archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/net/published/inc/ipsec.w

560 lines
17 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997-2001 Microsoft Corporation
  5. Module Name:
  7. ipsec.h
  9. Abstract:
  11. Generic include file used by components to access the IPSEC driver.
  12. Contains the SAAPI IOCTLs and the structures relevant to them.
  14. Author:
  16. Sanjay Anand (SanjayAn) 2-January-1997
  18. Environment:
  20. Kernel mode
  22. Revision History:
  24. --*/
  25. #ifndef _IPSEC_H
  26. #define _IPSEC_H
  28. #include <windef.h>
  29. #include <winipsec.h>
  31. //
  32. // NOTE: all addresses are expected in Network byte order
  33. //
  34. typedef unsigned long IPAddr;
  35. typedef unsigned long IPMask;
  37. //
  38. // This should go into a global header
  39. //
  41. #define DD_IPSEC_DEVICE_NAME L"\\Device\\IPSEC"
  42. #define DD_IPSEC_SYM_NAME L"\\DosDevices\\IPSECDev"
  43. #define DD_IPSEC_DOS_NAME L"\\\\.\\IPSECDev"
  45. //
  46. // This is the name of the event that will be signaled after any policy changes have been applied.
  47. //
  48. #define IPSEC_POLICY_CHANGE_NOTIFY L"IPSEC_POLICY_CHANGE_NOTIFY"
  50. // //
  51. // IOCTL code definitions and related structures //
  52. // All the IOCTLs are synchronous and need administrator privilege //
  53. // //
  54. #define FSCTL_IPSEC_BASE FILE_DEVICE_NETWORK
  56. #define _IPSEC_CTL_CODE(function, method, access) \
  57. CTL_CODE(FSCTL_IPSEC_BASE, function, method, access)
  59. //
  60. // Security Association/Policy APIs implemented as Ioctls
  61. //
  62. #define IOCTL_IPSEC_ADD_FILTER \
  63. _IPSEC_CTL_CODE(0, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  65. #define IOCTL_IPSEC_DELETE_FILTER \
  66. _IPSEC_CTL_CODE(1, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  68. #define IOCTL_IPSEC_POST_FOR_ACQUIRE_SA \
  69. _IPSEC_CTL_CODE(2, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  71. #define IOCTL_IPSEC_GET_SPI \
  72. _IPSEC_CTL_CODE(3, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  74. #define IOCTL_IPSEC_UPDATE_SA \
  75. _IPSEC_CTL_CODE(4, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  77. #define IOCTL_IPSEC_ADD_SA \
  78. _IPSEC_CTL_CODE(5, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  80. #define IOCTL_IPSEC_DELETE_SA \
  81. _IPSEC_CTL_CODE(6, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  83. #define IOCTL_IPSEC_EXPIRE_SA \
  84. _IPSEC_CTL_CODE(7, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  86. #define IOCTL_IPSEC_ENUM_SAS \
  87. _IPSEC_CTL_CODE(8, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
  89. #define IOCTL_IPSEC_ENUM_FILTERS \
  90. _IPSEC_CTL_CODE(9, METHOD_OUT_DIRECT, FILE_WRITE_ACCESS)
  92. #define IOCTL_IPSEC_QUERY_EXPORT \
  93. _IPSEC_CTL_CODE(10, METHOD_BUFFERED, FILE_ANY_ACCESS)
  95. #define IOCTL_IPSEC_QUERY_STATS \
  96. _IPSEC_CTL_CODE(11, METHOD_BUFFERED, FILE_ANY_ACCESS)
