Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
An IPv6 firewall-hook driver's FirewallHook function examines IPv6 packets to determine if the packets are to be accepted or dropped.
Syntax
IPv6FirewallHookProcType FirewallHook;
IPv6Action FirewallHook(
_In_ const IPv6Addr *SourceAddress,
_In_ const IPv6Addr *DestinationAddress,
_In_ uint PayloadLength,
_In_ uchar HeaderType,
_In_ const uchar *HeaderData,
_In_ const void *PacketContext,
_In_ uint DataLength,
_In_ uint InterfaceIndex,
_In_ IPv6Direction Direction,
_In_ BOOLEAN IsLoopBack
)
{ ... }
Parameters
SourceAddress [in]
A pointer to an IPv6Addr structure that contains the packet's source address.DestinationAddress [in]
A pointer to an IPv6Addr structure that contains the packet's destination address.PayloadLength [in]
The size, in bytes, of the packet's payload, not including the IPv6 header.HeaderType [in]
A value that specifies the transport layer header type. This value is the protocol number for the transport layer as specified in RFC 1700.HeaderData [in]
A pointer to the transport layer header data. The contents of the transport layer header is transport-specific.PacketContext [in]
A pointer to a context that describes the packet data. This context is opaque to the IPv6 firewall-hook driver. An IPv6 firewall-hook driver passes this pointer to the IPv6ObtainPacketData function in order to obtain the actual packet data.DataLength [in]
The length, in bytes, of the packet data that is described by the PacketContext parameter.InterfaceIndex [in]
The index of the network interface that the IPv6 packet is to be transmitted on or was received on.Direction [in]
The direction of the IPv6 packet in the IPv6 network stack. This parameter will be one of the following values:DirectionTransmit
The packet is to be transmitted to the network.DirectionReceive
The packet was received from the network
IsLoopBack [in]
A Boolean value that indicates if the packet is being looped back. A packet that is looped back is one that is both transmitted and received locally.
Return value
An IPv6 firewall-hook driver's IPv6FirewallHook function must return one of the following values to indicate what action is to be taken on the packet:
| Return code | Description |
|---|---|
| ActionAccept | Accept the packet. |
| ActionDrop | Drop the packet. |
Remarks
An IPv6 firewall-hook driver enables its FirewallHook function by calling the IPv6EnableFirewallHook function. After the IPv6 firewall-hook driver's FirewallHook function has been enabled, the IPv6 network stack calls the IPv6 firewall-hook driver's FirewallHook function with each received or transmitted IPv6 packet so that the IPv6 firewall-hook driver can determine if the packet is to be accepted or rejected.
An IPv6 firewall-hook driver disables its FirewallHook function by calling the IPv6DisableFirewallHook function.
If an IPv6 firewall-hook driver's FirewallHook function uses the packet data as criteria to determine whether a packet should be accepted or dropped, it must call the IPv6ObtainPacketData function to obtain a pointer to the packet data.
If an IPv6 firewall-hook driver's FirewallHook function uses the route to the packet's source address or destination address as criteria to determine if a packet should be accepted or dropped, it must call the IPv6GetBestRouteInfo function to obtain the route information.
The IPv6 network stack calls an IPv6 firewall-hook driver's FirewallHook function at any IRQL <= DISPATCH_LEVEL.
Requirements
Target platform |
Desktop |
Header |
Ip6firewall.h (include Ip6firewall.h) |
IRQL |
<= DISPATCH_LEVEL (see Remarks section) |
See also