FwpmConnectionPolicyAdd0 function (fwpmu.h)

  • Article

The TCP/IP stack supports destination address-based routing for outbound connections. FwpmConnectionPolicyAdd0API allows you to configure more expressive routing policies for outbound connections, and thereby to enable more complex scenarios such as source address-based routing, process-based routing, port-based routing, and others. A connection policy consists of an array of match conditions, an array of route settings, and an associated weight. You can configure multiple policies, and they are evaluated based on their configured weights for an outbound connection (a higher weight takes precedence). The route setting of the first policy whose conditions (ANDed) matches the outbound connection is applied.

Syntax

DWORD FwpmConnectionPolicyAdd0(
  HANDLE                       engineHandle,
  const FWPM_PROVIDER_CONTEXT3 *connectionPolicy,
  FWP_IP_VERSION               ipVersion,
  UINT64                       weight,
  UINT32                       numFilterConditions,
  const FWPM_FILTER_CONDITION0 *filterConditions,
  PSECURITY_DESCRIPTOR         sd
);

Parameters

engineHandle

Type: _In_ HANDLE

A handle to an open session with the filter engine. To open a session with the filter engine, call FwpmEngineOpen0.

connectionPolicy

Type: _In_ const FWPM_PROVIDER_CONTEXT3*

The state associated with a provider context.

ipVersion

Type: _In_ FWP_IP_VERSION

IP version of the traffic.

weight

Type: _In_ UINT64

Specifies the weight that this Trusted Intermediary Agent (TIA) should be given compared to any peers.

numFilterConditions

Type: _In_ UINT32

The number of elements in filterConditions.

filterConditions

Type: _In_reads_(numFilterConditions) const FWPM_FILTER_CONDITION0*

A filter condition that must be true for the action to be taken.

Of the possible match conditions (see Filtering condition identifiers), the ones in the following list are supported by FwpmConnectionPolicyAdd0. Set these values in FWPM_FILTER_CONDITION0::fieldKey.

  • FWPM_CONDITION_ALE_APP_ID
  • FWPM_CONDITION_ALE_USER_ID
  • FWPM_CONDITION_IP_LOCAL_ADDRESS
  • FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE
  • FWPM_CONDITION_IP_LOCAL_PORT
  • FWPM_CONDITION_IP_PROTOCOL
  • FWPM_CONDITION_IP_REMOTE_ADDRESS
  • FWPM_CONDITION_IP_DESTINATION_ADDRESS_TYPE
  • FWPM_CONDITION_IP_REMOTE_PORT
  • FWPM_CONDITION_FLAGS
  • FWPM_CONDITION_ALE_ORIGINAL_APP_ID
  • FWPM_CONDITION_ALE_PACKAGE_ID
  • FWPM_CONDITION_COMPARTMENT_ID

sd

Type: _In_opt_ PSECURITY_DESCRIPTOR

The security information.

Remarks

These are the supported route settings (see FWP_NETWORK_CONNECTION_POLICY_SETTING_TYPE):

FWP_NETWORK_CONNECTION_POLICY_SOURCE_ADDRESS. The source address to use for the connection. The value should be a FWP_UINT32 for an IPv4 address, and a FWP_BYTE_ARRAY16_TYPE for an IPv6 address.

FWP_NETWORK_CONNECTION_POLICY_NEXT_HOP_INTERFACE. The LUID of the outgoing interface to use for the connection. The value should be a FWP_UINT64.

FWP_NETWORK_CONNECTION_POLICY_NEXT_HOP. The nexthop address (or gateway) to use for the connection. The value should be a FWP_UINT32 for an IPv4 address, and a FWP_BYTE_ARRAY16_TYPE for an IPv6 address.

Requirements

Requirement Value
Header fwpmu.h
Library Fwpuclnt.lib
DLL Fwpuclnt.dll