  98. #define IOCTL_IPSEC_QUERY_SPI \
  99. _IPSEC_CTL_CODE(12, METHOD_BUFFERED, FILE_ANY_ACCESS)
  101. #define IOCTL_IPSEC_SET_OPERATION_MODE \
  102. _IPSEC_CTL_CODE(13, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  104. #define IOCTL_IPSEC_SET_TCPIP_STATUS \
  105. _IPSEC_CTL_CODE(14, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  107. #define IOCTL_IPSEC_REGISTER_PROTOCOL \
  108. _IPSEC_CTL_CODE(15, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  110. #define IOCTL_IPSEC_GET_OPERATION_MODE \
  111. _IPSEC_CTL_CODE(16, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  113. #define IOCTL_IPSEC_SET_DIAGNOSTIC_MODE \
  114. _IPSEC_CTL_CODE(17, METHOD_BUFFERED, FILE_WRITE_ACCESS)
  116. //
  117. // Structures to go with the ioctls above
  118. //
  119. #define FILTER_FLAGS_PASS_THRU 0x0001
  120. #define FILTER_FLAGS_DROP 0x0002
  121. #define FILTER_FLAGS_INBOUND 0x0004
  122. #define FILTER_FLAGS_OUTBOUND 0x0008
  123. #define FILTER_FLAGS_MANUAL 0x0010
  125. // Flags for DestType in acquire
  126. #define IPSEC_BCAST 0x1
  127. #define IPSEC_MCAST 0x2
  130. //
  131. // Special constants for ExType member of _IPSEC_FILTER
  132. //
  134. #define EXT_NORMAL 0x00
  135. #define EXT_DNS_SERVER 0X01
  136. #define EXT_WINS_SERVER 0X02
  137. #define EXT_DHCP_SERVER 0X03
  138. #define EXT_DEFAULT_GATEWAY 0X04
  140. // The following flag is OR-ed with the above to specify that the
  141. // destination address is the special address. If not OR-ed, it this
  142. // means the source address is the special address.
  144. #define EXT_DEST 0x80
  146. //
  147. // for IOCTL_IPSEC_ADD_FILTER
  148. //
  149. typedef struct _IPSEC_FILTER {
  150. IPAddr SrcAddr;
  151. IPMask SrcMask;
  152. IPAddr DestAddr;
  153. IPMask DestMask;
  154. IPAddr TunnelAddr;
  155. DWORD Protocol;
  156. WORD SrcPort;
  157. WORD DestPort;
  158. BOOLEAN TunnelFilter;
  159. UCHAR ExType;
  160. WORD Flags;
  161. } IPSEC_FILTER, *PIPSEC_FILTER;
  163. typedef struct _IPSEC_FILTER_INFO {
  164. GUID FilterId; // unique identifier to identify a filter
  165. GUID PolicyId; // unique identifier to identify a policy entry
  166. ULONG Index; // hint on where this entry fits in the ordered list of filters
  167. IPSEC_FILTER AssociatedFilter;
  168. } IPSEC_FILTER_INFO, *PIPSEC_FILTER_INFO;
  170. typedef struct _IPSEC_ADD_FILTER {
  171. DWORD NumEntries;
  172. IPSEC_FILTER_INFO pInfo[1];
  173. } IPSEC_ADD_FILTER, *PIPSEC_ADD_FILTER;
  175. //
  176. // for IOCTL_IPSEC_DELETE_FILTER
  177. //
  178. typedef IPSEC_ADD_FILTER IPSEC_DELETE_FILTER, *PIPSEC_DELETE_FILTER;
  180. //
  181. // for IOCTL_IPSEC_ENUM_FILTERS
  182. //
  183. typedef struct _IPSEC_ENUM_FILTERS {
  184. DWORD NumEntries; // num entries for which there is space
  185. DWORD NumEntriesPresent; // num entries actually present in the driver
  186. IPSEC_FILTER_INFO pInfo[1];
