Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1788 lines
37 KiB

/*++
Copyright (c) 1999 Microsoft Corporation
Module Name:
winipsec.h
Abstract:
Header file for IPSec WINAPIs.
Author:
krishnaG 21-September-1999
abhisheV 21-September-1999 Added all the structures.
Environment:
User Level: Win32
Revision History:
--*/
#ifndef _WINIPSEC_
#define _WINIPSEC_
#ifdef __cplusplus
extern "C" {
#endif
#ifdef __midl
#define MIDL_DEFINE_INT(_C, _V) const unsigned short int _C = _V
#else
#define MIDL_DEFINE_INT(_C, _V)
#endif
#define PERSIST_SPD_OBJECT (ULONG) 0x00000001
#define IPSEC_STORE_PERSISTENT 0x1
#define IPSEC_STORE_LOCAL 0x2
// Flags sent to ike during shutdown
//
// Service is being shutdown, but not machine
#define SPD_SHUTDOWN_SERVICE 0X1
// Service is being shutdown as well as machine
#define SPD_SHUTDOWN_MACHINE 0X2
// Flag for AddMMFilter, to open if duplicate filter found.
//
#define OPEN_IF_EXISTS (ULONG) 0x00000002
//
// Flags that specify where policy is from.
#define IPSEC_STORE_PERSISTENT 0x1
#define IPSEC_STORE_LOCAL 0x2
// Address specification special values
#define IP_ADDRESS_ME (ULONG) 0x00000000
#define IP_ADDRESS_MASK_NONE (ULONG) 0xFFFFFFFF
#define SUBNET_ADDRESS_ANY (ULONG) 0x00000000
#define SUBNET_MASK_ANY (ULONG) 0x00000000
#define FILTER_NATURE_PASS_THRU 0x00000001
#define FILTER_NATURE_BLOCKING 0x00000002
#define FILTER_DIRECTION_INBOUND 0x00000004
#define FILTER_DIRECTION_OUTBOUND 0x00000008
#define ENUM_GENERIC_FILTERS 0x00000001
#define ENUM_SELECT_SPECIFIC_FILTERS 0x00000002
#define ENUM_SPECIFIC_FILTERS 0x00000004
//
// Policy flags.
//
#define IPSEC_MM_POLICY_ENABLE_DIAGNOSTICS 0x00000001
#define IPSEC_MM_POLICY_DEFAULT_POLICY 0x00000002
#define IPSEC_MM_POLICY_ON_NO_MATCH 0x00000004
#define IPSEC_MM_POLICY_DISABLE_CRL 0x00000008
#define IPSEC_MM_POLICY_DISABLE_NEGOTIATE 0x00000010
#define IPSEC_MM_POLICY_ENABLE_CERT_MAPPING 0x00000020
#define IPSEC_MM_POLICY_STORE_CERT_CHAINS 0x00000040
#define IPSEC_QM_POLICY_TRANSPORT_MODE 0x00000000
#define IPSEC_QM_POLICY_TUNNEL_MODE 0x00000001
#define IPSEC_QM_POLICY_DEFAULT_POLICY 0x00000002
#define IPSEC_QM_POLICY_ALLOW_SOFT 0x00000004
#define IPSEC_QM_POLICY_ON_NO_MATCH 0x00000008
#define IPSEC_QM_POLICY_DISABLE_NEGOTIATE 0x00000010
#define IPSEC_QM_POLICY_DISALLOW_NAT 0x00000020
#define IPSEC_MM_AUTH_DEFAULT_AUTH 0x00000001
#define IPSEC_MM_AUTH_ON_NO_MATCH 0x00000002
#define IPSEC_MM_CERT_AUTH_ENABLE_ACCOUNT_MAP 0x00000001
#define IPSEC_MM_CERT_AUTH_DISABLE_CERT_REQUEST 0x00000002
//
// MatchXXX
//
#define RETURN_DEFAULTS_ON_NO_MATCH 0x00000001
#define RETURN_NON_AH_OFFERS 0x00000002
//
// Delete MM SA flags.
//
#define IPSEC_MM_DELETE_ASSOCIATED_QMS 0x00000001
#define IPSEC_SA_TUNNEL 0x00000001
#define IPSEC_SA_MULTICAST_MIRROR 0x00000002
#define IPSEC_SA_DISABLE_IDLE_OUT 0x00000004
#define IPSEC_SA_DISABLE_ANTI_REPLAY_CHECK 0x00000008
#define IPSEC_SA_DISABLE_LIFETIME_CHECK 0x00000010
#define IPSEC_SA_ENABLE_NLBS_IDLE_CHECK 0x00000020
typedef enum _IPSEC_SA_DIRECTION {
SA_DIRECTION_BOTH = 1,
SA_DIRECTION_INBOUND,
SA_DIRECTION_OUTBOUND,
SA_DIRECTION_MAX
} IPSEC_SA_DIRECTION, *PIPSEC_SA_DIRECTION;
typedef enum _IPSEC_SA_UDP_ENCAP_TYPE {
SA_UDP_ENCAP_TYPE_NONE = 1,
SA_UDP_ENCAP_TYPE_IKE,
SA_UDP_ENCAP_TYPE_OTHER,
SA_UDP_ENCAP_TYPE_MAX
} IPSEC_SA_UDP_ENCAP_TYPE, *PIPSEC_SA_UDP_ENCAP_TYPE;
//
// Bounds for number of offers.
