; IPSEC_TRANSPORT_POLICY1 *authipQmTransportPolicy; IPSEC_TUNNEL_POLICY1
// *authipQmTunnelPolicy; IKEEXT_POLICY1 *ikeMmPolicy; IKEEXT_POLICY1 *authIpMmPolicy; FWP_BYTE_BLOB *dataBuffer; FWPM_CLASSIFY_OPTIONS0
// *classifyOptions; IPSEC_TUNNEL_POLICY1 *ikeV2QmTunnelPolicy; IKEEXT_POLICY1 *ikeV2MmPolicy; IPSEC_DOSP_OPTIONS0 *idpOptions; }; UINT64
// providerContextId; } FWPM_PROVIDER_CONTEXT1;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CONTEXT1_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_CONTEXT1
{
///
/// Uniquely identifies the provider context. If the GUID is zero-initialized in the call to FwpmProviderContextAdd1, Base Filtering
/// Engine (BFE) will generate one.
///
public Guid providerContextKey;
/// Allows provider contexts to be annotated in a human-readable form. The FWPM_DISPLAY_DATA0 structure is required.
public FWPM_DISPLAY_DATA0 displayData;
///
/// Possible values:
///
///
/// Provider context flag
/// Meaning
///
/// -
/// FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT
/// The object is persistent, that is, it survives across BFE stop/start.
///
///
///
public FWPM_PROVIDER_CONTEXT_FLAG flags;
/// GUID of the policy provider that manages this object.
public GuidPtr providerKey;
///
/// An FWP_BYTE_BLOB structure that contains optional provider-specific data that allows providers to store additional context info
/// with the object.
///
public FWP_BYTE_BLOB providerData;
/// A FWPM_PROVIDER_CONTEXT_TYPE value specifying the type of provider context..
public FWPM_PROVIDER_CONTEXT_TYPE type;
private IntPtr ptr;
///
/// Available when type is FWPM_IPSEC_KEYING_CONTEXT.
/// See IPSEC_KEYING_POLICY0 for more information.
///
public SafeCoTaskMemStruct keyingPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT.
/// See IPSEC_TRANSPORT_POLICY1 for more information.
///
public SafeCoTaskMemStruct ikeQmTransportPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT.
/// See IPSEC_TUNNEL_POLICY1 for more information.
///
public SafeCoTaskMemStruct ikeQmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT.
/// See IPSEC_TRANSPORT_POLICY1 for more information.
///
public SafeCoTaskMemStruct authipQmTransportPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT.
/// See IPSEC_TUNNEL_POLICY1 for more information.
///
public SafeCoTaskMemStruct authipQmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKE_MM_CONTEXT.
/// See IKEEXT_POLICY1 for more information.
///
public SafeCoTaskMemStruct ikeMmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_AUTHIP_MM_CONTEXT.
/// See IKEEXT_POLICY1 for more information.
///
public SafeCoTaskMemStruct authIpMmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_GENERAL_CONTEXT.
/// See FWP_BYTE_BLOB for more information.
///
public SafeCoTaskMemStruct dataBuffer { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_CLASSIFY_OPTIONS_CONTEXT.
/// See FWPM_CLASSIFY_OPTIONS0 for more information.
///
public SafeCoTaskMemStruct classifyOptions { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT.
/// See IPSEC_TUNNEL_POLICY1 for more information.
///
public SafeCoTaskMemStruct ikeV2QmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_IKEV2_MM_CONTEXT.
/// See IKEEXT_POLICY1 for more information.
///
public SafeCoTaskMemStruct ikeV2MmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Available when type is FWPM_IPSEC_DOSP_CONTEXT.
/// See IPSEC_DOSP_OPTIONS0 for more information.
///
public SafeCoTaskMemStruct idpOptions { get => new(ptr, false); set => ptr = value; }
///
/// LUID identifying the context. This is the context value stored in the FWPS_FILTER1 structure for filters that reference a
/// provider context. The FWPS_FILTER1 structure is documented in the WDK.
///
public ulong providerContextId;
}
///
/// The FWPM_PROVIDER_CONTEXT2 structure stores the state associated with a provider context. FWPM_PROVIDER_CONTEXT0 is available.
///
///
/// The first seven elements of the union are information supplied when adding objects.
