Annotation of embedaddon/strongswan/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2013 Martin Willi
3: * Copyright (C) 2013 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup kernel_wfp_compat kernel_wfp_compat
18: * @{ @ingroup kernel_wfp
19: */
20:
21: #ifndef KERNEL_WFP_COMPAT_H_
22: #define KERNEL_WFP_COMPAT_H_
23:
24: #include <winsock2.h>
25: #include <windows.h>
26: #include <ipsectypes.h>
27:
28: /* MinGW defines CIPHERs incorrectly starting at 0 */
29: #define IPSEC_CIPHER_TYPE_DES 1
30: #define IPSEC_CIPHER_TYPE_3DES 2
31: #define IPSEC_CIPHER_TYPE_AES_128 3
32: #define IPSEC_CIPHER_TYPE_AES_192 4
33: #define IPSEC_CIPHER_TYPE_AES_256 5
34: #define IPSEC_CIPHER_TYPE_MAX 6
35:
36: #include <fwpmtypes.h>
37: #include <fwpmu.h>
38: #undef interface
39:
40: /* MinGW defines TRANSFORMs incorrectly starting at 0 */
41: #define IPSEC_TRANSFORM_AH 1
42: #define IPSEC_TRANSFORM_ESP_AUTH 2
43: #define IPSEC_TRANSFORM_ESP_CIPHER 3
44: #define IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER 4
45: #define IPSEC_TRANSFORM_ESP_AUTH_FW 5
46: #define IPSEC_TRANSFORM_TYPE_MAX 6
47:
48: /* missing in MinGW */
49: enum {
50: FWPM_TUNNEL_FLAG_POINT_TO_POINT = (1<<0),
51: FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING = (1<<1),
52: };
53:
54: /* missing in MinGW */
55: enum {
56: IPSEC_SA_DETAILS_UPDATE_TRAFFIC = (1<<0),
57: IPSEC_SA_DETAILS_UPDATE_UDP_ENCAPSULATION = (1<<1),
58: IPSEC_SA_BUNDLE_UPDATE_FLAGS = (1<<2),
59: IPSEC_SA_BUNDLE_UPDATE_NAP_CONTEXT = (1<<3),
60: IPSEC_SA_BUNDLE_UPDATE_KEY_MODULE_STATE = (1<<4),
61: IPSEC_SA_BUNDLE_UPDATE_PEER_V4_PRIVATE_ADDRESS = (1<<5),
62: IPSEC_SA_BUNDLE_UPDATE_MM_SA_ID = (1<<6),
63: };
64:
65: /* missing in MinGW */
66: enum {
67: FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET = (1<<0),
68: FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET = (1<<1),
69: FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET = (1<<2),
70: FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET = (1<<3),
71: FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET = (1<<4),
72: FWPM_NET_EVENT_FLAG_APP_ID_SET = (1<<5),
73: FWPM_NET_EVENT_FLAG_USER_ID_SET = (1<<6),
74: FWPM_NET_EVENT_FLAG_SCOPE_ID_SET = (1<<7),
75: FWPM_NET_EVENT_FLAG_IP_VERSION_SET = (1<<8),
76: FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET = (1<<9),
77: };
78:
79: /* missing in MinGW */
80: enum {
81: FWPM_FILTER_FLAG_PERSISTENT = (1<<0),
82: FWPM_FILTER_FLAG_BOOTTIME = (1<<1),
83: FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT = (1<<2),
84: FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT = (1<<3),
85: FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED = (1<<4),
86: FWPM_FILTER_FLAG_DISABLED = (1<<5),
87: };
88:
89: /* missing in MinGW */
90: enum {
91: IPSEC_SA_BUNDLE_FLAG_ND_SECURE = (1<< 0),
92: IPSEC_SA_BUNDLE_FLAG_ND_BOUNDARY = (1<< 1),
93: IPSEC_SA_BUNDLE_FLAG_ND_PEER_NAT_BOUNDARY = (1<< 2),
94: IPSEC_SA_BUNDLE_FLAG_GUARANTEE_ENCRYPTION = (1<< 3),
95: IPSEC_SA_BUNDLE_FLAG_NLB = (1<< 4),
96: IPSEC_SA_BUNDLE_FLAG_NO_MACHINE_LUID_VERIFY = (1<< 5),