//
#define IPSEC_MAX_MM_OFFERS 20
#define IPSEC_MAX_QM_OFFERS 50
typedef enum _IP_PROTOCOL_VERSION {
IPSEC_PROTOCOL_V4 = 0,
IPSEC_PROTOCOL_V6,
} IP_PROTOCOL_VERSION, * PIP_PROTOCOL_VERSION;
typedef enum _ADDR_TYPE {
IP_ADDR_UNIQUE = 1,
IP_ADDR_SUBNET,
IP_ADDR_INTERFACE,
IP_ADDR_DNS_SERVER,
IP_ADDR_WINS_SERVER,
IP_ADDR_DHCP_SERVER,
IP_ADDR_DEFAULT_GATEWAY
} ADDR_TYPE, * PADDR_TYPE;
typedef struct _ADDR {
ADDR_TYPE AddrType;
#ifdef __midl
UCHAR ucIpAddr[4];
UCHAR ucSubNetMask[4];
#else
ULONG uIpAddr;
ULONG uSubNetMask;
#endif
GUID * pgInterfaceID;
} ADDR, * PADDR, IPV4ADDR, * PIPV4ADDR;
typedef struct _IPV6ADDR {
ADDR_TYPE AddrType;
UCHAR ucIpAddr[16];
UCHAR ucSubNetMask;
GUID * pgInterfaceID;
} IPV6ADDR, * PIPV6ADDR;
typedef enum _PROTOCOL_TYPE {
PROTOCOL_UNIQUE = 1,
} PROTOCOL_TYPE, * PPROTOCOL_TYPE;
typedef struct _PROTOCOL {
PROTOCOL_TYPE ProtocolType;
DWORD dwProtocol;
} PROTOCOL, * PPROTOCOL;
typedef enum _PORT_TYPE {
PORT_UNIQUE = 1,
} PORT_TYPE, * PPORT_TYPE;
typedef struct _PORT {
PORT_TYPE PortType;
WORD wPort;
} PORT, * PPORT;
typedef enum _IF_TYPE {
INTERFACE_TYPE_ALL = 1,
INTERFACE_TYPE_LAN,
INTERFACE_TYPE_DIALUP,
INTERFACE_TYPE_MAX
} IF_TYPE, * PIF_TYPE;
typedef enum _FILTER_ACTION {
PASS_THRU = 1,
BLOCKING,
NEGOTIATE_SECURITY,
FILTER_ACTION_MAX
} FILTER_ACTION, * PFILTER_ACTION;
typedef struct _TRANSPORT_FILTER {
IP_PROTOCOL_VERSION IpVersion;
GUID gFilterID;
LPWSTR pszFilterName;
IF_TYPE InterfaceType;
BOOL bCreateMirror;
DWORD dwFlags;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR SrcAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR SrcV6Addr;
[default] ;
};
#else
union {
ADDR SrcAddr;
IPV6ADDR SrcV6Addr;
};
#endif
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR DesAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR DesV6Addr;
[default] ;
};
#else
union {
ADDR DesAddr;
IPV6ADDR DesV6Addr;
};
#endif
PROTOCOL Protocol;
PORT SrcPort;
PORT DesPort;
FILTER_ACTION InboundFilterAction;
FILTER_ACTION OutboundFilterAction;
DWORD dwDirection;
DWORD dwWeight;
GUID gPolicyID;
} TRANSPORT_FILTER, * PTRANSPORT_FILTER;
//
// Maximum number of transport filters that can be enumerated
// by SPD at a time.
//
#define MAX_TRANSPORTFILTER_ENUM_COUNT 1000
MIDL_DEFINE_INT(MIDL_MAX_TRANSPORTFILTER_COUNT, MAX_TRANSPORTFILTER_ENUM_COUNT);
typedef struct _TUNNEL_FILTER {
IP_PROTOCOL_VERSION IpVersion;
GUID gFilterID;
LPWSTR pszFilterName;
IF_TYPE InterfaceType;
BOOL bCreateMirror;
DWORD dwFlags;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR SrcAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR SrcV6Addr;
[default] ;
};
#else
union {
ADDR SrcAddr;
IPV6ADDR SrcV6Addr;
};
#endif
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR DesAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR DesV6Addr;
[default] ;
};
#else
union {
ADDR DesAddr;
IPV6ADDR DesV6Addr;
};
#endif
PROTOCOL Protocol;
PORT SrcPort;
PORT DesPort;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR SrcTunnelAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR SrcV6TunnelAddr;
[default] ;
};
#else
union {
ADDR SrcTunnelAddr;
IPV6ADDR SrcV6TunnelAddr;
};
#endif
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR DesTunnelAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR DesV6TunnelAddr;
[default] ;
};
#else
union {
ADDR DesTunnelAddr;
IPV6ADDR DesV6TunnelAddr;
};
#endif
FILTER_ACTION InboundFilterAction;
FILTER_ACTION OutboundFilterAction;
DWORD dwDirection;
DWORD dwWeight;
GUID gPolicyID;
} TUNNEL_FILTER, * PTUNNEL_FILTER;
//
// Maximum number of tunnel filters that can be enumerated
// by SPD at a time.
//
#define MAX_TUNNELFILTER_ENUM_COUNT 1000
MIDL_DEFINE_INT(MIDL_MAX_TUNNELFILTER_COUNT, MAX_TUNNELFILTER_ENUM_COUNT);
typedef struct _MM_FILTER {
IP_PROTOCOL_VERSION IpVersion;
GUID gFilterID;
LPWSTR pszFilterName;
IF_TYPE InterfaceType;
BOOL bCreateMirror;
DWORD dwFlags;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR SrcAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR SrcV6Addr;
[default] ;
};
#else
union {
ADDR SrcAddr;
IPV6ADDR SrcV6Addr;
};
#endif
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR DesAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR DesV6Addr;
[default] ;
};
#else
union {
ADDR DesAddr;
IPV6ADDR DesV6Addr;
};
#endif
DWORD dwDirection;
DWORD dwWeight;
GUID gMMAuthID;
GUID gPolicyID;
} MM_FILTER, * PMM_FILTER;
//
// Maximum number of main mode filters that can be enumerated
// by SPD at a time.