/// The last element is additional information returned when getting/enumerating objects.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_context2 typedef struct
// FWPM_PROVIDER_CONTEXT2_ { GUID providerContextKey; FWPM_DISPLAY_DATA0 displayData; UINT32 flags; GUID *providerKey; FWP_BYTE_BLOB
// providerData; FWPM_PROVIDER_CONTEXT_TYPE type; union { IPSEC_KEYING_POLICY1 *keyingPolicy; IPSEC_TRANSPORT_POLICY2
// *ikeQmTransportPolicy; IPSEC_TUNNEL_POLICY2 *ikeQmTunnelPolicy; IPSEC_TRANSPORT_POLICY2 *authipQmTransportPolicy; IPSEC_TUNNEL_POLICY2
// *authipQmTunnelPolicy; IKEEXT_POLICY2 *ikeMmPolicy; IKEEXT_POLICY2 *authIpMmPolicy; FWP_BYTE_BLOB *dataBuffer; FWPM_CLASSIFY_OPTIONS0
// *classifyOptions; IPSEC_TUNNEL_POLICY2 *ikeV2QmTunnelPolicy; IPSEC_TRANSPORT_POLICY2 *ikeV2QmTransportPolicy; IKEEXT_POLICY2
// *ikeV2MmPolicy; IPSEC_DOSP_OPTIONS0 *idpOptions; }; UINT64 providerContextId; } FWPM_PROVIDER_CONTEXT2;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_CONTEXT2_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_CONTEXT2
{
///
/// Type: GUID
///
/// Uniquely identifies the provider context. If the GUID is zero-initialized in the call to FwpmProviderContextAdd2, Base Filtering
/// Engine (BFE) will generate one.
///
///
public Guid providerContextKey;
///
/// Type: FWPM_DISPLAY_DATA0
/// Allows provider contexts to be annotated in a human-readable form. The FWPM_DISPLAY_DATA0 structure is required.
///
public FWPM_DISPLAY_DATA0 displayData;
///
/// Type: UINT32
/// Possible values:
///
///
/// Provider context flag
/// Meaning
///
/// -
/// FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT
/// The object is persistent, that is, it survives across BFE stop/start.
///
/// -
/// FWPM_PROVIDER_CONTEXT_FLAG_DOWNLEVEL
/// Reserved for internal use.
///
///
///
public FWPM_PROVIDER_CONTEXT_FLAG flags;
///
/// Type: GUID*
/// GUID of the policy provider that manages this object.
///
public GuidPtr providerKey;
///
/// Type: FWP_BYTE_BLOB
/// Optional provider-specific data that allows providers to store additional context info with the object.
///
public FWP_BYTE_BLOB providerData;
///
/// Type: FWPM_PROVIDER_CONTEXT_TYPE
/// The type of provider context.
///
public FWPM_PROVIDER_CONTEXT_TYPE type;
private IntPtr ptr;
///
/// Type: IPSEC_KEYING_POLICY1*
/// Available when type is FWPM_IPSEC_KEYING_CONTEXT.
///
public SafeCoTaskMemStruct keyingPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IPSEC_TRANSPORT_POLICY2*
/// Available when type is FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT.
///
public SafeCoTaskMemStruct ikeQmTransportPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IPSEC_TUNNEL_POLICY2*
/// Available when type is FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT.
///
public SafeCoTaskMemStruct ikeQmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IPSEC_TRANSPORT_POLICY2*
/// [case()][unique]
///
public SafeCoTaskMemStruct authipQmTransportPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IPSEC_TUNNEL_POLICY2*
/// Available when type is FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT.
///
public SafeCoTaskMemStruct authipQmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IKEEXT_POLICY2*
/// Available when type is FWPM_IPSEC_IKE_MM_CONTEXT.
///
public SafeCoTaskMemStruct ikeMmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IKEEXT_POLICY2*
/// Available when type is FWPM_IPSEC_AUTHIP_MM_CONTEXT.
///
public SafeCoTaskMemStruct authIpMmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWP_BYTE_BLOB*
/// Available when type is FWPM_GENERAL_CONTEXT.
///
public SafeCoTaskMemStruct dataBuffer { get => new(ptr, false); set => ptr = value; }
///
/// Type: FWPM_CLASSIFY_OPTIONS0*
/// Available when type is FWPM_CLASSIFY_OPTIONS_CONTEXT.
