Return to kernel_wfp_compat.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / kernel_wfp |
1.1 misho 1: /* 2: * Copyright (C) 2013 Martin Willi 3: * Copyright (C) 2013 revosec AG 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup kernel_wfp_compat kernel_wfp_compat 18: * @{ @ingroup kernel_wfp 19: */ 20: 21: #ifndef KERNEL_WFP_COMPAT_H_ 22: #define KERNEL_WFP_COMPAT_H_ 23: 24: #include <winsock2.h> 25: #include <windows.h> 26: #include <ipsectypes.h> 27: 28: /* MinGW defines CIPHERs incorrectly starting at 0 */ 29: #define IPSEC_CIPHER_TYPE_DES 1 30: #define IPSEC_CIPHER_TYPE_3DES 2 31: #define IPSEC_CIPHER_TYPE_AES_128 3 32: #define IPSEC_CIPHER_TYPE_AES_192 4 33: #define IPSEC_CIPHER_TYPE_AES_256 5 34: #define IPSEC_CIPHER_TYPE_MAX 6 35: 36: #include <fwpmtypes.h> 37: #include <fwpmu.h> 38: #undef interface 39: 40: /* MinGW defines TRANSFORMs incorrectly starting at 0 */ 41: #define IPSEC_TRANSFORM_AH 1 42: #define IPSEC_TRANSFORM_ESP_AUTH 2 43: #define IPSEC_TRANSFORM_ESP_CIPHER 3 44: #define IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER 4 45: #define IPSEC_TRANSFORM_ESP_AUTH_FW 5 46: #define IPSEC_TRANSFORM_TYPE_MAX 6 47: 48: /* missing in MinGW */ 49: enum { 50: FWPM_TUNNEL_FLAG_POINT_TO_POINT = (1<<0), 51: FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING = (1<<1), 52: }; 53: 54: /* missing in MinGW */ 55: enum { 56: IPSEC_SA_DETAILS_UPDATE_TRAFFIC = (1<<0), 57: IPSEC_SA_DETAILS_UPDATE_UDP_ENCAPSULATION = (1<<1), 58: IPSEC_SA_BUNDLE_UPDATE_FLAGS = (1<<2), 59: IPSEC_SA_BUNDLE_UPDATE_NAP_CONTEXT = (1<<3), 60: IPSEC_SA_BUNDLE_UPDATE_KEY_MODULE_STATE = (1<<4), 61: IPSEC_SA_BUNDLE_UPDATE_PEER_V4_PRIVATE_ADDRESS = (1<<5), 62: IPSEC_SA_BUNDLE_UPDATE_MM_SA_ID = (1<<6), 63: }; 64: 65: /* missing in MinGW */ 66: enum { 67: FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET = (1<<0), 68: FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET = (1<<1), 69: FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET = (1<<2), 70: FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET = (1<<3), 71: FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET = (1<<4), 72: FWPM_NET_EVENT_FLAG_APP_ID_SET = (1<<5), 73: FWPM_NET_EVENT_FLAG_USER_ID_SET = (1<<6), 74: FWPM_NET_EVENT_FLAG_SCOPE_ID_SET = (1<<7), 75: FWPM_NET_EVENT_FLAG_IP_VERSION_SET = (1<<8), 76: FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET = (1<<9), 77: }; 78: 79: /* missing in MinGW */ 80: enum { 81: FWPM_FILTER_FLAG_PERSISTENT = (1<<0), 82: FWPM_FILTER_FLAG_BOOTTIME = (1<<1), 83: FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT = (1<<2), 84: FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT = (1<<3), 85: FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED = (1<<4), 86: FWPM_FILTER_FLAG_DISABLED = (1<<5), 87: }; 88: 89: /* missing in MinGW */ 90: enum { 91: IPSEC_SA_BUNDLE_FLAG_ND_SECURE = (1<< 0), 92: IPSEC_SA_BUNDLE_FLAG_ND_BOUNDARY = (1<< 1), 93: IPSEC_SA_BUNDLE_FLAG_ND_PEER_NAT_BOUNDARY = (1<< 2), 94: IPSEC_SA_BUNDLE_FLAG_GUARANTEE_ENCRYPTION = (1<< 3), 95: IPSEC_SA_BUNDLE_FLAG_NLB = (1<< 4), 96: IPSEC_SA_BUNDLE_FLAG_NO_MACHINE_LUID_VERIFY = (1<< 5), 97: IPSEC_SA_BUNDLE_FLAG_NO_IMPERSONATION_LUID_VERIFY = (1<< 6), 98: IPSEC_SA_BUNDLE_FLAG_NO_EXPLICIT_CRED_MATCH = (1<< 7), 99: IPSEC_SA_BUNDLE_FLAG_ALLOW_NULL_TARGET_NAME_MATCH = (1<< 9), 100: IPSEC_SA_BUNDLE_FLAG_CLEAR_DF_ON_TUNNEL = (1<<10), 101: IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND = (1<<11), 102: IPSEC_SA_BUNDLE_FLAG_ND_PEER_BOUNDARY = (1<<12), 103: IPSEC_SA_BUNDLE_FLAG_SUPPRESS_DUPLICATE_DELETION = (1<<13), 104: IPSEC_SA_BUNDLE_FLAG_PEER_SUPPORTS_GUARANTEE_ENCRYPTION = (1<<14), 105: IPSEC_SA_BUNDLE_FLAG_FORCE_INBOUND_CONNECTIONS = (1<<15), 106: IPSEC_SA_BUNDLE_FLAG_FORCE_OUTBOUND_CONNECTIONS = (1<<16), 107: IPSEC_SA_BUNDLE_FLAG_FORWARD_PATH_INITIATOR = (1<<17), 108: }; 109: 110: /* missing in some MinGW versions */ 1.1.1.2 ! misho 111: extern const GUID FWPM_CONDITION_IP_REMOTE_ADDRESS; ! 112: extern const GUID FWPM_CONDITION_IP_LOCAL_ADDRESS; ! 113: extern const GUID FWPM_CONDITION_IP_SOURCE_ADDRESS; ! 114: extern const GUID FWPM_CONDITION_IP_DESTINATION_ADDRESS; ! 115: extern const GUID FWPM_CONDITION_IP_LOCAL_PORT; ! 116: extern const GUID FWPM_CONDITION_IP_REMOTE_PORT; ! 117: extern const GUID FWPM_CONDITION_IP_PROTOCOL; 1.1 misho 118: #ifndef FWPM_CONDITION_ICMP_TYPE 119: # define FWPM_CONDITION_ICMP_TYPE FWPM_CONDITION_IP_LOCAL_PORT 120: #endif 121: #ifndef FWPM_CONDITION_ICMP_CODE 122: # define FWPM_CONDITION_ICMP_CODE FWPM_CONDITION_IP_REMOTE_PORT 123: #endif 1.1.1.2 ! misho 124: extern const GUID FWPM_LAYER_INBOUND_TRANSPORT_V4; ! 125: extern const GUID FWPM_LAYER_INBOUND_TRANSPORT_V6; ! 126: extern const GUID FWPM_LAYER_OUTBOUND_TRANSPORT_V4; ! 127: extern const GUID FWPM_LAYER_OUTBOUND_TRANSPORT_V6; ! 128: extern const GUID FWPM_LAYER_IPFORWARD_V4; ! 129: extern const GUID FWPM_LAYER_IPFORWARD_V6; ! 130: extern const GUID FWPM_LAYER_ALE_AUTH_CONNECT_V4; ! 131: extern const GUID FWPM_LAYER_ALE_AUTH_CONNECT_V6; ! 132: extern const GUID FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4; ! 133: extern const GUID FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6; ! 134: extern const GUID FWPM_SUBLAYER_IPSEC_TUNNEL; ! 135: extern const GUID FWPM_SUBLAYER_IPSEC_FORWARD_OUTBOUND_TUNNEL; ! 136: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V4; ! 137: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V6; ! 138: extern const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V4; ! 139: extern const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V6; ! 140: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V4; ! 141: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V6; ! 142: extern const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V4; ! 143: extern const GUID FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V6; ! 144: extern const GUID FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V4; ! 145: extern const GUID FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V6; ! 146: extern const GUID FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V4; ! 147: extern const GUID FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V6; ! 148: extern const GUID FWPM_CALLOUT_IPSEC_ALE_CONNECT_V4; ! 