//
#define MAX_MMFILTER_ENUM_COUNT 1000
MIDL_DEFINE_INT(MIDL_MAX_MMFILTER_COUNT, MAX_MMFILTER_ENUM_COUNT);
//
// Common Structures for Main Mode and Quick Mode Policies.
//
//
// IPSEC confidentiality algorithms supported by SPD.
//
typedef enum _CONF_ALGO_ENUM {
CONF_ALGO_NONE = 0,
CONF_ALGO_DES,
CONF_ALGO_3_DES = 3,
CONF_ALGO_MAX
} CONF_ALGO_ENUM, * PCONF_ALGO_ENUM;
//
// IPSEC integrity algorithms supported by SPD.
//
typedef enum _AUTH_ALGO_ENUM {
AUTH_ALGO_NONE = 0,
AUTH_ALGO_MD5,
AUTH_ALGO_SHA1,
AUTH_ALGO_MAX
} AUTH_ALGO_ENUM, * PAUTH_ALGO_ENUM;
//
// Types of IPSEC Operations supported by SPD.
//
typedef enum _IPSEC_OPERATION {
NONE = 0,
AUTHENTICATION,
ENCRYPTION,
COMPRESSION,
SA_DELETE
} IPSEC_OPERATION, * PIPSEC_OPERATION;
//
// HMAC authentication algorithms to use with IPSEC
// Encryption operation.
//
typedef enum _HMAC_AUTH_ALGO_ENUM {
HMAC_AUTH_ALGO_NONE = 0,
HMAC_AUTH_ALGO_MD5,
HMAC_AUTH_ALGO_SHA1,
HMAC_AUTH_ALGO_MAX
} HMAC_AUTH_ALGO_ENUM, * PHMAC_AUTH_ALGO_ENUM;
//
// Key Lifetime structure.
//
typedef struct _KEY_LIFETIME {
ULONG uKeyExpirationTime;
ULONG uKeyExpirationKBytes;
} KEY_LIFETIME, * PKEY_LIFETIME;
//
// Main mode policy structures.
//
//
// Main mode authentication algorithms supported by SPD.
//
typedef enum _MM_AUTH_ENUM {
IKE_PRESHARED_KEY = 1,
IKE_DSS_SIGNATURE,
IKE_RSA_SIGNATURE,
IKE_RSA_ENCRYPTION,
IKE_SSPI
} MM_AUTH_ENUM, * PMM_AUTH_ENUM;
//
// Main mode authentication information structure.
//
typedef struct _CERT_ROOT_CONFIG {
DWORD dwCertDataSize;
#ifdef __midl
[size_is(dwCertDataSize)] LPBYTE pCertData;
#else
LPBYTE pCertData;
#endif
DWORD dwAuthorizationDataSize;
#ifdef __midl
[size_is(dwAuthorizationDataSize)] LPBYTE pAuthorizationData;
#else
LPBYTE pAuthorizationData;
#endif
DWORD dwFlags;
} CERT_ROOT_CONFIG, * PCERT_ROOT_CONFIG;
typedef struct __MM_CERT_INFO {
DWORD dwVersion;
DWORD dwMyCertHashSize;
#ifdef __midl
[size_is(dwMyCertHashSize)] LPBYTE pMyCertHash;
#else
LPBYTE pMyCertHash;
#endif
DWORD dwInboundRootArraySize;
#ifdef __midl
[size_is(dwInboundRootArraySize)] PCERT_ROOT_CONFIG pInboundRootArray;
#else
PCERT_ROOT_CONFIG pInboundRootArray;
#endif
DWORD dwOutboundRootArraySize;
#ifdef __midl
[size_is(dwOutboundRootArraySize)] PCERT_ROOT_CONFIG pOutboundRootArray;
#else
PCERT_ROOT_CONFIG pOutboundRootArray;
#endif
} MM_CERT_INFO, * PMM_CERT_INFO;
typedef struct __MM_GENERAL_AUTH_INFO {
DWORD dwAuthInfoSize;
#ifdef __midl
[size_is(dwAuthInfoSize)] LPBYTE pAuthInfo;
#else
LPBYTE pAuthInfo;
#endif
} MM_GENERAL_AUTH_INFO, * PMM_GENERAL_AUTH_INFO;
typedef struct _IPSEC_MM_AUTH_INFO {
MM_AUTH_ENUM AuthMethod;
#ifdef __midl
[switch_type(MM_AUTH_ENUM), switch_is(AuthMethod)] union {
[case(IKE_PRESHARED_KEY,
IKE_DSS_SIGNATURE,
IKE_RSA_ENCRYPTION,
IKE_SSPI)] MM_GENERAL_AUTH_INFO GeneralAuthInfo;
[case(IKE_RSA_SIGNATURE)] MM_CERT_INFO CertAuthInfo;
[default] ;
};
#else
union {
MM_GENERAL_AUTH_INFO GeneralAuthInfo;
MM_CERT_INFO CertAuthInfo;
};
#endif
} IPSEC_MM_AUTH_INFO, * PIPSEC_MM_AUTH_INFO;
//
// Main mode authentication methods.
//
typedef struct _MM_AUTH_METHODS {
GUID gMMAuthID;
DWORD dwFlags;
DWORD dwNumAuthInfos;
#ifdef __midl
[size_is(dwNumAuthInfos)] PIPSEC_MM_AUTH_INFO pAuthenticationInfo;
#else
PIPSEC_MM_AUTH_INFO pAuthenticationInfo;
#endif
} MM_AUTH_METHODS, * PMM_AUTH_METHODS;
//
// Maximum number of main mode auth methods that can be enumerated
// by SPD at a time.
//
#define MAX_MMAUTH_ENUM_COUNT 1000
MIDL_DEFINE_INT(MIDL_MAX_MMAUTH_COUNT, MAX_MMAUTH_ENUM_COUNT);
//
// Main mode algorithm structure.
