A rule defines the filtering flag and redirection settings for bind requests, described by other rule fields.
typedef struct _NF_BINDING_RULE { int protocol; // IPPROTO_TCP or IPPROTO_UDP unsigned long processId; // Process identifier // Process name tail mask (supports * as 0 or more symbols) wchar_t processName[MAX_PATH]; unsigned short localPort; // Local port unsigned short ip_family; // AF_INET for IPv4 and AF_INET6 for IPv6 // Local IP (or network if localIpAddressMask is not zero) unsigned char localIpAddress[NF_MAX_IP_ADDRESS_LENGTH]; // Local IP mask unsigned char localIpAddressMask[NF_MAX_IP_ADDRESS_LENGTH]; // Redirect bind request to this IP unsigned char newLocalIpAddress[NF_MAX_IP_ADDRESS_LENGTH]; // Redirect bind request to this port, if it is not zero unsigned short newLocalPort; unsigned long filteringFlag; // See NF_FILTERING_FLAG, NF_ALLOW or NF_FILTER } NF_BINDING_RULE, *PNF_BINDING_RULE;
The binding rules can be used to redirect the bind requests for specific processes and protocols to the new address and/or port. It allows to bind the sockets of some process to some network interface when there are several network interfaces in system. For example in result the traffic of this process can use VPN via the appropriate link, and other processes use the default routing. Also it is possible to bind the server sockets to another IP/port.
All ports and IP addresses in rule must have network byte order. Zero in rule field means that its value is undefined, and the field should be ignored.
The following values are allowed for filteringFlag:
NF_ALLOW = 0
Bypass the bind request. This flag is applied to all requests not described by any rule.
NF_FILTER = 2
Redirect requests to IP address and/or port specified in newLocalIpAddress and newLocalPort.
Driver type | WFP |
Header | nfapi.h |
Library | nfapi.lib |