///
public SafeCoTaskMemStruct classifyOptions { get => new(ptr, false); set => ptr = value; }
///
/// Type: IPSEC_TUNNEL_POLICY2*
/// Available when type is FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT.
///
public SafeCoTaskMemStruct ikeV2QmTunnelPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IPSEC_TRANSPORT_POLICY2*
/// Available when type is FWPM_IPSEC_IKEV2_QM_TRANSPORT_CONTEXT.
///
public SafeCoTaskMemStruct ikeV2QmTransportPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IKEEXT_POLICY2*
/// Available when type is FWPM_IPSEC_IKEV2_MM_CONTEXT.
///
public SafeCoTaskMemStruct ikeV2MmPolicy { get => new(ptr, false); set => ptr = value; }
///
/// Type: IPSEC_DOSP_OPTIONS0*
/// Available when type is FWPM_IPSEC_DOSP_CONTEXT.
///
public SafeCoTaskMemStruct idpOptions { get => new(ptr, false); set => ptr = value; }
///
/// Type: UINT64
///
/// LUID identifying the context. This is the context value stored in the FWPS_FILTER1 structure for filters that reference a
/// provider context. The FWPS_FILTER1 structure is documented in the WDK.
///
///
public ulong providerContextId;
}
/// The FWPM_PROVIDER_ENUM_TEMPLATE0 structure is used for enumerating providers.
///
/// Currently, there is no way to limit the enumeration — all providers are returned.
///
/// FWPM_PROVIDER_ENUM_TEMPLATE0 is a specific implementation of FWPM_PROVIDER_ENUM_TEMPLATE. See WFP Version-Independent Names
/// and Targeting Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_enum_template0 typedef struct
// FWPM_PROVIDER_ENUM_TEMPLATE0_ { UINT64 reserved; } FWPM_PROVIDER_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_ENUM_TEMPLATE0
{
/// Reserved for system use.
public ulong reserved;
}
/// The FWPM_PROVIDER_SUBSCRIPTION0 structure is used to subscribe for change notifications.
///
/// Notifications are only dispatched for providers that match the template.
/// If the template is NULL, it matches all providers.
///
/// FWPM_PROVIDER_SUBSCRIPTION0 is a specific implementation of FWPM_PROVIDER_SUBSCRIPTION. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider_subscription0 typedef struct
// FWPM_PROVIDER_SUBSCRIPTION0_ { FWPM_PROVIDER_ENUM_TEMPLATE0 *enumTemplate; UINT32 flags; GUID sessionKey; } FWPM_PROVIDER_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER_SUBSCRIPTION0
{
///
/// [unique]
/// Enumeration template for limiting the subscription.
/// See FWPM_PROVIDER_ENUM_TEMPLATE0 for more information.
///
public IntPtr _enumTemplate;
///
/// [unique]
/// Enumeration template for limiting the subscription.
/// See FWPM_PROVIDER_ENUM_TEMPLATE0 for more information.
///
public FWPM_PROVIDER_ENUM_TEMPLATE0? enumTemplate => _enumTemplate.ToNullableStructure();
///
/// Possible values:
///
///
/// Value
/// Meaning
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD
/// Subscribe to provider add notifications.
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE
/// Subscribe to provider delete notifications.
///
///
///
public FWPM_SUBSCRIPTION_FLAG flags;
/// Uniquely identifies the session.
public Guid sessionKey;
}
/// The FWPM_PROVIDER0 structure stores the state associated with a policy provider.
///
/// FWPM_PROVIDER0 is a specific implementation of FWPM_PROVIDER. See WFP Version-Independent Names and Targeting Specific
/// Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_provider0 typedef struct FWPM_PROVIDER0_ { GUID
// providerKey; FWPM_DISPLAY_DATA0 displayData; UINT32 flags; FWP_BYTE_BLOB providerData; wchar_t *serviceName; } FWPM_PROVIDER0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_PROVIDER0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_PROVIDER0
{
///
/// Uniquely identifies the provider.
/// If the GUID is zero-initialized in the call to Add, Base Filtering Engine (BFE) will generate one.
///
public Guid providerKey;
/// Allows providers to be annotated in a human-readable form. The FWPM_DISPLAY_DATA0 structure is required.
public FWPM_DISPLAY_DATA0 displayData;
///
/// Bit flags that indicate information about the persistence of the provider.