//
typedef struct _IPSEC_MM_ALGO {
ULONG uAlgoIdentifier;
ULONG uAlgoKeyLen;
ULONG uAlgoRounds;
} IPSEC_MM_ALGO, * PIPSEC_MM_ALGO;
//
// Main mode policy offer structure.
//
typedef struct _IPSEC_MM_OFFER {
KEY_LIFETIME Lifetime;
DWORD dwFlags;
DWORD dwQuickModeLimit;
DWORD dwDHGroup;
IPSEC_MM_ALGO EncryptionAlgorithm;
IPSEC_MM_ALGO HashingAlgorithm;
} IPSEC_MM_OFFER, * PIPSEC_MM_OFFER;
//
// Defines for DH groups.
//
#define DH_GROUP_1 0x00000001 // For Diffe Hellman group 1.
#define DH_GROUP_2 0x00000002 // For Diffe Hellman group 2.
#define DH_GROUP_2048 0x10000001
//
// Default Main Mode key expiration time.
//
#define DEFAULT_MM_KEY_EXPIRATION_TIME 480*60 // 8 hours expressed in seconds.
//
// Maximum number of main mode policies that can be enumerated
// by SPD at a time.
//
#define MAX_MMPOLICY_ENUM_COUNT 10
MIDL_DEFINE_INT(MIDL_MAX_MMPOLICY_COUNT, MAX_MMPOLICY_ENUM_COUNT);
//
// Main mode policy structure.
//
typedef struct _IPSEC_MM_POLICY {
GUID gPolicyID;
LPWSTR pszPolicyName;
DWORD dwFlags;
ULONG uSoftExpirationTime;
DWORD dwOfferCount;
#ifdef __midl
[size_is(dwOfferCount)] PIPSEC_MM_OFFER pOffers;
#else
PIPSEC_MM_OFFER pOffers;
#endif
} IPSEC_MM_POLICY, * PIPSEC_MM_POLICY;
//
// Quick mode policy structures.
//
typedef DWORD IPSEC_QM_SPI, * PIPSEC_QM_SPI;
//
// Quick mode algorithm structure.
//
typedef struct _IPSEC_QM_ALGO {
IPSEC_OPERATION Operation;
ULONG uAlgoIdentifier;
HMAC_AUTH_ALGO_ENUM uSecAlgoIdentifier;
ULONG uAlgoKeyLen;
ULONG uSecAlgoKeyLen;
ULONG uAlgoRounds;
ULONG uSecAlgoRounds;
IPSEC_QM_SPI MySpi;
IPSEC_QM_SPI PeerSpi;
} IPSEC_QM_ALGO, * PIPSEC_QM_ALGO;
//
// Maximum number of quick mode algorithms in
// a quick mode policy offer.
//
#define QM_MAX_ALGOS 2
//
// Quick mode policy offer structure.
//
typedef struct _IPSEC_QM_OFFER {
KEY_LIFETIME Lifetime;
DWORD dwFlags;
BOOL bPFSRequired;
DWORD dwPFSGroup;
DWORD dwNumAlgos;
IPSEC_QM_ALGO Algos[QM_MAX_ALGOS];
DWORD dwReserved;
} IPSEC_QM_OFFER, * PIPSEC_QM_OFFER;
//
// Defines for PFS groups.
//
#define PFS_GROUP_NONE 0x00000000 // If PFS is not required.
#define PFS_GROUP_1 DH_GROUP_1 // For Diffe Hellman group 1 PFS.
#define PFS_GROUP_2 DH_GROUP_2 // For Diffe Hellman group 2 PFS.
#define PFS_GROUP_2048 DH_GROUP_2048
#define PFS_GROUP_MM 0x80000000 // Use group negotiated in MM
//
// Default Quick Mode key expiration time.
//
#define DEFAULT_QM_KEY_EXPIRATION_TIME 60*60 // 1 hour expressed in seconds.
//
// Default Quick Mode key expiration kbytes.
//
#define DEFAULT_QM_KEY_EXPIRATION_KBYTES 100*1000 // 100 MB expressed in KB.
//
// Maximum number of quick mode policies that can be enumerated
// by SPD at a time.
//
#define MAX_QMPOLICY_ENUM_COUNT 100
MIDL_DEFINE_INT(MIDL_MAX_QMPOLICY_COUNT, MAX_QMPOLICY_ENUM_COUNT);
//
// Quick mode policy structure.
//
typedef struct _IPSEC_QM_POLICY {
GUID gPolicyID;
LPWSTR pszPolicyName;
DWORD dwFlags;
DWORD dwReserved;
DWORD dwOfferCount;
#ifdef __midl
[size_is(dwOfferCount)] PIPSEC_QM_OFFER pOffers;
#else
PIPSEC_QM_OFFER pOffers;
#endif
} IPSEC_QM_POLICY, * PIPSEC_QM_POLICY;
//
// IKE structures.
//
typedef struct _IKE_STATISTICS {
DWORD dwActiveAcquire;
DWORD dwActiveReceive;
DWORD dwAcquireFail;
DWORD dwReceiveFail;
DWORD dwSendFail;
DWORD dwAcquireHeapSize;
DWORD dwReceiveHeapSize;
DWORD dwNegotiationFailures;
DWORD dwAuthenticationFailures;
DWORD dwInvalidCookiesReceived;
DWORD dwTotalAcquire;
DWORD dwTotalGetSpi;
DWORD dwTotalKeyAdd;
DWORD dwTotalKeyUpdate;
DWORD dwGetSpiFail;
DWORD dwKeyAddFail;
DWORD dwKeyUpdateFail;
DWORD dwIsadbListSize;
DWORD dwConnListSize;
DWORD dwOakleyMainModes;
DWORD dwOakleyQuickModes;
DWORD dwSoftAssociations;
DWORD dwInvalidPacketsReceived;
} IKE_STATISTICS, * PIKE_STATISTICS;
typedef LARGE_INTEGER IKE_COOKIE, * PIKE_COOKIE;
typedef struct _IKE_COOKIE_PAIR {
IKE_COOKIE Initiator;
IKE_COOKIE Responder;
} IKE_COOKIE_PAIR, * PIKE_COOKIE_PAIR;
typedef struct _IPSEC_BYTE_BLOB {
DWORD dwSize;
#ifdef __midl
[size_is(dwSize)] LPBYTE pBlob;
#else
LPBYTE pBlob;
#endif
} IPSEC_BYTE_BLOB, * PIPSEC_BYTE_BLOB;
typedef struct _IPSEC_UDP_ENCAP_CONTEXT {
WORD wSrcEncapPort;
WORD wDesEncapPort;
} IPSEC_UDP_ENCAP_CONTEXT, * PIPSEC_UDP_ENCAP_CONTEXT;
//
// Maximum number of main mode SAs that can be enumerated
// by SPD at a time.