97: IPSEC_SA_BUNDLE_FLAG_NO_IMPERSONATION_LUID_VERIFY = (1<< 6),
98: IPSEC_SA_BUNDLE_FLAG_NO_EXPLICIT_CRED_MATCH = (1<< 7),
99: IPSEC_SA_BUNDLE_FLAG_ALLOW_NULL_TARGET_NAME_MATCH = (1<< 9),
100: IPSEC_SA_BUNDLE_FLAG_CLEAR_DF_ON_TUNNEL = (1<<10),
101: IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND = (1<<11),
102: IPSEC_SA_BUNDLE_FLAG_ND_PEER_BOUNDARY = (1<<12),
103: IPSEC_SA_BUNDLE_FLAG_SUPPRESS_DUPLICATE_DELETION = (1<<13),
104: IPSEC_SA_BUNDLE_FLAG_PEER_SUPPORTS_GUARANTEE_ENCRYPTION = (1<<14),
105: IPSEC_SA_BUNDLE_FLAG_FORCE_INBOUND_CONNECTIONS = (1<<15),
106: IPSEC_SA_BUNDLE_FLAG_FORCE_OUTBOUND_CONNECTIONS = (1<<16),
107: IPSEC_SA_BUNDLE_FLAG_FORWARD_PATH_INITIATOR = (1<<17),
108: };
109:
110: /* missing in some MinGW versions */
111: const GUID FWPM_CONDITION_IP_REMOTE_ADDRESS;
112: const GUID FWPM_CONDITION_IP_LOCAL_ADDRESS;
113: const GUID FWPM_CONDITION_IP_SOURCE_ADDRESS;
114: const GUID FWPM_CONDITION_IP_DESTINATION_ADDRESS;
115: const GUID FWPM_CONDITION_IP_LOCAL_PORT;
116: const GUID FWPM_CONDITION_IP_REMOTE_PORT;
117: const GUID FWPM_CONDITION_IP_PROTOCOL;
118: #ifndef FWPM_CONDITION_ICMP_TYPE
119: # define FWPM_CONDITION_ICMP_TYPE FWPM_CONDITION_IP_LOCAL_PORT
120: #endif
121: #ifndef FWPM_CONDITION_ICMP_CODE
122: # define FWPM_CONDITION_ICMP_CODE FWPM_CONDITION_IP_REMOTE_PORT
123: #endif
124: const GUID FWPM_LAYER_INBOUND_TRANSPORT_V4;
125: const GUID FWPM_LAYER_INBOUND_TRANSPORT_V6;
126: const GUID FWPM_LAYER_OUTBOUND_TRANSPORT_V4;
127: const GUID FWPM_LAYER_OUTBOUND_TRANSPORT_V6;
128: const GUID FWPM_LAYER_IPFORWARD_V4;
129: const GUID FWPM_LAYER_IPFORWARD_V6;
130: const GUID FWPM_LAYER_ALE_AUTH_CONNECT_V4;
131: const GUID FWPM_LAYER_ALE_AUTH_CONNECT_V6;
132: const GUID FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
133: const GUID FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
134: const GUID FWPM_SUBLAYER_IPSEC_TUNNEL;
135: const GUID FWPM_SUBLAYER_IPSEC_FORWARD_OUTBOUND_TUNNEL;
136: const GUID FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V4;
137: const GUID FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V6;
138: const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V4;
139: const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V6;
140: const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V4;
141: const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V6;
142: const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V4;
143: const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V6;
144: const GUID FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V4;
145: const GUID FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V6;
146: const GUID FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V4;
147: const GUID FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V6;
148: const GUID FWPM_CALLOUT_IPSEC_ALE_CONNECT_V4;
149: const GUID FWPM_CALLOUT_IPSEC_ALE_CONNECT_V6;
150: const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT_V4;
151: const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT_V6;