///
///
/// Provider flag
/// Meaning
///
/// -
/// FWPM_PROVIDER_FLAG_PERSISTENT
/// Provider is persistent.
///
/// -
/// FWPM_PROVIDER_FLAG_DISABLED
///
/// Provider's filters were disabled when the BFE started because the provider has no associated Windows service name, or because the
/// associated service was not set to auto-start.
///
///
///
///
public FWPM_PROVIDER_FLAG flags;
///
/// An FWP_BYTE_BLOB structure that contains optional provider-specific data that allows providers to store additional context info
/// with the object.
///
public FWP_BYTE_BLOB providerData;
/// Optional name of the Windows service hosting the provider. This allows BFE to detect that a provider has been disabled.
[MarshalAs(UnmanagedType.LPWStr)]
public string? serviceName;
}
/// The FWPM_SESSION_ENUM_TEMPLATE0 structure is used for enumerating sessions.
///
/// Currently, there is no way to limit the enumeration — all sessions are returned.
///
/// FWPM_SESSION_ENUM_TEMPLATE0 is a specific implementation of FWPM_SESSION_ENUM_TEMPLATE. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_session_enum_template0 typedef struct
// FWPM_SESSION_ENUM_TEMPLATE0_ { UINT64 reserved; } FWPM_SESSION_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SESSION_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SESSION_ENUM_TEMPLATE0
{
/// Reserved for system use.
public ulong reserved;
}
/// The FWPM_SESSION0 structure stores the state associated with a client session.
///
///
/// This structure contains information supplied by the client when creating a session by calling FwpmEngineOpen0, or information
/// retrieved from the system when enumerating sessions by calling FwpmSessionEnum0.
///
///
/// The members processId, sid, username, and kernelMode are not supplied by the client. They are supplied by
/// BFE and can be retrieved when enumerating sessions.
///
///
/// FWPM_SESSION0 is a specific implementation of FWPM_SESSION. See WFP Version-Independent Names and Targeting Specific Versions
/// of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_session0 typedef struct FWPM_SESSION0_ { GUID
// sessionKey; FWPM_DISPLAY_DATA0 displayData; UINT32 flags; UINT32 txnWaitTimeoutInMSec; DWORD processId; SID *sid; wchar_t *username;
// BOOL kernelMode; } FWPM_SESSION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SESSION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SESSION0
{
///
/// Uniquely identifies the session.
/// If this member is zero in the call to FwpmEngineOpen0, Base Filtering Engine (BFE) will generate a GUID.
///
public Guid sessionKey;
///
/// Allows sessions to be annotated in a human-readable form.
/// See FWPM_DISPLAY_DATA0 for more information.
///
public FWPM_DISPLAY_DATA0 displayData;
///
/// Settings to control session behavior.
///
///
/// Session flag
/// Meaning
///
/// -
/// FWPM_SESSION_FLAG_DYNAMIC
/// When this flag is set, any objects added during the session are automatically deleted when the session ends.
///
/// -
/// FWPM_SESSION_FLAG_RESERVED
/// Reserved.
///
///
///
public FWPM_SESSION_FLAG flags;
///
/// Time in milli-seconds that a client will wait to begin a transaction.
/// If this member is zero, BFE will use a default timeout.
///
public uint txnWaitTimeoutInMSec;
/// Process ID of the client.
public uint processId;
/// SID of the client.
public PSID sid;
/// User name of the client.
[MarshalAs(UnmanagedType.LPWStr)]
public string username;
/// TRUE if this is a kernel-mode client.
[MarshalAs(UnmanagedType.Bool)]
public bool kernelMode;
}
/// The FWPM_STATISTICS0 structure stores statistics related to connections at specific layers.