//
#define MAX_MMSA_ENUM_COUNT 1000
MIDL_DEFINE_INT(MIDL_MAX_MMSA_COUNT, MAX_MMSA_ENUM_COUNT);
typedef struct _IPSEC_MM_SA {
IP_PROTOCOL_VERSION IpVersion;
GUID gMMPolicyID;
IPSEC_MM_OFFER SelectedMMOffer;
MM_AUTH_ENUM MMAuthEnum;
IKE_COOKIE_PAIR MMSpi;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR Me;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR MyV6Addr;
[default] ;
};
#else
union {
ADDR Me;
IPV6ADDR MyV6Addr;
};
#endif
IPSEC_BYTE_BLOB MyId;
IPSEC_BYTE_BLOB MyCertificateChain;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR Peer;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR PeerV6Addr;
[default] ;
};
#else
union {
ADDR Peer;
IPV6ADDR PeerV6Addr;
};
#endif
IPSEC_BYTE_BLOB PeerId;
IPSEC_BYTE_BLOB PeerCertificateChain;
IPSEC_UDP_ENCAP_CONTEXT UdpEncapContext;
DWORD dwFlags;
} IPSEC_MM_SA, * PIPSEC_MM_SA;
typedef enum _QM_FILTER_TYPE {
QM_TRANSPORT_FILTER = 1,
QM_TUNNEL_FILTER
} QM_FILTER_TYPE, * PQM_FILTER_TYPE;
typedef struct _IPSEC_QM_FILTER {
IP_PROTOCOL_VERSION IpVersion;
QM_FILTER_TYPE QMFilterType;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR SrcAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR SrcV6Addr;
[default] ;
};
#else
union {
ADDR SrcAddr;
IPV6ADDR SrcV6Addr;
};
#endif
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR DesAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR DesV6Addr;
[default] ;
};
#else
union {
ADDR DesAddr;
IPV6ADDR DesV6Addr;
};
#endif
PROTOCOL Protocol;
PORT SrcPort;
PORT DesPort;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR MyTunnelEndpt;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR MyV6TunnelEndpt;
[default] ;
};
#else
union {
ADDR MyTunnelEndpt;
IPV6ADDR MyV6TunnelEndpt;
};
#endif
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR PeerTunnelEndpt;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR PeerV6TunnelEndpt;
[default] ;
};
#else
union {
ADDR PeerTunnelEndpt;
IPV6ADDR PeerV6TunnelEndpt;
};
#endif
DWORD dwFlags;
} IPSEC_QM_FILTER, * PIPSEC_QM_FILTER;
//
// Maximum number of quick mode filters allowed in an RPC container
//
MIDL_DEFINE_INT(MIDL_MAX_QMFILTER_COUNT, MAX_TRANSPORTFILTER_ENUM_COUNT);
typedef struct _UDP_ENCAP_INFO {
IPSEC_SA_UDP_ENCAP_TYPE SAEncapType;
IPSEC_UDP_ENCAP_CONTEXT UdpEncapContext;
IP_PROTOCOL_VERSION PeerAddrVersion;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(PeerAddrVersion)] union {
[case(IPSEC_PROTOCOL_V4)] ADDR PeerPrivateAddr;
[case(IPSEC_PROTOCOL_V6)] IPV6ADDR PeerPrivateAddrV6;
[default] ;
};
#else
union {
ADDR PeerPrivateAddr;
IPV6ADDR PeerPrivateAddrV6;
};
#endif
} UDP_ENCAP_INFO, *PUDP_ENCAP_INFO;
typedef struct _IPSEC_QM_SA {
GUID gQMPolicyID;
IPSEC_QM_OFFER SelectedQMOffer;
GUID gQMFilterID;
IPSEC_QM_FILTER IpsecQMFilter;
IKE_COOKIE_PAIR MMSpi;
UDP_ENCAP_INFO EncapInfo;
} IPSEC_QM_SA, * PIPSEC_QM_SA;
#define MAX_QMSA_ENUM_COUNT 500
MIDL_DEFINE_INT(MIDL_MAX_QMSA_COUNT, MAX_QMSA_ENUM_COUNT);
typedef enum _SA_FAIL_MODE {
MAIN_MODE = 1,
QUICK_MODE,
} SA_FAIL_MODE, * PSA_FAIL_MODE;
typedef enum _SA_FAIL_POINT {
FAIL_POINT_ME = 1,
FAIL_POINT_PEER,
} SA_FAIL_POINT, * PSA_FAIL_POINT;
typedef struct _SA_NEGOTIATION_STATUS_INFO {
SA_FAIL_MODE FailMode;
SA_FAIL_POINT FailPoint;
DWORD dwError;
} SA_NEGOTIATION_STATUS_INFO, * PSA_NEGOTIATION_STATUS_INFO;
//
// IPSec structures.
