NDIS_IPSEC_OFFLOAD_V1 (Compact 7)
3/12/2014
This structure provides Internet protocol security (IPsec) task offload information in the NDIS_OFFLOAD structure.
Syntax
typedef struct _NDIS_IPSEC_OFFLOAD_V1 {
struct {
ULONG Encapsulation;
ULONG AhEspCombined;
ULONG TransportTunnelCombined;
ULONG IPv4Options;
ULONG Flags;
} Supported;
struct {
ULONG Md5:2;
ULONG Sha_1:2;
ULONG Transport:2;
ULONG Tunnel:2;
ULONG Send:2;
ULONG Receive:2;
} IPv4AH;
struct {
ULONG Des:2;
ULONG Flags:2;
ULONG TripleDes:2;
ULONG NullEsp:2;
ULONG Transport:2;
ULONG Tunnel:2;
ULONG Send:2;
ULONG Receive:2;
} IPv4ESP;
} NDIS_IPSEC_OFFLOAD_V1, *PNDIS_IPSEC_OFFLOAD_V1;
Members
Supported
A structure within NDIS_IPSEC_OFFLOAD_V1 that specifies support for IPsec task offload and that contains the following information:- Encapsulation
Encapsulation settings for IPsec. For more information about this member, see the following Comments section.
- AhEspCombined
A ULONG value that a miniport driver sets to indicate that the hardware can perform IPsec operations on send and receive packets that contain both an authentication header (AH) security payload and an encapsulating security payload (ESP). A value of zero in AhEspCombined indicates that the network adapter does not support this capability.
- TransportTunnelCombined
A ULONG value that a miniport driver sets to indicate that the network adapter can process security payloads for both the transport-mode portion and the tunnel-mode part of send and receive packets. (The transport-mode part of a packet applies to an end-to-end connection. The tunnel-mode part of a packet applies to a tunnel connection.) A value of zero in TransportTunnelCombined indicates that the network adapter does not support this capability.
- IPv4Options
A ULONG value that a miniport driver sets to indicate that the network adapter can perform IPsec operations on IPv4 send and receive packets whose IP headers contain IP options. A value of zero in IPv4Options indicates that the network adapter does not support this capability.
Flags
The types of UDP-encapsulated ESP data packets that a network adapter can parse This member can be one or more of the following flags:- IPSEC_TPT_UDPESP_ENCAPTYPE_IKE
Reserved for internal use.
- IPSEC_TUN_UDPESP_ENCAPTYPE_IKE
Reserved for internal use.
- IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_IKE
Reserved for internal use.
- IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_IKE
Reserved for internal use.
IPSEC_TPT_UDPESP_ENCAPTYPE_OTHER
When this flag is set, the network adapter can parse UDP-encapsulated transport-mode packets.When this flag is cleared, the network adapter cannot parse UDP-encapsulated transport-mode packets.
IPSEC_TUN_UDPESP_ENCAPTYPE_OTHER
When this flag set, the network adapter can parse UDP-encapsulated tunnel-mode packets.When this flag is cleared, the network adapter does not have this capability.
IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_OTHER
When this flag is set, the network adapter can parse transport over UDP-encapsulated tunnel-mode packets.When this flag is cleared, the network adapter does not have this capability.
IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_OTHER
When this flag is set, the network adapter can parse UDP-encapsulated transport over tunnel-mode packets.When this flag is cleared, the network adapter does not have this capability.
A miniport driver whose network adapter is incapable of parsing UDP-encapsulated ESP packets must not set any flags in the Flags member.
- IPSEC_TPT_UDPESP_ENCAPTYPE_IKE
- Encapsulation
IPv4AH
A structure within NDIS_IPSEC_OFFLOAD_V1 that specifies support for AH payloads and that contains the following information:- Md5
A ULONG value that a miniport driver sets to indicate that the network adapter can use the keyed MD5 algorithm for computing or validating a cryptographic checksum for an AH payload, ESP payload, or both.
- Sha_1
A ULONG value that a miniport driver sets to indicate that the network adapter can use the SHA 1 algorithm for computing or validating a cryptographic checksum for an AH payload, ESP payload, or both.
- Transport
A ULONG value that a miniport driver sets to indicate that the network adapter can calculate or validate the cryptographic checksums for the part of a packet that applies to an end-to-end connection.
- Tunnel
A ULONG value that a miniport driver sets to indicate that the network adapter can calculate or validate cryptographic checksums for the part of a packet that applies to a tunnel connection.