///
/// FWPM_STATISTICS0 is a specific implementation of FWPM_STATISTICS. See WFP Version-Independent Names and Targeting Specific
/// Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_statistics0 typedef struct FWPM_STATISTICS0_ { UINT32
// numLayerStatistics; FWPM_LAYER_STATISTICS0 *layerStatistics; UINT32 inboundAllowedConnectionsV4; UINT32 inboundBlockedConnectionsV4;
// UINT32 outboundAllowedConnectionsV4; UINT32 outboundBlockedConnectionsV4; UINT32 inboundAllowedConnectionsV6; UINT32
// inboundBlockedConnectionsV6; UINT32 outboundAllowedConnectionsV6; UINT32 outboundBlockedConnectionsV6; UINT32
// inboundActiveConnectionsV4; UINT32 outboundActiveConnectionsV4; UINT32 inboundActiveConnectionsV6; UINT32 outboundActiveConnectionsV6;
// UINT64 reauthDirInbound; UINT64 reauthDirOutbound; UINT64 reauthFamilyV4; UINT64 reauthFamilyV6; UINT64 reauthProtoOther; UINT64
// reauthProtoIPv4; UINT64 reauthProtoIPv6; UINT64 reauthProtoICMP; UINT64 reauthProtoICMP6; UINT64 reauthProtoUDP; UINT64
// reauthProtoTCP; UINT64 reauthReasonPolicyChange; UINT64 reauthReasonNewArrivalInterface; UINT64 reauthReasonNewNextHopInterface;
// UINT64 reauthReasonProfileCrossing; UINT64 reauthReasonClassifyCompletion; UINT64 reauthReasonIPSecPropertiesChanged; UINT64
// reauthReasonMidStreamInspection; UINT64 reauthReasonSocketPropertyChanged; UINT64 reauthReasonNewInboundMCastBCastPacket; UINT64
// reauthReasonEDPPolicyChanged; UINT64 reauthReasonProxyHandleChanged; } FWPM_STATISTICS0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_STATISTICS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_STATISTICS0
{
///
/// Type: UINT32
/// Number of FWPM_LAYER_STATISTICS0 structures in the layerStatistics member.
///
public uint numLayerStatistics;
///
/// Type: FWPM_LAYER_STATISTICS0*
/// Statistics related to the layer.
///
public IntPtr _layerStatistics;
///
/// Type: FWPM_LAYER_STATISTICS0*
/// Statistics related to the layer.
///
public FWPM_LAYER_STATISTICS0? layerStatistics => _layerStatistics.ToNullableStructure();
///
/// Type: UINT32
/// Number of allowed IPv4 inbound connections.
///
public uint inboundAllowedConnectionsV4;
///
/// Type: UINT32
/// Number of blocked IPv4 inbound connections.
///
public uint inboundBlockedConnectionsV4;
///
/// Type: UINT32
/// Number of allowed IPv4 outbound connections.
///
public uint outboundAllowedConnectionsV4;
///
/// Type: UINT32
/// Number of blocked IPv4 outbound connections.
///
public uint outboundBlockedConnectionsV4;
///
/// Type: UINT32
/// Number of allowed IPv6 inbound connections.
///
public uint inboundAllowedConnectionsV6;
///
/// Type: UINT32
/// Number of blocked IPv6 inbound connections.
///
public uint inboundBlockedConnectionsV6;
///
/// Type: UINT32
/// Number of allowed IPv6 outbound connections.
///
public uint outboundAllowedConnectionsV6;
///
/// Type: UINT32
/// Number of blocked IPv6 outbound connections.
///
public uint outboundBlockedConnectionsV6;
///
/// Type: UINT32
/// Number of active IPv4 inbound connections.
///
public uint inboundActiveConnectionsV4;
///
/// Type: UINT32
/// Number of active IPv4 outbound connections.
///
public uint outboundActiveConnectionsV4;
///
/// Type: UINT32
/// Number of active IPv6 inbound connections.
///
public uint inboundActiveConnectionsV6;
///
/// Type: UINT32
/// Number of active IPv6 outbound connections.
///
public uint outboundActiveConnectionsV6;
///
public ulong reauthDirInbound;
///
public ulong reauthDirOutbound;
///
public ulong reauthFamilyV4;
///
public ulong reauthFamilyV6;
///
public ulong reauthProtoOther;
///
public ulong reauthProtoIPv4;
///
public ulong reauthProtoIPv6;
///
public ulong reauthProtoICMP;
///
public ulong reauthProtoICMP6;
///
public ulong reauthProtoUDP;
///
public ulong reauthProtoTCP;
///
public ulong reauthReasonPolicyChange;
///
public ulong reauthReasonNewArrivalInterface;
///
public ulong reauthReasonNewNextHopInterface;
///
public ulong reauthReasonProfileCrossing;
///
public ulong reauthReasonClassifyCompletion;
///
public ulong reauthReasonIPSecPropertiesChanged;
///
public ulong reauthReasonMidStreamInspection;
///
public ulong reauthReasonSocketPropertyChanged;
///
public ulong reauthReasonNewInboundMCastBCastPacket;
///
public ulong reauthReasonEDPPolicyChanged;
///
public ulong reauthReasonProxyHandleChanged;
}
/// The FWPM_SUBLAYER_CHANGE0 structure specifies a change notification dispatched to subscribers.