//
typedef struct _IPSEC_STATISTICS {
DWORD dwNumActiveAssociations;
DWORD dwNumOffloadedSAs;
DWORD dwNumPendingKeyOps;
DWORD dwNumKeyAdditions;
DWORD dwNumKeyDeletions;
DWORD dwNumReKeys;
DWORD dwNumActiveTunnels;
DWORD dwNumBadSPIPackets;
DWORD dwNumPacketsNotDecrypted;
DWORD dwNumPacketsNotAuthenticated;
DWORD dwNumPacketsWithReplayDetection;
ULARGE_INTEGER uConfidentialBytesSent;
ULARGE_INTEGER uConfidentialBytesReceived;
ULARGE_INTEGER uAuthenticatedBytesSent;
ULARGE_INTEGER uAuthenticatedBytesReceived;
ULARGE_INTEGER uTransportBytesSent;
ULARGE_INTEGER uTransportBytesReceived;
ULARGE_INTEGER uBytesSentInTunnels;
ULARGE_INTEGER uBytesReceivedInTunnels;
ULARGE_INTEGER uOffloadedBytesSent;
ULARGE_INTEGER uOffloadedBytesReceived;
} IPSEC_STATISTICS, * PIPSEC_STATISTICS;
typedef struct _IPSEC_INTERFACE_INFO {
GUID gInterfaceID;
DWORD dwIndex;
LPWSTR pszInterfaceName;
LPWSTR pszDeviceName;
DWORD dwInterfaceType;
IP_PROTOCOL_VERSION IpVersion;
#ifdef __midl
[switch_type(IP_PROTOCOL_VERSION), switch_is(IpVersion)] union {
[case(IPSEC_PROTOCOL_V4)] UCHAR ucIpAddr[4];
[case(IPSEC_PROTOCOL_V6)] UCHAR ucIpv6Addr[16];
[default] ;
};
#else
union {
ULONG uIpAddr;
UCHAR ucIpv6Addr[16];
};
#endif
} IPSEC_INTERFACE_INFO, * PIPSEC_INTERFACE_INFO;
//
// Constants to track the source of policy
//
#define IPSEC_SOURCE_PERSISTENT 0x1
#define IPSEC_SOURCE_LOCAL 0x2
#define IPSEC_SOURCE_DOMAIN 0x3
#define IPSEC_SOURCE_CACHE 0x4
#define IPSEC_SOURCE_WINIPSEC 0x5
typedef enum _SPD_STATE {
SPD_STATE_INITIAL,
SPD_STATE_DS_LOAD_SUCCESS,
SPD_STATE_DS_LOAD_FAIL,
SPD_STATE_DS_APPLY_SUCCESS,
SPD_STATE_DS_APPLY_FAIL,
SPD_STATE_CACHE_LOAD_SUCCESS,
SPD_STATE_CACHE_LOAD_FAIL,
SPD_STATE_CACHE_APPLY_SUCCESS,
SPD_STATE_CACHE_APPLY_FAIL,
SPD_STATE_LOCAL_LOAD_SUCCESS,
SPD_STATE_LOCAL_LOAD_FAIL,
SPD_STATE_LOCAL_APPLY_SUCCESS,
SPD_STATE_LOCAL_APPLY_FAIL,
SPD_STATE_PERSISTENT_LOAD_SUCCESS,
SPD_STATE_PERSISTENT_LOAD_FAIL,
SPD_STATE_PERSISTENT_APPLY_SUCCESS,
SPD_STATE_PERSISTENT_APPLY_FAIL,
} SPD_STATE, * PSPD_STATE;
typedef enum _SPD_ACTION {
SPD_POLICY_APPLY,
SPD_POLICY_LOAD
} SPD_ACTION, * PSPD_ACTION;
typedef struct _SPD_POLICY_STATE {
SPD_STATE PolicyLoadState;
DWORD dwWhenChanged;
} SPD_POLICY_STATE, * PSPD_POLICY_STATE;
#define FLAGS_NLBS_UNBOUND 0x00000000
#define FLAGS_NLBS_BOUND 0x00000001
#define FLAGS_NLBS_MAX 0x00000002
typedef struct _IKE_CONFIG {
DWORD dwDebug;
DWORD dwEnableLogging;
DWORD dwStrongCRLCheck;
DWORD dwMaxRespOpenMM;
DWORD dwNLBSFlags;
DWORD dwFlags;
DWORD dwEnableDOSProtect;
DWORD dw2048DHGroupId;
} IKE_CONFIG, * PIKE_CONFIG;
//
// If dwInterfaceType is MIB_IF_TYPE_ETHERNET or MIB_IF_TYPE_FDDI
// or MIB_IF_TYPE_TOKENRING then its a LAN interface.
// If dwInterfaceType is MIB_IF_TYPE_PPP or MIB_IF_TYPE_SLIP
// then its a WAN/DIALUP interface.
//
#define MAX_INTERFACE_ENUM_COUNT 100
MIDL_DEFINE_INT(MIDL_MAX_INTERFACE_COUNT, MAX_INTERFACE_ENUM_COUNT);
//
// IPSEC SPD APIs.
