通过

NDIS_IPSEC_OFFLOAD_V1 (Compact 2013)

  • 项目

3/26/2014

This structure provides Internet protocol security (IPsec) task offload information in the NDIS_OFFLOAD structure.

Syntax

typedef struct _NDIS_IPSEC_OFFLOAD_V1 {
  struct {
    ULONG  Encapsulation;
    ULONG  AhEspCombined;
    ULONG  TransportTunnelCombined;
    ULONG  IPv4Options;
    ULONG  Flags;
  } Supported;
  struct {
    ULONG  Md5:2;
    ULONG  Sha_1:2;
    ULONG  Transport:2;
    ULONG  Tunnel:2;
    ULONG  Send:2;
    ULONG  Receive:2;
  } IPv4AH;
  struct {
    ULONG  Des:2;
    ULONG  Flags:2;
    ULONG  TripleDes:2;
    ULONG  NullEsp:2;
    ULONG  Transport:2;
    ULONG  Tunnel:2;
    ULONG  Send:2;
    ULONG  Receive:2;
  } IPv4ESP;
} NDIS_IPSEC_OFFLOAD_V1, *PNDIS_IPSEC_OFFLOAD_V1;

Members

  • Supported
    A structure within NDIS_IPSEC_OFFLOAD_V1 that specifies support for IPsec task offload and that contains the following information:

    • Encapsulation
      Encapsulation settings for IPsec. For more information about this member, see the following Comments section.
    • AhEspCombined
      A ULONG value that a miniport driver sets to indicate that the hardware can perform IPsec operations on send and receive packets that contain both an authentication header (AH) security payload and an encapsulating security payload (ESP). A value of zero in AhEspCombined indicates that the network adapter does not support this capability.
    • TransportTunnelCombined
      A ULONG value that a miniport driver sets to indicate that the network adapter can process security payloads for both the transport-mode portion and the tunnel-mode part of send and receive packets. (The transport-mode part of a packet applies to an end-to-end connection. The tunnel-mode part of a packet applies to a tunnel connection.) A value of zero in TransportTunnelCombined indicates that the network adapter does not support this capability.
    • IPv4Options
      A ULONG value that a miniport driver sets to indicate that the network adapter can perform IPsec operations on IPv4 send and receive packets whose IP headers contain IP options. A value of zero in IPv4Options indicates that the network adapter does not support this capability.

    • Flags
      The types of UDP-encapsulated ESP data packets that a network adapter can parse This member can be one or more of the following flags:

      • IPSEC_TPT_UDPESP_ENCAPTYPE_IKE
        Reserved for internal use.
      • IPSEC_TUN_UDPESP_ENCAPTYPE_IKE
        Reserved for internal use.
      • IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_IKE
        Reserved for internal use.
      • IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_IKE
        Reserved for internal use.

      • IPSEC_TPT_UDPESP_ENCAPTYPE_OTHER
        When this flag is set, the network adapter can parse UDP-encapsulated transport-mode packets.

        When this flag is cleared, the network adapter cannot parse UDP-encapsulated transport-mode packets.

      • IPSEC_TUN_UDPESP_ENCAPTYPE_OTHER
        When this flag set, the network adapter can parse UDP-encapsulated tunnel-mode packets.

        When this flag is cleared, the network adapter does not have this capability.

      • IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_OTHER
        When this flag is set, the network adapter can parse transport over UDP-encapsulated tunnel-mode packets.

        When this flag is cleared, the network adapter does not have this capability.

      • IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_OTHER
        When this flag is set, the network adapter can parse UDP-encapsulated transport over tunnel-mode packets.

        When this flag is cleared, the network adapter does not have this capability.

      A miniport driver whose network adapter is incapable of parsing UDP-encapsulated ESP packets must not set any flags in the Flags member.

  • IPv4AH
    A structure within NDIS_IPSEC_OFFLOAD_V1 that specifies support for AH payloads and that contains the following information:

    • Md5
      A ULONG value that a miniport driver sets to indicate that the network adapter can use the keyed MD5 algorithm for computing or validating a cryptographic checksum for an AH payload, ESP payload, or both.
    • Sha_1
      A ULONG value that a miniport driver sets to indicate that the network adapter can use the SHA 1 algorithm for computing or validating a cryptographic checksum for an AH payload, ESP payload, or both.
    • Transport
      A ULONG value that a miniport driver sets to indicate that the network adapter can calculate or validate the cryptographic checksums for the part of a packet that applies to an end-to-end connection.
    • Tunnel
      A ULONG value that a miniport driver sets to indicate that the network adapter can calculate or validate cryptographic checksums for the part of a packet that applies to a tunnel connection.
    • Send
      A ULONG value that a miniport driver sets to indicate that the network adapter can calculate cryptographic checksums for send packets.
    • Receive
      A ULONG value that a miniport driver sets to indicate that the NIC can validate cryptographic checksums for receive packets.