  187. } IPSEC_ENUM_FILTERS, *PIPSEC_ENUM_FILTERS;
  189. //
  190. // for IOCTL_IPSEC_QUERY_STATS
  191. //
  192. typedef IPSEC_STATISTICS IPSEC_QUERY_STATS, *PIPSEC_QUERY_STATS;
  194. //
  195. // for IOCTL_IPSEC_SET_OPERATION_MODE
  196. // & IOCTL_IPSEC_GET_OPERATION_MODE
  197. //
  198. typedef enum _OPERATION_MODE {
  199. IPSEC_BYPASS_MODE = 0,
  200. IPSEC_BLOCK_MODE,
  201. IPSEC_SECURE_MODE,
  202. IPSEC_BOOTTIME_STATEFUL_MODE,
  203. IPSEC_OPERATION_MODE_MAX
  204. } OPERATION_MODE;
  206. //defines the forwarding behavior to apply in
  207. //boot and boottime stateful mode
  208. typedef enum _IPSEC_FORWARDING_BEHAVIOR{
  209. IPSEC_FORWARD_BYPASS =0,
  210. IPSEC_FORWARD_BLOCK,
  211. IPSEC_FORWARD_MAX
  212. } IPSEC_FORWARDING_BEHAVIOR;
  214. // Following defines and structs
  215. // for boot time security
  216. #define EXEMPT_DIRECTION_INBOUND 0x1
  217. #define EXEMPT_DIRECTION_OUTBOUND 0x2
  218. #define EXEMPT_TYPE_PDP 0x1
  221. typedef struct _IPSEC_EXEMPT_ENTRY {
  222. ULONG Type;
  223. ULONG Size;
  224. BYTE Protocol;
  225. BYTE Direction;
  226. USHORT SrcPort;
  227. USHORT DestPort;
  228. USHORT Reserved;
  229. } IPSEC_EXEMPT_ENTRY, *PIPSEC_EXEMPT_ENTRY;
  231. typedef struct _IPSEC_SET_OPERATION_MODE {
  232. OPERATION_MODE OperationMode;
  233. } IPSEC_SET_OPERATION_MODE, *PIPSEC_SET_OPERATION_MODE;
  236. typedef struct _IPSEC_GET_OPERATION_MODE {
  237. OPERATION_MODE OperationMode;
  238. } IPSEC_GET_OPERATION_MODE, * PIPSEC_GET_OPERATION_MODE;
  242. // For IOCTL_IPSEC_SET_DIAGNOSTIC_MODE
  243. #define IPSEC_DIAGNOSTIC_DISABLE_LOG 0x00000000
  244. #define IPSEC_DIAGNOSTIC_ENABLE_LOG 0x00000001
  245. #define IPSEC_DIAGNOSTIC_INBOUND 0x00000002
  246. #define IPSEC_DIAGNOSTIC_OUTBOUND 0x00000004
  247. #define IPSEC_DIAGNOSTIC_MAX 0x00000007
  249. typedef struct _IPSEC_SET_DIAGNOSTIC_MODE{
  250. DWORD Mode;
  251. DWORD LogInterval;
  252. } IPSEC_SET_DIAGNOSTIC_MODE, * PIPSEC_SET_DIAGNOSTIC_MODE;
  255. // For IOCTL_IPSEC_REGISTER_PROTOCOL.
  256. //
  258. typedef enum _REGISTER_IPSEC_PROTOCOL {
  259. IPSEC_REGISTER_PROTOCOLS = 0,
  260. IPSEC_DEREGISTER_PROTOCOLS,
  261. REGISTER_IPSEC_PROTOCOL_MAX
  262. } REGISTER_IPSEC_PROTOCOL, * PREGISTER_IPSEC_PROTOCOL;
  265. typedef struct _IPSEC_REGISTER_PROTOCOL {
  266. REGISTER_IPSEC_PROTOCOL RegisterProtocol;
  267. } IPSEC_REGISTER_PROTOCOL, * PIPSEC_REGISTER_PROTOCOL;
  270. //
  271. // for IOCTL_IPSEC_SET_TCPIP_STATUS
  272. //
  273. typedef struct _IPSEC_SET_TCPIP_STATUS {
  274. BOOLEAN TcpipStatus;
  275. PVOID TcpipFreeBuff;
  276. PVOID TcpipAllocBuff;
  277. PVOID TcpipGetInfo;
  278. PVOID TcpipNdisRequest;
  279. PVOID TcpipSetIPSecStatus;
  280. PVOID TcpipSetIPSecPtr;
  281. PVOID TcpipUnSetIPSecPtr;
  282. PVOID TcpipUnSetIPSecSendPtr;
  283. PVOID TcpipTCPXsum;
  284. PVOID TcpipSendICMPErr;
  285. } IPSEC_SET_TCPIP_STATUS, *PIPSEC_SET_TCPIP_STATUS;
  287. //