152: const GUID FWPM_CALLOUT_IPSEC_INBOUND_INITIATE_SECURE_V4;
153: const GUID FWPM_CALLOUT_IPSEC_INBOUND_INITIATE_SECURE_V6;
154:
155: /* integrity config, missing in some MinGW versions */
156: #ifndef IPSEC_AUTH_CONFIG_HMAC_MD5_96
157: enum {
158: IPSEC_AUTH_CONFIG_HMAC_MD5_96 = 0,
159: IPSEC_AUTH_CONFIG_HMAC_SHA_1_96,
160: IPSEC_AUTH_CONFIG_HMAC_SHA_256_128,
161: IPSEC_AUTH_CONFIG_GCM_AES_128,
162: IPSEC_AUTH_CONFIG_GCM_AES_192,
163: IPSEC_AUTH_CONFIG_GCM_AES_256,
164: IPSEC_AUTH_CONFIG_MAX
165: };
166: #define IPSEC_AUTH_TRANSFORM_ID_HMAC_MD5_96 { \
167: IPSEC_AUTH_MD5, IPSEC_AUTH_CONFIG_HMAC_MD5_96 }
168: #define IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_1_96 { \
169: IPSEC_AUTH_SHA_1, IPSEC_AUTH_CONFIG_HMAC_SHA_1_96 }
170: #define IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_256_128 { \
171: IPSEC_AUTH_SHA_256, IPSEC_AUTH_CONFIG_HMAC_SHA_256_128 }
172: #define IPSEC_AUTH_TRANSFORM_ID_GCM_AES_128 { \
173: IPSEC_AUTH_AES_128, IPSEC_AUTH_CONFIG_GCM_AES_128 }
174: #define IPSEC_AUTH_TRANSFORM_ID_GCM_AES_192 { \
175: IPSEC_AUTH_AES_192, IPSEC_AUTH_CONFIG_GCM_AES_192 }
176: #define IPSEC_AUTH_TRANSFORM_ID_GCM_AES_256 { \
177: IPSEC_AUTH_AES_256, IPSEC_AUTH_CONFIG_GCM_AES_256 }
178: #endif
179:
180: /* encryption config, missing in some MinGW versions */
181: #ifndef IPSEC_CIPHER_CONFIG_CBC_DES
182: enum {
183: IPSEC_CIPHER_CONFIG_CBC_DES = 1,
184: IPSEC_CIPHER_CONFIG_CBC_3DES,
185: IPSEC_CIPHER_CONFIG_CBC_AES_128,
186: IPSEC_CIPHER_CONFIG_CBC_AES_192,
187: IPSEC_CIPHER_CONFIG_CBC_AES_256,
188: IPSEC_CIPHER_CONFIG_GCM_AES_128,
189: IPSEC_CIPHER_CONFIG_GCM_AES_192,
190: IPSEC_CIPHER_CONFIG_GCM_AES_256,
191: IPSEC_CIPHER_CONFIG_MAX
192: };
193: #define IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_128 { \
194: IPSEC_CIPHER_TYPE_AES_128, IPSEC_CIPHER_CONFIG_GCM_AES_128 }
195: #define IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_192 { \
196: IPSEC_CIPHER_TYPE_AES_192, IPSEC_CIPHER_CONFIG_GCM_AES_192 }
197: #define IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_256 { \
198: IPSEC_CIPHER_TYPE_AES_256, IPSEC_CIPHER_CONFIG_GCM_AES_256 }
199: #define IPSEC_CIPHER_TRANSFORM_ID_CBC_DES { \
200: IPSEC_CIPHER_TYPE_DES, IPSEC_CIPHER_CONFIG_CBC_DES }
201: #define IPSEC_CIPHER_TRANSFORM_ID_CBC_3DES { \
202: IPSEC_CIPHER_TYPE_3DES, IPSEC_CIPHER_CONFIG_CBC_3DES }
203: #define IPSEC_CIPHER_TRANSFORM_ID_AES_128 { \
204: IPSEC_CIPHER_TYPE_AES_128, IPSEC_CIPHER_CONFIG_CBC_AES_128 }
205: #define IPSEC_CIPHER_TRANSFORM_ID_AES_192 { \
206: IPSEC_CIPHER_TYPE_AES_192, IPSEC_CIPHER_CONFIG_CBC_AES_192 }
207: #define IPSEC_CIPHER_TRANSFORM_ID_AES_256 { \
208: IPSEC_CIPHER_TYPE_AES_256, IPSEC_CIPHER_CONFIG_CBC_AES_256 }
209: #endif
210:
211: DWORD WINAPI FwpmIPsecTunnelAdd0(HANDLE, UINT32,
212: const FWPM_PROVIDER_CONTEXT0*, const FWPM_PROVIDER_CONTEXT0*, UINT32,
213: const FWPM_FILTER_CONDITION0*, PSECURITY_DESCRIPTOR);
214:
215: #endif /** KERNEL_WFP_COMPAT_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to kernel_wfp_compat.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / kernel_wfp