  • IPv4ESP
    A structure within NDIS_IPSEC_OFFLOAD_V1 that specifies support for ESP payloads and that contains the following information:

    • Des
      A ULONG value that a miniport driver sets to indicate that the network adapter supports the DES algorithm for encrypting and decrypting ESP payloads.
    • Flags
      This member is reserved.
    • TripleDes
      A ULONG value that a miniport driver sets to indicate that the network adapter supports the triple-DES algorithm for encrypting and decrypting ESP payloads.
    • NullEsp
      A ULONG value that a miniport driver sets to indicate that the network adapter supports null encryption-that is, the ESP payload without encryption but with authentication information.
    • Transport
      A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP data for the part of a packet that applies to an end-to-end connection.
    • Tunnel
      A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP data for the part of a packet that applies to a tunnel connection.
    • Send
      A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP payloads in send packets.
    • Receive
      A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP payloads in receive packets.

Remarks

The NDIS_IPSEC_OFFLOAD_V1 structure is used in the IPsecV1 member of the NDIS_OFFLOAD structure. The NDIS_IPSEC_OFFLOAD_V1 structure specifies the current or supported services that a miniport adapter provides for Internet protocol security (IPsec).

NDIS_OFFLOAD is used in the NDISNDIS_MINIPORT_ADAPTER_OFFLOAD_ATTRIBUTES structure, NDIS_BIND_PARAMETERS structure, NDIS_FILTER_ATTACH_PARAMETERS structure, OID_TCP_OFFLOAD_CURRENT_CONFIG, and the NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG status indication.For OID_TCP_OFFLOAD_CURRENT_CONFIG, the NDIS_OFFLOAD structure specifies the task offload capabilities that a miniport adapter supports. If the current offloads capabilities change, a miniport driver reports the new capabilities in an NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG status indication.

The Encapsulation members of NDIS_IPSEC_OFFLOAD_V1 define the IPsec offload encapsulation settings for the miniport adapter.

In response to an OID_TCP_OFFLOAD_CURRENT_CONFIG query request, NDIS provides a bitwise OR of the encapsulation flags, which indicate the supported encapsulation settings, in each of the Encapsulation members. Miniport drivers must provide Ethernet encapsulation (NDIS_ENCAPSULATION_IEEE_802_3). The other types of encapsulation are optional.

For an NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG status indication, the miniport driver provides a bitwise OR of the encapsulation flags, which indicate the current capabilities, in each of the Encapsulation members.

The following flags are defined for the Encapsulation members:

  • NDIS_ENCAPSULATION_NOT_SUPPORTED
    Specifies that no encapsulation offload is supported.
  • NDIS_ENCAPSULATION_NULL
    Specifies NULL encapsulation.
  • NDIS_ENCAPSULATION_IEEE_802_3
    Specifies IEEE 802.3 encapsulation.
  • NDIS_ENCAPSULATION_IEEE_802_3_P_AND_Q
    Specifies IEEE 802.3p and IEEE 802.3q encapsulation.
  • NDIS_ENCAPSULATION_IEEE_802_3_P_AND_Q_IN_OOB
    Specifies that IEEE 802.3p and IEEE 802.3q encapsulation settings are specified in the NetBufferListInfo member of each NET_BUFFER_LIST structure.
  • NDIS_ENCAPSULATION_IEEE_LLC_SNAP_ROUTED
    Specifies logical link control (LLC) encapsulation for routed protocols, as described in RFC 1483. This flag is also used to indicate Ethernet LLC/SNAP encapsulation.

Requirements

Header

ntddndis.h

See Also

Reference

NDIS TCP/IP Offload Structures
NDIS_BIND_PARAMETERS
NDIS_FILTER_ATTACH_PARAMETERS
NDIS_MINIPORT_ADAPTER_OFFLOAD_ATTRIBUTES
NDIS_OFFLOAD
NDIS_OID_REQUEST
NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG
NET_BUFFER_LIST
OID_TCP_OFFLOAD_CURRENT_CONFIG