aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/kernel_wfp
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/kernel_wfp')
-rw-r--r--src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h21
-rw-r--r--src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c1
2 files changed, 22 insertions, 0 deletions
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h b/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h
index 9c9addbea..a2aa1d80b 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h
@@ -86,6 +86,27 @@ enum {
FWPM_FILTER_FLAG_DISABLED = (1<<5),
};
+/* missing in MinGW */
+enum {
+ IPSEC_SA_BUNDLE_FLAG_ND_SECURE = (1<< 0),
+ IPSEC_SA_BUNDLE_FLAG_ND_BOUNDARY = (1<< 1),
+ IPSEC_SA_BUNDLE_FLAG_ND_PEER_NAT_BOUNDARY = (1<< 2),
+ IPSEC_SA_BUNDLE_FLAG_GUARANTEE_ENCRYPTION = (1<< 3),
+ IPSEC_SA_BUNDLE_FLAG_NLB = (1<< 4),
+ IPSEC_SA_BUNDLE_FLAG_NO_MACHINE_LUID_VERIFY = (1<< 5),
+ IPSEC_SA_BUNDLE_FLAG_NO_IMPERSONATION_LUID_VERIFY = (1<< 6),
+ IPSEC_SA_BUNDLE_FLAG_NO_EXPLICIT_CRED_MATCH = (1<< 7),
+ IPSEC_SA_BUNDLE_FLAG_ALLOW_NULL_TARGET_NAME_MATCH = (1<< 9),
+ IPSEC_SA_BUNDLE_FLAG_CLEAR_DF_ON_TUNNEL = (1<<10),
+ IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND = (1<<11),
+ IPSEC_SA_BUNDLE_FLAG_ND_PEER_BOUNDARY = (1<<12),
+ IPSEC_SA_BUNDLE_FLAG_SUPPRESS_DUPLICATE_DELETION = (1<<13),
+ IPSEC_SA_BUNDLE_FLAG_PEER_SUPPORTS_GUARANTEE_ENCRYPTION = (1<<14),
+ IPSEC_SA_BUNDLE_FLAG_FORCE_INBOUND_CONNECTIONS = (1<<15),
+ IPSEC_SA_BUNDLE_FLAG_FORCE_OUTBOUND_CONNECTIONS = (1<<16),
+ IPSEC_SA_BUNDLE_FLAG_FORWARD_PATH_INITIATOR = (1<<17),
+};
+
DWORD WINAPI FwpmIPsecTunnelAdd0(HANDLE, UINT32,
const FWPM_PROVIDER_CONTEXT0*, const FWPM_PROVIDER_CONTEXT0*, UINT32,
const FWPM_FILTER_CONDITION0*, PSECURITY_DESCRIPTOR);
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
index b6d7d7a58..d471a0010 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@@ -913,6 +913,7 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry,
}
else
{
+ bundle.flags |= IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND;
res = IPsecSaContextAddOutbound0(this->handle, entry->sa_id, &bundle);
}
if (res != ERROR_SUCCESS)
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 11:57:11 +0000