///
/// FWPM_SUBLAYER_CHANGE0 is a specific implementation of FWPM_SUBLAYER_CHANGE. See WFP Version-Independent Names and Targeting
/// Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_sublayer_change0 typedef struct FWPM_SUBLAYER_CHANGE0_
// { FWPM_CHANGE_TYPE changeType; GUID subLayerKey; } FWPM_SUBLAYER_CHANGE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SUBLAYER_CHANGE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SUBLAYER_CHANGE0
{
/// Type of change as specified by FWPM_CHANGE_TYPE.
public FWPM_CHANGE_TYPE changeType;
/// GUID of the sublayer that changed.
public Guid subLayerKey;
}
/// The FWPM_SUBLAYER_ENUM_TEMPLATE0 structure is used for enumerating sublayers.
///
/// FWPM_SUBLAYER_ENUM_TEMPLATE0 is a specific implementation of FWPM_SUBLAYER_ENUM_TEMPLATE. See WFP Version-Independent Names
/// and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_sublayer_enum_template0 typedef struct
// FWPM_SUBLAYER_ENUM_TEMPLATE0_ { GUID *providerKey; } FWPM_SUBLAYER_ENUM_TEMPLATE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SUBLAYER_ENUM_TEMPLATE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SUBLAYER_ENUM_TEMPLATE0
{
///
/// Uniquely identifies the provider associated with this sublayer. If this value is non-NULL, only options with the specifies
/// provider will be returned.
///
public GuidPtr providerKey;
}
/// The FWPM_SUBLAYER_SUBSCRIPTION0 structure is used to subscribe for change notifications.
///
/// Notifications are only dispatched for sublayers that match the template.
/// If the template is NULL, it matches all sublayers.
///
/// FWPM_SUBLAYER_SUBSCRIPTION0 is a specific implementation of FWPM_SUBLAYER_SUBSCRIPTION. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_sublayer_subscription0 typedef struct
// FWPM_SUBLAYER_SUBSCRIPTION0_ { FWPM_SUBLAYER_ENUM_TEMPLATE0 *enumTemplate; UINT32 flags; GUID sessionKey; } FWPM_SUBLAYER_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SUBLAYER_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SUBLAYER_SUBSCRIPTION0
{
///
/// Enumeration template for limiting the subscription.
/// See FWPM_SUBLAYER_ENUM_TEMPLATE0 for more information.
///
public IntPtr _enumTemplate;
///
/// Enumeration template for limiting the subscription.
/// See FWPM_SUBLAYER_ENUM_TEMPLATE0 for more information.
///
public FWPM_SUBLAYER_ENUM_TEMPLATE0? enumTemplate => _enumTemplate.ToNullableStructure();
///
/// A combination of the following values.
///
///
/// Subscription flag
/// Meaning
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD
/// Subscribe to sublayer add notifications.
///
/// -
/// FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE
/// Subscribe to sublayer delete notifications.
///
///
///
public FWPM_SUBSCRIPTION_FLAG flags;
/// Uniquely identifies this session.
public Guid sessionKey;
}
/// The FWPM_SUBLAYER0 structure stores the state associated with a sublayer.
///
/// FWPM_SUBLAYER0 is a specific implementation of FWPM_SUBLAYER. See WFP Version-Independent Names and Targeting Specific
/// Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_sublayer0 typedef struct FWPM_SUBLAYER0_ { GUID
// subLayerKey; FWPM_DISPLAY_DATA0 displayData; UINT32 flags; GUID *providerKey; FWP_BYTE_BLOB providerData; UINT16 weight; } FWPM_SUBLAYER0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SUBLAYER0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SUBLAYER0
{
///
/// Uniquely identifies the sublayer. See Filtering Sublayer Identifiers for a list of built-in sublayers.