  288. // The base Security Association structure for IOCTL_IPSEC_*_SA
  289. //
  290. typedef ULONG SPI_TYPE;
  292. typedef enum _Operation {
  293. None = 0,
  294. Auth, // AH
  295. Encrypt, // ESP
  296. Compress
  297. } OPERATION_E;
  299. //
  300. // IPSEC DOI ESP algorithms
  301. //
  302. typedef enum _ESP_ALGO {
  303. IPSEC_ESP_NONE = 0,
  304. IPSEC_ESP_DES,
  305. IPSEC_ESP_DES_40,
  306. IPSEC_ESP_3_DES,
  307. IPSEC_ESP_MAX
  308. } ESP_ALGO;
  310. //
  311. // IPSEC DOI AH algorithms
  312. //
  313. typedef enum _AH_ALGO {
  314. IPSEC_AH_NONE = 0,
  315. IPSEC_AH_MD5,
  316. IPSEC_AH_SHA,
  317. IPSEC_AH_MAX
  318. } AH_ALGO;
  320. //
  321. // Lifetime structure - 0 => not significant
  322. //
  323. typedef struct _LIFETIME {
  324. ULONG KeyExpirationTime; // lifetime of key - in seconds
  325. ULONG KeyExpirationBytes; // max # of KBytes xformed till re-key
  326. } LIFETIME, *PLIFETIME;
  328. //
  329. // describes generic algorithm properties
  330. //
  331. typedef struct _ALGO_INFO {
  332. ULONG algoIdentifier; // ESP_ALGO or AH_ALGO
  333. ULONG algoKeylen; // len in bytes
  334. ULONG algoRounds; // # of algo rounds
  335. } ALGO_INFO, *PALGO_INFO;
  337. //
  338. // Security Association
  339. //
  341. //
  342. // Flags - not mutually exclusive
  343. //
  344. typedef ULONG SA_FLAGS;
  346. #define IPSEC_SA_INTERNAL_IOCTL_DELETE 0x10000000
  348. #define MAX_SAS 3 // COMP, ESP, AH
  349. #define MAX_OPS MAX_SAS
  351. typedef struct _SECURITY_ASSOCIATION {
  352. OPERATION_E Operation; // ordered set of operations
  353. SPI_TYPE SPI; // SPI in order of operations in OperationArray
  354. ALGO_INFO IntegrityAlgo; // AH
  355. ALGO_INFO ConfAlgo; // ESP
  356. PVOID CompAlgo; // compression algo info
  357. } SECURITY_ASSOCIATION, *PSECURITY_ASSOCIATION;
  359. typedef struct _SA_STRUCT {
  360. HANDLE Context; // context of the original ACQUIRE request
  361. ULONG NumSAs; // number of SAs following
  362. SA_FLAGS Flags;
  363. IPAddr TunnelAddr; // Tunnel end IP Addr
  364. IPAddr SrcTunnelAddr; // Tunnel src IP Addr
  365. LIFETIME Lifetime;
  366. IPSEC_FILTER InstantiatedFilter; // the actual addresses for which this SA was setup
  367. SECURITY_ASSOCIATION SecAssoc[MAX_SAS];
  368. DWORD dwQMPFSGroup;
  369. IKE_COOKIE_PAIR CookiePair;
  370. IPSEC_SA_UDP_ENCAP_TYPE EncapType;
  371. WORD SrcEncapPort; //Src, Dst encapsulation ports for NAT
  372. WORD DestEncapPort;
  373. IPAddr PeerPrivateAddr;
  374. ULONG KeyLen; // key len in # of chars
  375. UCHAR KeyMat[1];
  376. } SA_STRUCT, *PSA_STRUCT;
  378. typedef struct _IPSEC_ADD_UPDATE_SA {
  379. SA_STRUCT SAInfo;
  380. } IPSEC_ADD_UPDATE_SA, *PIPSEC_ADD_UPDATE_SA;
  382. //
  383. // Outbound SAs are typically deleted
  384. //
  385. typedef struct _IPSEC_DELETE_SA {
  386. IPSEC_QM_SA SATemplate; // template used for SA match
  387. } IPSEC_DELETE_SA, *PIPSEC_DELETE_SA;