149: extern const GUID FWPM_CALLOUT_IPSEC_ALE_CONNECT_V6; ! 150: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT_V4; ! 151: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT_V6; ! 152: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_INITIATE_SECURE_V4; ! 153: extern const GUID FWPM_CALLOUT_IPSEC_INBOUND_INITIATE_SECURE_V6; 1.1 misho 154: 155: /* integrity config, missing in some MinGW versions */ 156: #ifndef IPSEC_AUTH_CONFIG_HMAC_MD5_96 157: enum { 158: IPSEC_AUTH_CONFIG_HMAC_MD5_96 = 0, 159: IPSEC_AUTH_CONFIG_HMAC_SHA_1_96, 160: IPSEC_AUTH_CONFIG_HMAC_SHA_256_128, 161: IPSEC_AUTH_CONFIG_GCM_AES_128, 162: IPSEC_AUTH_CONFIG_GCM_AES_192, 163: IPSEC_AUTH_CONFIG_GCM_AES_256, 164: IPSEC_AUTH_CONFIG_MAX 165: }; 166: #define IPSEC_AUTH_TRANSFORM_ID_HMAC_MD5_96 { \ 167: IPSEC_AUTH_MD5, IPSEC_AUTH_CONFIG_HMAC_MD5_96 } 168: #define IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_1_96 { \ 169: IPSEC_AUTH_SHA_1, IPSEC_AUTH_CONFIG_HMAC_SHA_1_96 } 170: #define IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_256_128 { \ 171: IPSEC_AUTH_SHA_256, IPSEC_AUTH_CONFIG_HMAC_SHA_256_128 } 172: #define IPSEC_AUTH_TRANSFORM_ID_GCM_AES_128 { \ 173: IPSEC_AUTH_AES_128, IPSEC_AUTH_CONFIG_GCM_AES_128 } 174: #define IPSEC_AUTH_TRANSFORM_ID_GCM_AES_192 { \ 175: IPSEC_AUTH_AES_192, IPSEC_AUTH_CONFIG_GCM_AES_192 } 176: #define IPSEC_AUTH_TRANSFORM_ID_GCM_AES_256 { \ 177: IPSEC_AUTH_AES_256, IPSEC_AUTH_CONFIG_GCM_AES_256 } 178: #endif 179: 180: /* encryption config, missing in some MinGW versions */ 181: #ifndef IPSEC_CIPHER_CONFIG_CBC_DES 182: enum { 183: IPSEC_CIPHER_CONFIG_CBC_DES = 1, 184: IPSEC_CIPHER_CONFIG_CBC_3DES, 185: IPSEC_CIPHER_CONFIG_CBC_AES_128, 186: IPSEC_CIPHER_CONFIG_CBC_AES_192, 187: IPSEC_CIPHER_CONFIG_CBC_AES_256, 188: IPSEC_CIPHER_CONFIG_GCM_AES_128, 189: IPSEC_CIPHER_CONFIG_GCM_AES_192, 190: IPSEC_CIPHER_CONFIG_GCM_AES_256, 191: IPSEC_CIPHER_CONFIG_MAX 192: }; 193: #define IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_128 { \ 194: IPSEC_CIPHER_TYPE_AES_128, IPSEC_CIPHER_CONFIG_GCM_AES_128 } 195: #define IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_192 { \ 196: IPSEC_CIPHER_TYPE_AES_192, IPSEC_CIPHER_CONFIG_GCM_AES_192 } 197: #define IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_256 { \ 198: IPSEC_CIPHER_TYPE_AES_256, IPSEC_CIPHER_CONFIG_GCM_AES_256 } 199: #define IPSEC_CIPHER_TRANSFORM_ID_CBC_DES { \ 200: IPSEC_CIPHER_TYPE_DES, IPSEC_CIPHER_CONFIG_CBC_DES } 201: #define IPSEC_CIPHER_TRANSFORM_ID_CBC_3DES { \ 202: IPSEC_CIPHER_TYPE_3DES, IPSEC_CIPHER_CONFIG_CBC_3DES } 203: #define IPSEC_CIPHER_TRANSFORM_ID_AES_128 { \ 204: IPSEC_CIPHER_TYPE_AES_128, IPSEC_CIPHER_CONFIG_CBC_AES_128 } 205: #define IPSEC_CIPHER_TRANSFORM_ID_AES_192 { \ 206: IPSEC_CIPHER_TYPE_AES_192, IPSEC_CIPHER_CONFIG_CBC_AES_192 } 207: #define IPSEC_CIPHER_TRANSFORM_ID_AES_256 { \ 208: IPSEC_CIPHER_TYPE_AES_256, IPSEC_CIPHER_CONFIG_CBC_AES_256 } 209: #endif 210: 211: DWORD WINAPI FwpmIPsecTunnelAdd0(HANDLE, UINT32, 212: const FWPM_PROVIDER_CONTEXT0*, const FWPM_PROVIDER_CONTEXT0*, UINT32, 213: const FWPM_FILTER_CONDITION0*, PSECURITY_DESCRIPTOR); 214: 215: #endif /** KERNEL_WFP_COMPAT_H_ @}*/