/// If the GUID is zero-initialized in the call to FwpmSubLayerAdd0, the Base Filtering Engine (BFE) will generate one.
///
public Guid subLayerKey;
/// Allows sublayers to be annotated in human-readable form. The FWPM_DISPLAY_DATA0 structure is required.
public FWPM_DISPLAY_DATA0 displayData;
///
/// Possible values:
///
///
/// Sublayer flag
/// Meaning
///
/// -
/// FWPM_SUBLAYER_FLAG_PERSISTENT
/// Causes sublayer to be persistent, surviving across BFE stop/start.
///
///
///
public FWPM_SUBLAYER_FLAG flags;
/// Uniquely identifies the provider that manages this sublayer.
public GuidPtr providerKey;
///
/// An FWP_BYTE_BLOB structure that contains optional provider-specific data that allows providers to store additional context info
/// with the object.
///
public FWP_BYTE_BLOB providerData;
///
/// Weight of the sublayer.
/// Higher-weighted sublayers are invoked first.
///
public ushort weight;
}
/// The FWPM_SYSTEM_PORTS_BY_TYPE0 structure contains information about the system ports of a specified type.
///
/// FWPM_SYSTEM_PORTS_BY_TYPE0 is a specific implementation of FWPM_SYSTEM_PORTS_BY_TYPE. See WFP Version-Independent Names and
/// Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_system_ports_by_type0 typedef struct
// FWPM_SYSTEM_PORTS_BY_TYPE0_ { FWPM_SYSTEM_PORT_TYPE type; UINT32 numPorts; UINT16 *ports; } FWPM_SYSTEM_PORTS_BY_TYPE0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SYSTEM_PORTS_BY_TYPE0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SYSTEM_PORTS_BY_TYPE0
{
/// An FWPM_SYSTEM_PORT_TYPE enumeration that specifies the type of port.
public FWPM_SYSTEM_PORT_TYPE type;
/// The number of ports of the specified type.
public uint numPorts;
/// Array of IP port numbers ( ) for the specified type.
public IntPtr ports;
/// Array of IP port numbers ( ) for the specified type.
public ushort[] GetPorts() => ports.ToArray((int)numPorts) ?? new ushort[0];
}
/// The FWPM_SYSTEM_PORTS0 structure contains information about all of the system ports of all types.
///
/// FWPM_SYSTEM_PORTS0 is a specific implementation of FWPM_SYSTEM_PORTS. See WFP Version-Independent Names and Targeting Specific
/// Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_system_ports0 typedef struct FWPM_SYSTEM_PORTS0_ {
// UINT32 numTypes; FWPM_SYSTEM_PORTS_BY_TYPE0 *types; } FWPM_SYSTEM_PORTS0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_SYSTEM_PORTS0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_SYSTEM_PORTS0
{
/// The number of types in the array.
public uint numTypes;
/// A structure that specifies the array of system port types.
public IntPtr types;
/// A structure that specifies the array of system port types.
public FWPM_SYSTEM_PORTS_BY_TYPE0[] GetTypes() => types.ToArray((int)numTypes) ?? new FWPM_SYSTEM_PORTS_BY_TYPE0[0];
}
///
/// The FWPM_VSWITCH_EVENT_SUBSCRIPTION0 structure stores information used to subscribe to notifications about a vSwitch event.
///
///
/// FWPM_VSWITCH_EVENT_SUBSCRIPTION0 is a specific implementation of FWPM_VSWITCH_EVENT_SUBSCRIPTION. See WFP Version-Independent
/// Names and Targeting Specific Versions of Windows for more information.
///
// https://docs.microsoft.com/en-us/windows/win32/api/fwpmtypes/ns-fwpmtypes-fwpm_vswitch_event_subscription0 typedef struct
// FWPM_VSWITCH_EVENT_SUBSCRIPTION0_ { UINT32 flags; GUID sessionKey; } FWPM_VSWITCH_EVENT_SUBSCRIPTION0;
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_VSWITCH_EVENT_SUBSCRIPTION0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_VSWITCH_EVENT_SUBSCRIPTION0
{
///
/// Type: UINT32
/// This member is reserved for future use.
///
public uint flags;
///
/// Type: GUID
/// Identifies the session which created the subscription.