//
DWORD
WINAPI
SPDApiBufferAllocate(
DWORD dwByteCount,
LPVOID * ppBuffer
);
VOID
WINAPI
SPDApiBufferFree(
LPVOID pBuffer
);
DWORD
WINAPI
AddTransportFilter(
LPWSTR pServerName,
DWORD dwVersion,
DWORD dwFlags,
PTRANSPORT_FILTER pTransportFilter,
LPVOID pvReserved,
PHANDLE phFilter
);
DWORD
WINAPI
DeleteTransportFilter(
HANDLE hFilter
);
DWORD
WINAPI
EnumTransportFilters(
LPWSTR pServerName,
DWORD dwVersion,
PTRANSPORT_FILTER pTransportTemplateFilter,
DWORD dwLevel,
GUID gGenericFilterID,
DWORD dwPreferredNumEntries,
PTRANSPORT_FILTER * ppTransportFilters,
LPDWORD pdwNumFilters,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
SetTransportFilter(
HANDLE hFilter,
DWORD dwVersion,
PTRANSPORT_FILTER pTransportFilter,
LPVOID pvReserved
);
DWORD
WINAPI
GetTransportFilter(
HANDLE hFilter,
DWORD dwVersion,
PTRANSPORT_FILTER * ppTransportFilter,
LPVOID pvReserved
);
DWORD
WINAPI
AddQMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
DWORD dwFlags,
PIPSEC_QM_POLICY pQMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
DeleteQMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
LPWSTR pszPolicyName,
LPVOID pvReserved
);
DWORD
WINAPI
EnumQMPolicies(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_QM_POLICY pQMTemplatePolicy,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PIPSEC_QM_POLICY * ppQMPolicies,
LPDWORD pdwNumPolicies,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
SetQMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
LPWSTR pszPolicyName,
PIPSEC_QM_POLICY pQMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
GetQMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
LPWSTR pszPolicyName,
DWORD dwFlags,
PIPSEC_QM_POLICY * ppQMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
AddMMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
DWORD dwFlags,
PIPSEC_MM_POLICY pMMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
DeleteMMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
LPWSTR pszPolicyName,
LPVOID pvReserved
);
DWORD
WINAPI
EnumMMPolicies(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_MM_POLICY pMMTemplatePolicy,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PIPSEC_MM_POLICY * ppMMPolicies,
LPDWORD pdwNumPolicies,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
SetMMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
LPWSTR pszPolicyName,
PIPSEC_MM_POLICY pMMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
GetMMPolicy(
LPWSTR pServerName,
DWORD dwVersion,
LPWSTR pszPolicyName,
PIPSEC_MM_POLICY * ppMMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
AddMMFilter(
LPWSTR pServerName,
DWORD dwVersion,
DWORD dwFlags,
PMM_FILTER pMMFilter,
LPVOID pvReserved,
PHANDLE phMMFilter
);
DWORD
WINAPI
DeleteMMFilter(
HANDLE hMMFilter
);
DWORD
WINAPI
EnumMMFilters(
LPWSTR pServerName,
DWORD dwVersion,
PMM_FILTER pMMTemplateFilter,
DWORD dwLevel,
GUID gGenericFilterID,
DWORD dwPreferredNumEntries,
PMM_FILTER * ppMMFilters,
LPDWORD pdwNumMMFilters,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
SetMMFilter(
HANDLE hMMFilter,
DWORD dwVersion,
PMM_FILTER pMMFilter,
LPVOID pvReserved
);
DWORD
WINAPI
GetMMFilter(
HANDLE hMMFilter,
DWORD dwVersion,
PMM_FILTER * ppMMFilter,
LPVOID pvReserved
);
DWORD
WINAPI
MatchMMFilter(
LPWSTR pServerName,
DWORD dwVersion,
PMM_FILTER pMMFilter,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PMM_FILTER * ppMatchedMMFilters,
PIPSEC_MM_POLICY * ppMatchedMMPolicies,
PMM_AUTH_METHODS * ppMatchedMMAuthMethods,
LPDWORD pdwNumMatches,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
MatchTransportFilter(
LPWSTR pServerName,
DWORD dwVersion,
PTRANSPORT_FILTER pTxFilter,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PTRANSPORT_FILTER * ppMatchedTxFilters,
PIPSEC_QM_POLICY * ppMatchedQMPolicies,
LPDWORD pdwNumMatches,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
GetQMPolicyByID(
LPWSTR pServerName,
DWORD dwVersion,
GUID gQMPolicyID,
DWORD dwFlags,
PIPSEC_QM_POLICY * ppQMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
GetMMPolicyByID(
LPWSTR pServerName,
DWORD dwVersion,
GUID gMMPolicyID,
PIPSEC_MM_POLICY * ppMMPolicy,
LPVOID pvReserved
);
DWORD
WINAPI
AddMMAuthMethods(
LPWSTR pServerName,
DWORD dwVersion,
DWORD dwFlags,
PMM_AUTH_METHODS pMMAuthMethods,
LPVOID pvReserved
);
DWORD
WINAPI
DeleteMMAuthMethods(
LPWSTR pServerName,
DWORD dwVersion,
GUID gMMAuthID,
LPVOID pvReserved
);
DWORD
WINAPI
EnumMMAuthMethods(
LPWSTR pServerName,
DWORD dwVersion,
PMM_AUTH_METHODS pMMTemplateAuthMethods,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PMM_AUTH_METHODS * ppMMAuthMethods,
LPDWORD pdwNumAuthMethods,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
SetMMAuthMethods(
LPWSTR pServerName,
DWORD dwVersion,
GUID gMMAuthID,
