NF_SRV_RULE¶

A rule defines the required action for network activity, described by other rule fields.

typedef enum _NF_SRV_DIRECTION
{
        NF_SRV_D_SRC_TO_DST = 0,        // Packets directed from source to destination
        NF_SRV_D_BOTH = 1                       // Both directions
} NF_SRV_DIRECTION;

typedef enum _NF_SRV_FILTERING_FLAG
{
        NF_SRV_ALLOW = 0,               // Allow the activity
        NF_SRV_BLOCK = 1,               // Block the activity
        NF_SRV_FILTER = 2,              // Filter the transmitted packets
} NF_SRV_FILTERING_FLAG;

typedef struct _NF_SRV_PORT_RANGE
{
        unsigned short valueLow;
        unsigned short valueHigh;
} NF_SRV_PORT_RANGE, *PNF_SRV_PORT_RANGE;

typedef struct _NF_IP_ADDRESS
{
        union
        {
                DWORD   v4;
                UCHAR   v6[16];
        };
} NF_IP_ADDRESS, *PNF_IP_ADDRESS;

typedef struct _NF_ADDRESS
{
        unsigned char   ipFamily;
        unsigned short  port;
        NF_IP_ADDRESS   ip;
} NF_ADDRESS, *PNF_ADDRESS;

typedef struct _NF_SRV_RULE_ACTION
{
        NF_ADDRESS      tcpRedirectTo;  // Local address for redirecting TCP when NF_SRV_FILTER flag is set in filteringFlag
        NF_ADDRESS      udpRedirectTo;  // Local address for redirecting UDP when NF_SRV_FILTER flag is set in filteringFlag
        unsigned int    fcHandle;       // Flow control context
        unsigned long   filteringFlag;  // See NF_SRV_FILTERING_FLAG
} NF_SRV_RULE_ACTION, *PNF_SRV_RULE_ACTION;

#ifndef NF_MAX_IP_ADDRESS_LENGTH
#define NF_MAX_IP_ADDRESS_LENGTH        16
#endif

typedef struct _NF_SRV_RULE
{
        unsigned short  ip_family;      // AF_INET for IPv4 and AF_INET6 for IPv6
        int                     protocol;       // IPPROTO_TCP, IPPROTO_UDP, ...
        unsigned long long      interfaceLuid; // Luid of the network interface

        // NF_D_SRC_TO_DST - apply the rule to traffic directed from source to destination
        // NF_D_BOTH - apply the rule to all traffic between
        //              the specified destination and source IP addresses and ports
        NF_SRV_DIRECTION direction;

        NF_SRV_PORT_RANGE       srcPort;        // Source port(s)
        NF_SRV_PORT_RANGE       dstPort;        // Destination port(s)

        // Source IP (or network if srcIpAddressMask is not zero)
        unsigned char   srcIpAddress[NF_MAX_IP_ADDRESS_LENGTH];
        // Source IP mask
        unsigned char   srcIpAddressMask[NF_MAX_IP_ADDRESS_LENGTH];

        // Destination IP (or network if remoteIpAddressMask is not zero)
        unsigned char   dstIpAddress[NF_MAX_IP_ADDRESS_LENGTH];
        // Destination IP mask
        unsigned char   dstIpAddressMask[NF_MAX_IP_ADDRESS_LENGTH];

        NF_SRV_RULE_ACTION              action; // Rule action fields
} NF_SRV_RULE, *PNF_SRV_RULE;

NF_SRV_RULE¶

ip_family: Describes the family of IP addresses in rule. Specify AF_INET for IPv4 and AF_INET6 for IPv6. If ip_family is zero, the driver doesn’t use the IP addresses specified in a rule.
protocol: Network protocol (IPPROTO_TCP, IPPROTO_UDP, IPPROTO_ICMP etc.). Zero means any protocol.
interfaceLuid: Identifier of a network interface for applying the rule.
direction: The direction of network activity. The default value NF_SRV_D_SRC_TO_DST instructs to apply the IP and port conditions as-is for source and destination IP and port. NF_SRV_D_BOTH makes the driver to apply the IP and port conditions also to backward traffic. It allows to avoid using an additional rule with swapped source and destination conditions when it is necessary to bypass or block the traffic in both directions.
srcPort: Source port range (the ports are in host order).
dstPort: Destination port range (the ports are in host order).
srcIpAddress: Source IPv4 or IPv6 address. Zero means any address.
srcIpAddressMask: If srcIpAddressMask is not zero, the rule is applied to network activity with a source address from the network srcIpAddress & srcIpAddressMask.
dstIpAddress: Destination IPv4 or IPv6 address. Zero means any address.
dstIpAddressMask: If dstIpAddressMask is not zero, the rule is applied to network activity with a destination address from the network dstIpAddress & dstIpAddressMask.
action: NF_SRV_RULE_ACTION structure specifying the required rule actions.

NF_SRV_RULE_ACTION¶

tcpRedirectTo

Specifies IP and port of a local proxy for redirection of filtered TCP connections. Zeros means that the library must assign the IP and port of internal TCP proxy.

udpRedirectTo

Specifies IP and port of a local proxy for redirection of filtered UDP packets. Zeros means that the library must assign the IP and port of internal UDP proxy.

fcHandle

Flow control handle for the suitable network activity. Zero means no handle.

filteringFlag

NF_SRV_ALLOW = 0: Allow the activity without filtering transmitted packets. This flag is applied to all network activity, which is not described by any rule.
NF_SRV_BLOCK = 1: Block the activity.
NF_SRV_FILTER = 2: Filter the transmitted packets by redirecting them to local proxies.

The IP addresses in rule must have network byte order. The port ranges are in host byte order. Zero in rule field means that it’s value is undefined, and the field should be ignored.