Share via


NDIS_TASK_IPSEC structure

Note   NDIS 5. x has been deprecated and is superseded by NDIS 6. x. For new NDIS driver development, see Network Drivers Starting with Windows Vista. For information about porting NDIS 5. x drivers to NDIS 6. x, see Porting NDIS 5.x Drivers to NDIS 6.0.

When supplied by a miniport driver in response to a query of OID_TCP_TASK_OFFLOAD, the NDIS_TASK_IPSEC structure specifies the miniport driver's NIC's capabilities for performing Internet Protocol security (IPsec) tasks on packets. When passed to a miniport driver in a set of OID_TCP_TASK_OFFLOAD, the structure specifies the IPsec capabilities that the TCP/IP transport is enabling for the NIC.

Syntax

typedef struct _NDIS_TASK_IPSEC {
  struct {
    ULONG AH_ESP_COMBINED;
    ULONG TRANSPORT_TUNNEL_COMBINED;
    ULONG V4_OPTIONS;
    ULONG RESERVED;
  } Supported;
  struct {
    ULONG MD5  :1;
    ULONG SHA_1  :1;
    ULONG Transport  :1;
    ULONG Tunnel  :1;
    ULONG Send  :1;
    ULONG Receive  :1;
  } V4AH;
  struct {
    ULONG DES  :1;
    ULONG RESERVED  :1;
    ULONG TRIPLE_DES  :1;
    ULONG NULL_ESP  :1;
    ULONG Transport  :1;
    ULONG Tunnel  :1;
    ULONG Send  :1;
    ULONG Receive  :1;
  } V4ESP;
} NDIS_TASK_IPSEC, *PNDIS_TASK_IPSEC;

Members

  • Supported

    • AH_ESP_COMBINED
      Set by a miniport driver to indicate that its NIC can perform IPsec operations on send and receive packets that contain both an authentication header (AH) security payload and an encapsulating security payload (ESP). A value of zero indicates that the NIC does not support this capability.

      Set by the TCP/IP transport to enable this capability.

    • TRANSPORT_TUNNEL_COMBINED
      Set by a miniport driver to indicate that its NIC can process security payloads for both the transport-mode portion and the tunnel-mode portion of send and receive packets. (The transport-mode portion of a packet pertains to an end-to-end connection. The tunnel-mode portion of a packet pertains to a tunnel connection.) A value of zero indicates that the NIC does not support this capability.

      Set by the TCP/IP transport to enable this capability.

    • V4_OPTIONS
      Set by a miniport driver to indicate that its NIC can perform IPsec operations on IPv4 send and receive packets whose IP header(s) contain IP options. A value of zero indicates that the NIC does not support this capability.

      Set by the TCP/IP transport to enable this capability.

    • RESERVED
      A miniport driver sets one or more of the following flags to indicate the types of UDP-encapsulated ESP data packets that its NIC can parse. For a description of the UDP-encapsulation types, see UDP-ESP Encapsulation Types. A miniport driver whose NIC is incapable of parsing UDP-encapsulated ESP packets must not set any flags in the RESERVED member.

      Value Meaning
      IPSEC_TPT_UDPESP_ENCAPTYPE_IKE

      Reserved.

      IPSEC_TUN_UDPESP_ENCAPTYPE_IKE

      Reserved.

      IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_IKE

      Reserved.

      IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_IKE

      Reserved.

      IPSEC_TPT_UDPESP_ENCAPTYPE_OTHER

      When set, indicates that the NIC can parse UDP-encapsulated transport-mode packets.

      When cleared, indicates that the NIC does not have this capability.

      IPSEC_TUN_UDPESP_ENCAPTYPE_OTHER

      When set, indicates that the NIC can parse UDP-encapsulated tunnel-mode packets.

      When cleared, indicates that the NIC does not have this capability.

      IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_OTHER

      When set, indicates that the NIC can parse transport over UDP-encapsulated tunnel-mode packets.

      When cleared, indicates that the NIC does not have this capability.

      IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_OTHER

      When set, indicates that the NIC can parse UDP-encapsulated transport over tunnel-mode packets.

      When cleared, indicates that the NIC does not have this capability.

       

  • V4AH

    • MD5
      Set by a miniport driver to indicate that its NIC can use the keyed MD5 algorithm for computing and/or validating a cryptographic checksum for an AH payload and/or ESP payload. Set by the TCP/IP transport to enable this capability.

    • SHA_1
      Set by a miniport driver to indicate that its NIC can use the SHA 1 algorithm for computing and/or validating a cryptographic checksum for an AH payload and/or ESP payload. Set by the TCP/IP transport to enable this capability.

    • Transport
      Set by a miniport driver to indicate that its NIC can calculate and/or validate the cryptographic checksum(s) for the portion of a packet that pertains to an end-to-end connection. Set by the TCP/IP transport to enable this capability.

    • Tunnel
      Set by a miniport driver to indicate that its NIC can calculate and/or validate cryptographic checksum(s) for the portion of a packet that pertains to a tunnel connection. Set by the TCP/IP transport to enable this capability.

    • Send
      Set by a miniport driver to indicate that its NIC can calculate cryptographic checksum(s) for send packets. Set by the TCP/IP transport to enable this capability.

    • Receive
      Set by a miniport driver to indicate that its NIC can validate cryptographic checksum(s) for receive packets. Set by the TCP/IP transport to enable this capability.

  • V4ESP

    • DES
      Set by a miniport driver to indicate that its NIC supports the DES algorithm for encrypting and decrypting ESP payloads. Set by the TCP/IP transport to enable this capability.

    • RESERVED
      Reserved for internal use.

    • TRIPLE_DES
      Set by a miniport driver to indicate that its NIC supports the triple-DES algorithm for encrypting and decrypting ESP payloads. Set by the TCP/IP transport to enable this capability.

    • NULL_ESP
      Set by a miniport driver to indicate that its NIC supports null encryption, which is the ESP payload without encryption but with authentication information. Set by the TCP/IP transport to enable this capability.

    • Transport
      Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP data for the portion of a packet that pertains to an end-to-end connection. Set by the TCP/IP transport to enable this capability.

    • Tunnel
      Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP data for the portion of a packet that pertains to a tunnel connection. Set by the TCP/IP transport to enable this capability.

    • Send
      Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP payloads in send packets. Set by the TCP/IP transport to enable this capability.

    • Receive
      Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP payloads in receive packets. Set by the TCP/IP transport to enable this capability.

Remarks

In response to a query of OID_TCP_TASK_OFFLOAD, a miniport driver returns in the InformationBuffer an NDIS_TASK_OFFLOAD_HEADER structure followed by one or NDIS_TASK_OFFLOAD structures. Each NDIS_TASK_OFFLOAD structure specifies a task-offload capability supported by the miniport driver's NIC.

When the Task member of the NDIS_TASK_OFFLOAD structure specifies IpSecNdisTask, the TaskBuffer of the NDIS_TASK_OFFLOAD structure contains an NDIS_TASK_IPSEC structure. When the NDIS_TASK_IPSEC structure is filled in by a miniport driver in response to the TCP/IP transport's query of OID_TCP_TASK_OFFLOAD, it specifies the miniport driver's NIC's capabilities for performing IPsec tasks on packets. When the NDIS_TASK_IPSEC structure is passed to a miniport driver through the TCP/IP transport's set of OID_TCP_TASK_OFFLOAD, it specifies the IPsec capabilities that the transport is enabling.

Requirements

Header

Ndis.h (include Ndis.h)

See also

NDIS_TASK_OFFLOAD

NDIS_TASK_OFFLOAD_HEADER

 

 

Send comments about this topic to Microsoft