PMM_AUTH_METHODS pMMAuthMethods,
LPVOID pvReserved
);
DWORD
WINAPI
GetMMAuthMethods(
LPWSTR pServerName,
DWORD dwVersion,
GUID gMMAuthID,
PMM_AUTH_METHODS * ppMMAuthMethods,
LPVOID pvReserved
);
DWORD
WINAPI
InitiateIKENegotiation(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_QM_FILTER pQMFilter,
DWORD dwClientProcessId,
HANDLE hClientEvent,
DWORD dwFlags,
IPSEC_UDP_ENCAP_CONTEXT UdpEncapContext,
LPVOID pvReserved,
PHANDLE phNegotiation
);
DWORD
WINAPI
QueryIKENegotiationStatus(
HANDLE hNegotiation,
DWORD dwVersion,
PSA_NEGOTIATION_STATUS_INFO pNegotiationStatus,
LPVOID pvReserved
);
DWORD
WINAPI
CloseIKENegotiationHandle(
HANDLE hNegotiation
);
DWORD
WINAPI
EnumMMSAs(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_MM_SA pMMTemplate,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PIPSEC_MM_SA * ppMMSAs,
LPDWORD pdwNumEntries,
LPDWORD pdwTotalMMsAvailable,
LPDWORD pdwEnumHandle,
LPVOID pvReserved
);
DWORD
WINAPI
DeleteMMSAs(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_MM_SA pMMTemplate,
DWORD dwFlags,
LPVOID pvReserved
);
DWORD
WINAPI
DeleteQMSAs(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_QM_SA pIpsecQMSA,
DWORD dwFlags,
LPVOID pvReserved
);
DWORD
WINAPI
QueryIKEStatistics(
LPWSTR pServerName,
DWORD dwVersion,
PIKE_STATISTICS pIKEStatistics,
LPVOID pvReserved
);
DWORD
WINAPI
RegisterIKENotifyClient(
LPWSTR pServerName,
DWORD dwVersion,
DWORD dwClientProcessId,
HANDLE hClientEvent,
IPSEC_QM_SA QMTemplate,
DWORD dwFlags,
LPVOID pvReserved,
PHANDLE phNotifyHandle
);
DWORD
WINAPI
QueryIKENotifyData(
HANDLE hNotifyHandle,
DWORD dwVersion,
DWORD dwFlags,
PIPSEC_QM_SA * ppQMSAs,
PDWORD pdwNumEntries,
LPVOID pvReserved
);
DWORD
WINAPI
CloseIKENotifyHandle(
HANDLE hNotifyHandle
);
DWORD
WINAPI
QueryIPSecStatistics(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_STATISTICS * ppIpsecStatistics,
LPVOID pvReserved
);
DWORD
WINAPI
EnumQMSAs(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_QM_SA pQMSATemplate,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PIPSEC_QM_SA * ppQMSAs,
LPDWORD pdwNumQMSAs,
LPDWORD pdwNumTotalQMSAs,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
AddTunnelFilter(
LPWSTR pServerName,
DWORD dwVersion,
DWORD dwFlags,
PTUNNEL_FILTER pTunnelFilter,
LPVOID pvReserved,
PHANDLE phFilter
);
DWORD
WINAPI
DeleteTunnelFilter(
HANDLE hFilter
);
DWORD
WINAPI
EnumTunnelFilters(
LPWSTR pServerName,
DWORD dwVersion,
PTUNNEL_FILTER pTunnelTemplateFilter,
DWORD dwLevel,
GUID gGenericFilterID,
DWORD dwPreferredNumEntries,
PTUNNEL_FILTER * ppTunnelFilters,
LPDWORD pdwNumFilters,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
SetTunnelFilter(
HANDLE hFilter,
DWORD dwVersion,
PTUNNEL_FILTER pTunnelFilter,
LPVOID pvReserved
);
DWORD
WINAPI
GetTunnelFilter(
HANDLE hFilter,
DWORD dwVersion,
PTUNNEL_FILTER * ppTunnelFilter,
LPVOID pvReserved
);
DWORD
WINAPI
MatchTunnelFilter(
LPWSTR pServerName,
DWORD dwVersion,
PTUNNEL_FILTER pTnFilter,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PTUNNEL_FILTER * ppMatchedTnFilters,
PIPSEC_QM_POLICY * ppMatchedQMPolicies,
LPDWORD pdwNumMatches,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
OpenMMFilterHandle(
LPWSTR pServerName,
DWORD dwVersion,
PMM_FILTER pMMFilter,
LPVOID pvReserved,
PHANDLE phMMFilter
);
DWORD
WINAPI
CloseMMFilterHandle(
HANDLE hMMFilter
);
DWORD
WINAPI
OpenTransportFilterHandle(
LPWSTR pServerName,
DWORD dwVersion,
PTRANSPORT_FILTER pTransportFilter,
LPVOID pvReserved,
PHANDLE phTxFilter
);
DWORD
WINAPI
CloseTransportFilterHandle(
HANDLE hTxFilter
);
DWORD
WINAPI
OpenTunnelFilterHandle(
LPWSTR pServerName,
DWORD dwVersion,
PTUNNEL_FILTER pTunnelFilter,
LPVOID pvReserved,
PHANDLE phTnFilter
);
DWORD
WINAPI
CloseTunnelFilterHandle(
HANDLE hTnFilter
);
DWORD
WINAPI
EnumIPSecInterfaces(
LPWSTR pServerName,
DWORD dwVersion,
PIPSEC_INTERFACE_INFO pIpsecIfTemplate,
DWORD dwFlags,
DWORD dwPreferredNumEntries,
PIPSEC_INTERFACE_INFO * ppIpsecInterfaces,
LPDWORD pdwNumInterfaces,
LPDWORD pdwNumTotalInterfaces,
LPDWORD pdwResumeHandle,
LPVOID pvReserved
);
DWORD
WINAPI
AddSAs(
LPWSTR pServerName,
DWORD dwVersion,
IPSEC_SA_DIRECTION SADirection,
PIPSEC_QM_OFFER pQMOffer,
PIPSEC_QM_FILTER pQMFilter,
HANDLE * phLarvalContext,
DWORD dwInboundKeyMatLen,
BYTE * pInboundKeyMat,
DWORD dwOutboundKeyMatLen,
BYTE * pOutboundKeyMat,
BYTE * pContextInfo,
UDP_ENCAP_INFO EncapInfo,
LPVOID pvReserved,
DWORD dwFlags
);
DWORD
WINAPI
QuerySpdPolicyState(
LPWSTR pServerName,
DWORD dwVersion,
PSPD_POLICY_STATE * ppSpdPolicyState,
LPVOID pvReserved
);
DWORD
WINAPI
SetConfigurationVariables(
LPWSTR pServerName,
IKE_CONFIG IKEConfig
);
DWORD
WINAPI
GetConfigurationVariables(
LPWSTR pServerName,
PIKE_CONFIG pIKEConfig
);
#ifdef __cplusplus
}
#endif
#endif // _WINIPSEC_