///
public Guid sessionKey;
}
/// The FWPM_VSWITCH_EVENT0 structure contains information about a vSwitch event.
[PInvokeData("fwpmtypes.h", MSDNShortId = "NS:fwpmtypes.FWPM_VSWITCH_EVENT0_")]
[StructLayout(LayoutKind.Sequential)]
public struct FWPM_VSWITCH_EVENT0
{
/// The type of vSwitch event.
public FWPM_VSWITCH_EVENT_TYPE eventType;
/// GUID that identifies a vSwitch.
[MarshalAs(UnmanagedType.LPWStr)]
public string vSwitchId;
internal _UNION union;
/// Available when eventType is FWPM_VSWITCH_EVENT_FILTER_ADD_TO_FILTER_ENGINE_NOT_IN_REQUIRED_POSITION.
public POSITIONINFO positionInfo => eventType == FWPM_VSWITCH_EVENT_TYPE.FWPM_VSWITCH_EVENT_FILTER_ENGINE_NOT_IN_REQUIRED_POSITION ? union.positionInfo : default;
/// Available when eventType is FWPM_VSWITCH_EVENT_FILTER_ENGINE_REORDER.
public REORDERINFO reorderInfo => eventType == FWPM_VSWITCH_EVENT_TYPE.FWPM_VSWITCH_EVENT_FILTER_ENGINE_REORDER ? union.reorderInfo : default;
///
[StructLayout(LayoutKind.Explicit)]
internal struct _UNION
{
/// The position information
[FieldOffset(0)]
public _POSITIONINFO positionInfo;
/// The reorder information
[FieldOffset(0)]
public _REORDERINFO reorderInfo;
}
/// Available when eventType is FWPM_VSWITCH_EVENT_FILTER_ADD_TO_FILTER_ENGINE_NOT_IN_REQUIRED_POSITION.
[StructLayout(LayoutKind.Sequential)]
internal struct _POSITIONINFO
{
/// The number of vSwitch filter extensions.
public uint numvSwitchFilterExtensions;
/// Array of strings identifying other vSwitch extensions.
public IntPtr vSwitchFilterExtensions;
///
public static implicit operator POSITIONINFO(_POSITIONINFO i) => new()
{
numvSwitchFilterExtensions = i.numvSwitchFilterExtensions,
vSwitchFilterExtensions = i.vSwitchFilterExtensions.ToStringEnum((int)i.numvSwitchFilterExtensions, CharSet.Unicode).WhereNotNull().ToArray()
};
}
/// Available when eventType is FWPM_VSWITCH_EVENT_FILTER_ENGINE_REORDER.
[StructLayout(LayoutKind.Sequential)]
internal struct _REORDERINFO
{
/// True if the filter engine is in the required position to correctly enforce committed filters; otherwise, false.
public bool inRequiredPosition;
/// The number of vSwitch filter extensions.
public uint numvSwitchFilterExtensions;
/// Array of strings identifying other vSwitch extensions.
public IntPtr vSwitchFilterExtensions;
///
public static implicit operator REORDERINFO(_REORDERINFO i) => new()
{
inRequiredPosition = i.inRequiredPosition,
numvSwitchFilterExtensions = i.numvSwitchFilterExtensions,
vSwitchFilterExtensions = i.vSwitchFilterExtensions.ToStringEnum((int)i.numvSwitchFilterExtensions, CharSet.Unicode).WhereNotNull().ToArray()
};
}
/// Available when eventType is FWPM_VSWITCH_EVENT_FILTER_ADD_TO_FILTER_ENGINE_NOT_IN_REQUIRED_POSITION.
public struct POSITIONINFO
{
/// The number of vSwitch filter extensions.
public uint numvSwitchFilterExtensions;
/// Array of strings identifying other vSwitch extensions.
public string[] vSwitchFilterExtensions;
}
/// Available when eventType is FWPM_VSWITCH_EVENT_FILTER_ENGINE_REORDER.
public struct REORDERINFO
{
/// True if the filter engine is in the required position to correctly enforce committed filters; otherwise, false.
public bool inRequiredPosition;
/// The number of vSwitch filter extensions.
public uint numvSwitchFilterExtensions;
/// Array of strings identifying other vSwitch extensions.
public string[] vSwitchFilterExtensions;
}
}
}