IPSEC_SA_BUNDLE0 structure (ipsectypes.h)
The IPSEC_SA_BUNDLE0 structure is used to store information about an IPsec security association (SA) bundle. IPSEC_SA_BUNDLE1 is available.
Syntax
typedef struct IPSEC_SA_BUNDLE0_ {
UINT32 flags;
IPSEC_SA_LIFETIME0 lifetime;
UINT32 idleTimeoutSeconds;
UINT32 ndAllowClearTimeoutSeconds;
IPSEC_ID0 *ipsecId;
UINT32 napContext;
UINT32 qmSaId;
UINT32 numSAs;
IPSEC_SA0 *saList;
IPSEC_KEYMODULE_STATE0 *keyModuleState;
FWP_IP_VERSION ipVersion;
union {
UINT32 peerV4PrivateAddress;
};
UINT64 mmSaId;
IPSEC_PFS_GROUP pfsGroup;
} IPSEC_SA_BUNDLE0;
Members
flags
A combination of the following values.
lifetime
Lifetime of all the SAs in the bundle as specified by IPSEC_SA_LIFETIME0.
idleTimeoutSeconds
Timeout in seconds after which the SAs in the bundle will idle out (due to traffic inactivity) and expire.
ndAllowClearTimeoutSeconds
Timeout in seconds, after which the IPsec SA should stop accepting packets coming in the clear.
Used for negotiation discovery.
ipsecId
Pointer to an IPSEC_ID0 structure that contains optional IPsec identity info.
napContext
Network Access Protection (NAP) peer credentials information.
qmSaId
SA identifier used by IPsec when choosing the SA to expire. For an IPsec SA pair, the qmSaId must be the same between the initiating and responding machines and across inbound and outbound SA bundles. For different IPsec pairs, the qmSaId must be different.
numSAs
Number of SAs in the bundle. The only possible values are 1 and 2. Use 2 only when specifying AH + ESP SAs.
saList
Array of IPsec SAs in the bundle. For AH + ESP SAs, use index [0] for ESP SA and index [1] for AH SA.
See IPSEC_SA0 for more information.
keyModuleState
Optional keying module specific information as specified by IPSEC_KEYMODULE_STATE0.
ipVersion
IP version as specified by FWP_IP_VERSION.
peerV4PrivateAddress
Available when ipVersion is FWP_IP_VERSION_V4. If peer is behind a network address translation (NAT) device, this member stores the peer's private address.
mmSaId
Use this ID to correlate this IPsec SA with the IKE SA that generated it.
pfsGroup
Specifies whether Quick Mode perfect forward secrecy (PFS) was enabled for this SA, and if so, contains the Diffie-Hellman group that was used for PFS.
See IPSEC_PFS_GROUP for more information.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows Vista [desktop apps only] |
Minimum supported server | Windows Server 2008 [desktop apps only] |
Header | ipsectypes.h |