  389. //
  390. // Inbound SAs are typically expired
  391. //
  392. typedef struct _IPSEC_DELETE_INFO {
  393. IPAddr DestAddr;
  394. IPAddr SrcAddr;
  395. SPI_TYPE SPI;
  396. } IPSEC_DELETE_INFO, *PIPSEC_DELETE_INFO;
  398. typedef struct _IPSEC_EXPIRE_SA {
  399. IPSEC_DELETE_INFO DelInfo;
  400. } IPSEC_EXPIRE_SA, *PIPSEC_EXPIRE_SA;
  402. typedef struct _IPSEC_GET_SPI {
  403. HANDLE Context; // context to represent this SA negotiation
  404. IPSEC_FILTER InstantiatedFilter; // the actual addresses for which this SA was setup
  405. SPI_TYPE SPI; // filled out on return
  406. } IPSEC_GET_SPI, *PIPSEC_GET_SPI;
  408. typedef IPSEC_GET_SPI IPSEC_SET_SPI, *PIPSEC_SET_SPI;
  410. typedef struct _IPSEC_SA_ALGO_INFO {
  411. ALGO_INFO IntegrityAlgo;
  412. ALGO_INFO ConfAlgo;
  413. ALGO_INFO CompAlgo;
  414. } IPSEC_SA_ALGO_INFO, *PIPSEC_SA_ALGO_INFO;
  416. typedef ULONG SA_ENUM_FLAGS;
  418. #define SA_ENUM_FLAGS_INITIATOR 0x00000001
  419. #define SA_ENUM_FLAGS_MTU_BUMPED 0x00000002
  420. #define SA_ENUM_FLAGS_OFFLOADED 0x00000004
  421. #define SA_ENUM_FLAGS_OFFLOAD_FAILED 0x00000008
  422. #define SA_ENUM_FLAGS_OFFLOADABLE 0x00000010
  423. #define SA_ENUM_FLAGS_IN_REKEY 0x00000020
  425. typedef struct _IPSEC_SA_STATS {
  426. ULARGE_INTEGER ConfidentialBytesSent;
  427. ULARGE_INTEGER ConfidentialBytesReceived;
  428. ULARGE_INTEGER AuthenticatedBytesSent;
  429. ULARGE_INTEGER AuthenticatedBytesReceived;
  430. ULARGE_INTEGER TotalBytesSent;
  431. ULARGE_INTEGER TotalBytesReceived;
  432. ULARGE_INTEGER OffloadedBytesSent;
  433. ULARGE_INTEGER OffloadedBytesReceived;
  434. } IPSEC_SA_STATS, *PIPSEC_SA_STATS;
  436. typedef struct _IPSEC_SA_INFO {
  437. GUID PolicyId; // unique identifier to identify a policy entry
  438. GUID FilterId;
  439. LIFETIME Lifetime;
  440. IPAddr InboundTunnelAddr;
  441. ULONG NumOps;
  442. SPI_TYPE InboundSPI[MAX_OPS];
  443. SPI_TYPE OutboundSPI[MAX_OPS];
  444. OPERATION_E Operation[MAX_OPS];
  445. IPSEC_SA_ALGO_INFO AlgoInfo[MAX_OPS];
  446. IPSEC_FILTER AssociatedFilter;
  447. DWORD dwQMPFSGroup;
  448. IKE_COOKIE_PAIR CookiePair;
  449. SA_ENUM_FLAGS EnumFlags;
  450. IPSEC_SA_STATS Stats;
  451. UDP_ENCAP_INFO EncapInfo;
  452. } IPSEC_SA_INFO, *PIPSEC_SA_INFO;
  454. typedef struct _SECURITY_ASSOCIATION_OUT {
  455. DWORD Operation; // ordered set of operations
  456. SPI_TYPE SPI; // SPI in order of operations in OperationArray
  457. ALGO_INFO IntegrityAlgo; // AH
  458. ALGO_INFO ConfAlgo; // ESP
  459. ALGO_INFO CompAlgo; // compression algo info
  460. } SECURITY_ASSOCIATION_OUT, *PSECURITY_ASSOCIATION_OUT;
  462. typedef struct _IPSEC_SA_QUERY_INFO {
  463. GUID PolicyId; // unique identifier to identify a policy entry
  464. LIFETIME Lifetime;
  465. ULONG NumSAs;
  466. SECURITY_ASSOCIATION_OUT SecAssoc[MAX_SAS];
  467. IPSEC_FILTER AssociatedFilter;
  468. DWORD Flags;
