NF_SRV_RULE =============== A rule defines the required action for network activity, described by other rule fields. .. code-block:: typedef enum _NF_SRV_DIRECTION { NF_SRV_D_SRC_TO_DST = 0, // Packets directed from source to destination NF_SRV_D_BOTH = 1 // Both directions } NF_SRV_DIRECTION; typedef enum _NF_SRV_FILTERING_FLAG { NF_SRV_ALLOW = 0, // Allow the activity NF_SRV_BLOCK = 1, // Block the activity NF_SRV_FILTER = 2, // Filter the transmitted packets } NF_SRV_FILTERING_FLAG; typedef struct _NF_SRV_PORT_RANGE { unsigned short valueLow; unsigned short valueHigh; } NF_SRV_PORT_RANGE, *PNF_SRV_PORT_RANGE; typedef struct _NF_IP_ADDRESS { union { DWORD v4; UCHAR v6[16]; }; } NF_IP_ADDRESS, *PNF_IP_ADDRESS; typedef struct _NF_ADDRESS { unsigned char ipFamily; unsigned short port; NF_IP_ADDRESS ip; } NF_ADDRESS, *PNF_ADDRESS; typedef struct _NF_SRV_RULE_ACTION { NF_ADDRESS tcpRedirectTo; // Local address for redirecting TCP when NF_SRV_FILTER flag is set in filteringFlag NF_ADDRESS udpRedirectTo; // Local address for redirecting UDP when NF_SRV_FILTER flag is set in filteringFlag unsigned int fcHandle; // Flow control context unsigned long filteringFlag; // See NF_SRV_FILTERING_FLAG } NF_SRV_RULE_ACTION, *PNF_SRV_RULE_ACTION; #ifndef NF_MAX_IP_ADDRESS_LENGTH #define NF_MAX_IP_ADDRESS_LENGTH 16 #endif typedef struct _NF_SRV_RULE { unsigned short ip_family; // AF_INET for IPv4 and AF_INET6 for IPv6 int protocol; // IPPROTO_TCP, IPPROTO_UDP, ... unsigned long long interfaceLuid; // Luid of the network interface // NF_D_SRC_TO_DST - apply the rule to traffic directed from source to destination // NF_D_BOTH - apply the rule to all traffic between // the specified destination and source IP addresses and ports NF_SRV_DIRECTION direction; NF_SRV_PORT_RANGE srcPort; // Source port(s) NF_SRV_PORT_RANGE dstPort; // Destination port(s) // Source IP (or network if srcIpAddressMask is not zero) unsigned char srcIpAddress[NF_MAX_IP_ADDRESS_LENGTH]; // Source IP mask unsigned char srcIpAddressMask[NF_MAX_IP_ADDRESS_LENGTH]; // Destination IP (or network if remoteIpAddressMask is not zero) unsigned char dstIpAddress[NF_MAX_IP_ADDRESS_LENGTH]; // Destination IP mask unsigned char dstIpAddressMask[NF_MAX_IP_ADDRESS_LENGTH]; NF_SRV_RULE_ACTION action; // Rule action fields } NF_SRV_RULE, *PNF_SRV_RULE; NF_SRV_RULE -------------- ip_family Describes the family of IP addresses in rule. Specify AF_INET for IPv4 and AF_INET6 for IPv6. If ip_family is zero, the driver doesn't use the IP addresses specified in a rule. protocol Network protocol (IPPROTO_TCP, IPPROTO_UDP, IPPROTO_ICMP etc.). Zero means any protocol. interfaceLuid Identifier of a network interface for applying the rule. direction The direction of network activity. The default value NF_SRV_D_SRC_TO_DST instructs to apply the IP and port conditions as-is for source and destination IP and port. NF_SRV_D_BOTH makes the driver to apply the IP and port conditions also to backward traffic. It allows to avoid using an additional rule with swapped source and destination conditions when it is necessary to bypass or block the traffic in both directions. srcPort Source port range (the ports are in host order). dstPort Destination port range (the ports are in host order). srcIpAddress Source IPv4 or IPv6 address. Zero means any address. srcIpAddressMask If srcIpAddressMask is not zero, the rule is applied to network activity with a source address from the network srcIpAddress & srcIpAddressMask. dstIpAddress Destination IPv4 or IPv6 address. Zero means any address. dstIpAddressMask If dstIpAddressMask is not zero, the rule is applied to network activity with a destination address from the network dstIpAddress & dstIpAddressMask. action NF_SRV_RULE_ACTION structure specifying the required rule actions. NF_SRV_RULE_ACTION -------------------- tcpRedirectTo Specifies IP and port of a local proxy for redirection of filtered TCP connections. Zeros means that the library must assign the IP and port of internal TCP proxy. udpRedirectTo Specifies IP and port of a local proxy for redirection of filtered UDP packets. Zeros means that the library must assign the IP and port of internal UDP proxy. fcHandle Flow control handle for the suitable network activity. Zero means no handle. filteringFlag NF_SRV_ALLOW = 0 Allow the activity without filtering transmitted packets. This flag is applied to all network activity, which is not described by any rule. NF_SRV_BLOCK = 1 Block the activity. NF_SRV_FILTER = 2 Filter the transmitted packets by redirecting them to local proxies. The IP addresses in rule must have network byte order. The port ranges are in host byte order. Zero in rule field means that it's value is undefined, and the field should be ignored.