- Send
A ULONG value that a miniport driver sets to indicate that the network adapter can calculate cryptographic checksums for send packets.
- Receive
A ULONG value that a miniport driver sets to indicate that the NIC can validate cryptographic checksums for receive packets.
- Md5
IPv4ESP
A structure within NDIS_IPSEC_OFFLOAD_V1 that specifies support for ESP payloads and that contains the following information:- Des
A ULONG value that a miniport driver sets to indicate that the network adapter supports the DES algorithm for encrypting and decrypting ESP payloads.
- Flags
This member is reserved.
- TripleDes
A ULONG value that a miniport driver sets to indicate that the network adapter supports the triple-DES algorithm for encrypting and decrypting ESP payloads.
- NullEsp
A ULONG value that a miniport driver sets to indicate that the network adapter supports null encryption-that is, the ESP payload without encryption but with authentication information.
- Transport
A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP data for the part of a packet that applies to an end-to-end connection.
- Tunnel
A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP data for the part of a packet that applies to a tunnel connection.
- Send
A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP payloads in send packets.
- Receive
A ULONG value that a miniport driver sets to indicate that the network adapter can encrypt and decrypt ESP payloads in receive packets.
- Des
Remarks
The NDIS_IPSEC_OFFLOAD_V1 structure is used in the IPsecV1 member of the NDIS_OFFLOAD structure. The NDIS_IPSEC_OFFLOAD_V1 structure specifies the current or supported services that a miniport adapter provides for Internet protocol security (IPsec).
NDIS_OFFLOAD is used in the NDISNDIS_MINIPORT_ADAPTER_OFFLOAD_ATTRIBUTES structure, NDIS_BIND_PARAMETERS structure, NDIS_FILTER_ATTACH_PARAMETERS structure, OID_TCP_OFFLOAD_CURRENT_CONFIG, and the NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG status indication.For OID_TCP_OFFLOAD_CURRENT_CONFIG, the NDIS_OFFLOAD structure specifies the task offload capabilities that a miniport adapter supports. If the current offloads capabilities change, a miniport driver reports the new capabilities in an NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG status indication.
The Encapsulation members of NDIS_IPSEC_OFFLOAD_V1 define the IPsec offload encapsulation settings for the miniport adapter.
In response to an OID_TCP_OFFLOAD_CURRENT_CONFIG query request, NDIS provides a bitwise OR of the encapsulation flags, which indicate the supported encapsulation settings, in each of the Encapsulation members. Miniport drivers must provide Ethernet encapsulation (NDIS_ENCAPSULATION_IEEE_802_3). The other types of encapsulation are optional.
For an NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG status indication, the miniport driver provides a bitwise OR of the encapsulation flags, which indicate the current capabilities, in each of the Encapsulation members.
The following flags are defined for the Encapsulation members:
- NDIS_ENCAPSULATION_NOT_SUPPORTED
Specifies that no encapsulation offload is supported.
- NDIS_ENCAPSULATION_NULL
Specifies NULL encapsulation.
- NDIS_ENCAPSULATION_IEEE_802_3
Specifies IEEE 802.3 encapsulation.
- NDIS_ENCAPSULATION_IEEE_802_3_P_AND_Q
Specifies IEEE 802.3p and IEEE 802.3q encapsulation.
- NDIS_ENCAPSULATION_IEEE_802_3_P_AND_Q_IN_OOB
Specifies that IEEE 802.3p and IEEE 802.3q encapsulation settings are specified in the NetBufferListInfo member of each NET_BUFFER_LIST structure.
- NDIS_ENCAPSULATION_IEEE_LLC_SNAP_ROUTED
Specifies logical link control (LLC) encapsulation for routed protocols, as described in RFC 1483. This flag is also used to indicate Ethernet LLC/SNAP encapsulation.
Requirements
Header |
ntddndis.h |
See Also
Reference
NDIS TCP/IP Offload Structures
NDIS_BIND_PARAMETERS
NDIS_FILTER_ATTACH_PARAMETERS
NDIS_MINIPORT_ADAPTER_OFFLOAD_ATTRIBUTES
NDIS_OFFLOAD
NDIS_OID_REQUEST
NDIS_STATUS_TASK_OFFLOAD_CURRENT_CONFIG
NET_BUFFER_LIST
OID_TCP_OFFLOAD_CURRENT_CONFIG