Previous Next

NDIS_TASK_IPSEC

When supplied by a miniport driver in response to a query of OID_TCP_TASK_OFFLOAD, the NDIS_TASK_IPSEC structure specifies the miniport driver's NIC's capabilities for performing IP Security tasks on packets. When passed to a miniport driver in a set of OID_TCP_TASK_OFFLOAD, the structure specifies the IP Security capabilities that the TCP/IP transport is enabling for the NIC.

typedef struct _NDIS_TASK_IPSEC
{
  struct
  {
    ULONG   AH_ESP_COMBINED;
    ULONG   TRANSPORT_TUNNEL_COMBINED;
    ULONG   V4_OPTIONS;
    ULONG   RESERVED;
  } Supported;
 
  struct
  {
    ULONG   MD5:1;
    ULONG   SHA_1:1;
    ULONG   Transport:1;
    ULONG   Tunnel:1;
    ULONG   Send:1;
    ULONG   Receive:1;
  } V4AH;
 
  struct
  {
    ULONG   DES:1;
    ULONG   RESERVED:1;
    ULONG   TRIPLE_DES:1;
    ULONG   NULL_ESP:1;
    ULONG   Transport:1;
    ULONG   Tunnel:1;
    ULONG   Send:1;
    ULONG   Receive:1;
  } V4ESP;
 
} NDIS_TASK_IPSEC, *PNDIS_TASK_IPSEC;

Members

AH_ESP_COMBINED
Set by a miniport driver to indicate that its NIC can perform IP Security operations on send and receive packets that contain both an authentication header (AH) security payload and an encapsulating security payload (ESP). A value of zero indicates that the NIC does not support this capability.

Set by the TCP/IP transport to enable this capability.

TRANSPORT_TUNNEL_COMBINED
Set by a miniport driver to indicate that its NIC can process security payloads for both the transport-mode portion and the tunnel-mode portion of send and receive packets. (The transport-mode portion of a packet pertains to an end-to-end connection. The tunnel-mode portion of a packet pertains to a tunnel connection.) A value of zero indicates that the NIC does not support this capability.

Set by the TCP/IP transport to enable this capability.

V4_OPTIONS
Set by a miniport driver to indicate that its NIC can perform IP security operations on IPv4 send and receive packets whose IP header(s) contain IP options. A value of zero indicates that the NIC does not support this capability.

Set by the TCP/IP transport to enable this capability.

RESERVED
A miniport driver sets one or more of the following flags to indicate the types of UDP-encapsulated ESP data packets that its NIC can parse. For a description of the UDP-encapsulation types, see UDP-ESP Encapsulation Types.
IPSEC_TPT_UDPESP_ENCAPTYPE_IKE
Reserved.
IPSEC_TUN_UDPESP_ENCAPTYPE_IKE
Reserved.
IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_IKE
Reserved.
IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_IKE
Reserved.
IPSEC_TPT_UDPESP_ENCAPTYPE_OTHER
When set, indicates that the NIC can parse UDP-encapsulated transport-mode packets.

When cleared, indicates that the NIC does not have this capability.

IPSEC_TUN_UDPESP_ENCAPTYPE_OTHER
When set, indicates that the NIC can parse UDP-encapsulated tunnel-mode packets.

When cleared, indicates that the NIC does not have this capability.

IPSEC_TPTOVERTUN_UDPESP_ENCAPTYPE_OTHER
When set, indicates that the NIC can parse transport over UDP-encapsulated tunnel-mode packets.

When cleared, indicates that the NIC does not have this capability.

IPSEC_TPT_UDPESP_OVER_PURE_TUN_ENCAPTYPE_OTHER
When set, indicates that the NIC can parse UDP-encapsulated transport over tunnel-mode packets.

When cleared, indicates that the NIC does not have this capability.

A miniport whose NIC is incapable of parsing UDP-encapsulated ESP packets must not set any flags in the Reserved member.
V4AH
MD5
Set by a miniport driver to indicate that its NIC can use the keyed MD5 algorithm for computing and/or validating a cryptographic checksum for an AH payload and/or ESP payload. Set by the TCP/IP transport to enable this capability.
SHA_1
Set by a miniport driver to indicate that its NIC can use the SHA 1 algorithm for computing and/or validating a cryptographic checksum for an AH payload and/or ESP payload. Set by the TCP/IP transport to enable this capability.
Transport
Set by a miniport driver to indicate that its NIC can calculate and/or validate the cryptographic checksum(s) for the portion of a packet that pertains to an end-to-end connection. Set by the TCP/IP transport to enable this capability.
Tunnel
Set by a miniport driver to indicate that its NIC can calculate and/or validate cryptographic checksum(s) for the portion of a packet that pertains to a tunnel connection. Set by the TCP/IP transport to enable this capability.
Send
Set by a miniport driver to indicate that its NIC can calculate cryptographic checksum(s) for send packets. Set by the TCP/IP transport to enable this capability.
Receive
Set by a miniport driver to indicate that its NIC can validate cryptographic checksum(s) for receive packets. Set by the TCP/IP transport to enable this capability.
V4ESP
DES
Set by a miniport driver to indicate that its NIC supports the DES algorithm for encrypting and decrypting ESP payloads. Set by the TCP/IP transport to enable this capability.
RESERVED
This is reserved.
TRIPLE_DES
Set by a miniport driver to indicate that its NIC supports the triple-DES algorithm for encrypting and decrypting ESP payloads. Set by the TCP/IP transport to enable this capability.
NULL_ESP
Set by a miniport driver to indicate that its NIC supports null encryption, which is the ESP payload without encryption but with authentication information. Set by the TCP/IP transport to enable this capability.
Transport
Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP data for the portion of a packet that pertains to an end-to-end connection. Set by the TCP/IP transport to enable this capability.
Tunnel
Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP data for the portion of a packet that pertains to a tunnel connection. Set by the TCP/IP transport to enable this capability.
Send
Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP payloads in send packets. Set by the TCP/IP transport to enable this capability.
Receive
Set by a miniport driver to indicate that its NIC can encrypt and decrypt ESP payloads in receive packets. Set by the TCP/IP transport to enable this capability.

Headers

Declared in ndis.h. Include ndis.h.

Comments

In response to a query of OID_TCP_TASK_OFFLOAD, a miniport driver returns in the InformationBuffer an NDIS_TASK_OFFLOAD_HEADER structure followed by one or NDIS_TASK_OFFLOAD structures. Each NDIS_TASK_OFFLOAD structure specifies a task-offload capability supported by the miniport driver's NIC.

When the Task member of the NDIS_TASK_OFFLOAD structure specifies IpSecNdisTask, the TaskBuffer of the NDIS_TASK_OFFLOAD structure contains an NDIS_TASK_IPSEC structure. When the NDIS_TASK_IPSEC structure is filled in by a miniport driver in response to the TCP/IP transport's query of OID_TCP_TASK_OFFLOAD, it specifies the miniport driver's NIC's capabilities for performing IP Security tasks on packets. When the NDIS_TASK_IPSEC structure is passed to a miniport driver through the TCP/IP transport's set of OID_TCP_TASK_OFFLOAD, it specifies the IP Security capabilities that the transport is enabling.

See Also

OID_TCP_TASK_OFFLOAD, NDIS_TASK_OFFLOAD, NDIS_TASK_OFFLOAD_HEADER

Built on Friday, April 11, 2003