From a4f3b363dabd2ba435ba2cded4cbb0ecce0304e1 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Mon, 23 Dec 2013 18:45:13 +0100
Subject: kernel-wfp: Set flag to get UDP encapsulation with tunnel mode
 working

Having this flag set fixes connections initiated by the Windows host, but
unfortunately does not yet fix incoming connections. Connection state issue?
We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
---
 .../plugins/kernel_wfp/kernel_wfp_compat.h          | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h')

diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h b/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h
index 9c9addbea..a2aa1d80b 100644
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h
@@ -86,6 +86,27 @@ enum {
 	FWPM_FILTER_FLAG_DISABLED =								(1<<5),
 };
 
+/* missing in MinGW */
+enum {
+	IPSEC_SA_BUNDLE_FLAG_ND_SECURE =							(1<< 0),
+	IPSEC_SA_BUNDLE_FLAG_ND_BOUNDARY =							(1<< 1),
+	IPSEC_SA_BUNDLE_FLAG_ND_PEER_NAT_BOUNDARY =					(1<< 2),
+	IPSEC_SA_BUNDLE_FLAG_GUARANTEE_ENCRYPTION =					(1<< 3),
+	IPSEC_SA_BUNDLE_FLAG_NLB =									(1<< 4),
+	IPSEC_SA_BUNDLE_FLAG_NO_MACHINE_LUID_VERIFY =				(1<< 5),
+	IPSEC_SA_BUNDLE_FLAG_NO_IMPERSONATION_LUID_VERIFY =			(1<< 6),
+	IPSEC_SA_BUNDLE_FLAG_NO_EXPLICIT_CRED_MATCH =				(1<< 7),
+	IPSEC_SA_BUNDLE_FLAG_ALLOW_NULL_TARGET_NAME_MATCH =			(1<< 9),
+	IPSEC_SA_BUNDLE_FLAG_CLEAR_DF_ON_TUNNEL =					(1<<10),
+	IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND =			(1<<11),
+	IPSEC_SA_BUNDLE_FLAG_ND_PEER_BOUNDARY =						(1<<12),
+	IPSEC_SA_BUNDLE_FLAG_SUPPRESS_DUPLICATE_DELETION =			(1<<13),
+	IPSEC_SA_BUNDLE_FLAG_PEER_SUPPORTS_GUARANTEE_ENCRYPTION =	(1<<14),
+	IPSEC_SA_BUNDLE_FLAG_FORCE_INBOUND_CONNECTIONS =			(1<<15),
+	IPSEC_SA_BUNDLE_FLAG_FORCE_OUTBOUND_CONNECTIONS =			(1<<16),
+	IPSEC_SA_BUNDLE_FLAG_FORWARD_PATH_INITIATOR =				(1<<17),
+};
+
 DWORD WINAPI FwpmIPsecTunnelAdd0(HANDLE, UINT32,
 	const FWPM_PROVIDER_CONTEXT0*, const FWPM_PROVIDER_CONTEXT0*, UINT32,
 	const FWPM_FILTER_CONDITION0*, PSECURITY_DESCRIPTOR);
-- 
cgit v1.2.3