  469. IKE_COOKIE_PAIR AssociatedMainMode;
  470. } IPSEC_SA_QUERY_INFO, *PIPSEC_SA_QUERY_INFO;
  472. typedef struct _IPSEC_ENUM_SAS {
  473. DWORD NumEntries; // num entries for which there is space
  474. DWORD NumEntriesPresent; // num entries actually present in the driver
  475. DWORD Index; // num entries to skip
  476. IPSEC_QM_SA SATemplate; // template used for SA match
  477. IPSEC_SA_INFO pInfo[1];
  478. } IPSEC_ENUM_SAS, *PIPSEC_ENUM_SAS;
  480. typedef struct _IPSEC_POST_FOR_ACQUIRE_SA {
  481. HANDLE IdentityInfo; // identity of Principal
  482. HANDLE Context; // context to represent this SA negotiation
  483. GUID PolicyId; // GUID for QM policy
  484. IPAddr SrcAddr;
  485. IPMask SrcMask;
  486. IPAddr DestAddr;
  487. IPMask DestMask;
  488. IPAddr TunnelAddr;
  489. IPAddr InboundTunnelAddr;
  490. DWORD Protocol;
  491. IKE_COOKIE_PAIR CookiePair; // only used for notify
  492. WORD SrcPort;
  493. WORD DestPort;
  494. BOOLEAN TunnelFilter; // TRUE => this is a tunnel filter
  495. UCHAR DestType;
  496. WORD SrcEncapPort;
  497. WORD DestEncapPort;
  498. BYTE Pad1[4];
  499. UCHAR Pad2[2];
  500. } IPSEC_POST_FOR_ACQUIRE_SA, *PIPSEC_POST_FOR_ACQUIRE_SA;
  502. //NB. This must be <= size as the IPSEC_POST_FOR_ACQUIRE_SA
  503. typedef struct _IPSEC_POST_EXPIRE_NOTIFY {
  504. HANDLE IdentityInfo; // identity of Principal
  505. HANDLE Context; // context to represent this SA negotiation
  506. SPI_TYPE InboundSpi;
  507. SPI_TYPE OutboundSpi;
  508. DWORD Flags;
  509. IPAddr SrcAddr;
  510. IPMask SrcMask;
  511. IPAddr DestAddr;
  512. IPMask DestMask;
  513. IPAddr TunnelAddr;
  514. IPAddr InboundTunnelAddr;
  515. DWORD Protocol;
  516. IKE_COOKIE_PAIR CookiePair;
  517. WORD SrcPort;
  518. WORD DestPort;
  519. BOOLEAN TunnelFilter; // TRUE => this is a tunnel filter
  520. WORD SrcEncapPort;
  521. WORD DestEncapPort;
  522. IPAddr PeerPrivateAddr;
  523. UCHAR Pad[3];
  524. } IPSEC_POST_EXPIRE_NOTIFY, *PIPSEC_POST_EXPIRE_NOTIFY;
  526. typedef struct _IPSEC_QUERY_EXPORT {
  527. BOOLEAN Export;
  528. } IPSEC_QUERY_EXPORT, *PIPSEC_QUERY_EXPORT;
  530. typedef struct _IPSEC_FILTER_SPI {
  531. IPSEC_FILTER Filter;
  532. SPI_TYPE Spi;
  533. DWORD Operation;
  534. DWORD Flags;
  535. struct _IPSEC_FILTER_SPI *Next;
  536. } IPSEC_FILTER_SPI, *PIPSEC_FILTER_SPI;
  538. typedef struct _QOS_FILTER_SPI {
  539. IPAddr SrcAddr;
  540. IPAddr DestAddr;
  541. DWORD Protocol;
  542. WORD SrcPort;
  543. WORD DestPort;
  544. DWORD Operation;
  545. DWORD Flags;
  546. SPI_TYPE Spi;
  547. } QOS_FILTER_SPI, *PQOS_FILTER_SPI;
  549. typedef struct _IPSEC_QUERY_SPI {
  550. IPSEC_FILTER Filter;
  551. SPI_TYPE Spi; // inbound spi
  552. SPI_TYPE OtherSpi; // outbound spi
  553. DWORD Operation;
  554. } IPSEC_QUERY_SPI, *PIPSEC_QUERY_SPI;
  556. #define IPSEC_NOTIFY_EXPIRE_CONTEXT 0x00000000
  557. #define IPSEC_RPC_CONTEXT 0x00000001
  559. #endif _IPSEC_H