![]() |
AnyConnect Secure Mobility Client 5.1.9.113
|
00001 /******************************************************************************* 00002 * Copyright (c) 2007, 2022 Cisco Systems Inc. 00003 * All Rights Reserved. Cisco Highly Confidential. 00004 ******************************************************************************** 00005 ** 00006 ** GlobalEnums.h 00007 ** 00008 ** Contains enumerations used in the API and TLV classes. 00009 ** 00010 *********************************************************************************/ 00011 00012 #ifndef __GLOBALENUMS_H 00013 #define __GLOBALENUMS_H 00014 00015 /***** PUT ONLY ENUMS IN THIS FILE AS IT IS ALSO USED BY THE MIDL COMPILER *****\ 00016 \******************** This is also compiled with IDL compiler **********************/ 00017 00018 enum ConnectProtocolType 00019 { 00020 PROTOCOL_TYPE_UNKNOWN = 0, 00021 PROTOCOL_TYPE_SSL, 00022 PROTOCOL_TYPE_IPSEC, 00023 }; 00024 00025 enum ProtocolVersion 00026 { 00027 PROTO_VERSION_UNKNOWN = 0, 00028 PROTO_VERSION_TLS10 = 1, 00029 PROTO_VERSION_SSL30 = 2, 00030 PROTO_VERSION_DTLS10 = 3, 00031 PROTO_VERSION_IPSEC = 4, 00032 PROTO_VERSION_IPSEC_NAT_T = 5, 00033 PROTO_VERSION_TLS11 = 6, 00034 PROTO_VERSION_TLS12 = 7, 00035 PROTO_VERSION_DTLS12 = 8, 00036 PROTO_VERSION_TLS13 = 9, 00037 }; 00038 00039 enum ProtocolCipher 00040 { 00041 PROTO_CIPHER_UNKNOWN = 0, 00042 PROTO_CIPHER_RSA_RC4_128_MD5 = 1, 00043 PROTO_CIPHER_RSA_RC4_128_SHA1 = 2, 00044 PROTO_CIPHER_RSA_DES_56_SHA1 = 3, 00045 PROTO_CIPHER_RSA_3DES_168_SHA1 = 4, 00046 PROTO_CIPHER_RSA_AES_128_SHA1 = 5, 00047 PROTO_CIPHER_RSA_AES_256_SHA1 = 6, 00048 PROTO_CIPHER_ENC_NULL_MD5 = 7, 00049 PROTO_CIPHER_ENC_NULL_SHA1 = 8, 00050 PROTO_CIPHER_RC4_128 = 9, 00051 PROTO_CIPHER_RC4_128_MD5 = 10, 00052 PROTO_CIPHER_RC4_128_SHA1 = 11, 00053 PROTO_CIPHER_DES_56 = 12, 00054 PROTO_CIPHER_DES_56_MD5 = 13, 00055 PROTO_CIPHER_DES_56_SHA1 = 14, 00056 PROTO_CIPHER_DES_56_SHA256 = 15, 00057 PROTO_CIPHER_DES_56_SHA384 = 16, 00058 PROTO_CIPHER_DES_56_SHA512 = 17, 00059 PROTO_CIPHER_3DES_168 = 18, 00060 PROTO_CIPHER_3DES_168_MD5 = 19, 00061 PROTO_CIPHER_3DES_168_SHA1 = 20, 00062 PROTO_CIPHER_3DES_168_SHA256 = 21, 00063 PROTO_CIPHER_3DES_168_SHA384 = 22, 00064 PROTO_CIPHER_3DES_168_SHA512 = 23, 00065 PROTO_CIPHER_AES_128 = 24, 00066 PROTO_CIPHER_AES_128_MD5 = 25, 00067 PROTO_CIPHER_AES_128_SHA1 = 26, 00068 PROTO_CIPHER_AES_128_SHA256 = 27, 00069 PROTO_CIPHER_AES_128_SHA384 = 28, 00070 PROTO_CIPHER_AES_128_SHA512 = 29, 00071 PROTO_CIPHER_AES_192 = 30, 00072 PROTO_CIPHER_AES_192_MD5 = 31, 00073 PROTO_CIPHER_AES_192_SHA1 = 32, 00074 PROTO_CIPHER_AES_192_SHA256 = 33, 00075 PROTO_CIPHER_AES_192_SHA384 = 34, 00076 PROTO_CIPHER_AES_192_SHA512 = 35, 00077 PROTO_CIPHER_AES_256 = 36, 00078 PROTO_CIPHER_AES_256_MD5 = 37, 00079 PROTO_CIPHER_AES_256_SHA1 = 38, 00080 PROTO_CIPHER_AES_256_SHA256 = 39, 00081 PROTO_CIPHER_AES_256_SHA384 = 40, 00082 PROTO_CIPHER_AES_256_SHA512 = 41, 00083 PROTO_CIPHER_AES_128_GCM = 42, 00084 PROTO_CIPHER_AES_192_GCM = 43, 00085 PROTO_CIPHER_AES_256_GCM = 44, 00086 PROTO_CIPHER_RSA_AES_128_SHA256 = 45, // TLS 1.2 00087 PROTO_CIPHER_RSA_AES_256_SHA256 = 46, 00088 PROTO_CIPHER_DHE_RSA_AES_128_SHA256 = 47, 00089 PROTO_CIPHER_DHE_RSA_AES_256_SHA256 = 48, 00090 PROTO_CIPHER_ECDHE_ECDSA_AES256_GCM_SHA384 = 49, // TLS 1.2 phase 2 00091 PROTO_CIPHER_ECDHE_RSA_AES256_GCM_SHA384 = 50, 00092 PROTO_CIPHER_DHE_RSA_AES256_GCM_SHA384 = 51, 00093 PROTO_CIPHER_AES256_GCM_SHA384 = 52, 00094 PROTO_CIPHER_ECDHE_ECDSA_AES256_SHA384 = 53, 00095 PROTO_CIPHER_ECDHE_RSA_AES256_SHA384 = 54, 00096 PROTO_CIPHER_ECDHE_ECDSA_AES128_GCM_SHA256 = 55, 00097 PROTO_CIPHER_ECDHE_RSA_AES128_GCM_SHA256 = 56, 00098 PROTO_CIPHER_DHE_RSA_AES128_GCM_SHA256 = 57, 00099 PROTO_CIPHER_AES128_GCM_SHA256 = 58, 00100 PROTO_CIPHER_ECDHE_ECDSA_AES128_SHA256 = 59, 00101 PROTO_CIPHER_ECDHE_RSA_AES128_SHA256 = 60, 00102 PROTO_CIPHER_DHE_RSA_AES256_SHA = 61, 00103 PROTO_CIPHER_DHE_RSA_AES128_SHA = 62, 00104 PROTO_CIPHER_AES_128_GCM_SHA256 = 63, // TLS 1.3 00105 PROTO_CIPHER_AES_256_GCM_SHA384 = 64, 00106 PROTO_CIPHER_CHACHA20_POLY1305_SHA256 = 65, 00107 PROTO_CIPHER_AES_128_CCM_SHA256 = 66 00108 }; 00109 00110 typedef enum 00111 { 00112 COMPR_NONE = 0, 00113 COMPR_DEFLATE = 1, 00114 COMPR_LZS = 2 00115 } COMPR_ALGORITHM; 00116 00117 /* 00118 ** VPN Session States 00119 ** New states must be added to the end of the list. 00120 ** Downloader tests states, so altering existing states requires verification 00121 ** that there won't be backward compability issues with downloader. 00122 */ 00123 //BUGBUG Suggested by Marc: Rename the STATE enum and its symbolic values. 00124 //BUGBUG We should probably change the enum name from STATE to VPNSES_STATE and 00125 //BUGBUG the prefixes on the values from STATE_ to VSS_ (for VPN session state). 00126 //BUGBUG The API and GUI code have to deal with a number of different states, and the 00127 //BUGBUG generically named STATE is not very self documenting. 00128 //BUGBUG It's a throw back from the very earliest code for SSL VPN. 00129 typedef enum 00130 { 00131 STATE_CONNECTING, 00132 STATE_CONNECTED, 00133 STATE_RECONNECTING, 00134 STATE_DISCONNECTING, 00135 STATE_DISCONNECTED, 00136 STATE_PAUSING, 00137 STATE_PAUSED, 00138 STATE_AUTHENTICATING, 00139 STATE_SSOPOLLING, // Api is doing the auth-poll. 00140 STATE_UNDEFINED, 00141 } STATE; 00142 00143 /* 00144 ** Tunnel sub-states 00145 ** New sub-states must be added to the end of the list. 00146 ** Sub-states are meant to provide additional details, if necessary, about 00147 ** any of the VPN connection states. 00148 ** Substates prefixed with "VCSS_MT_" correspond to the management tunnel. 00149 */ 00150 enum VPNCON_SUBSTATE 00151 { 00152 VCSS_NORMAL = 0, 00153 VCSS_INDEFINITE_DELAY = (1 << 0), 00154 VCSS_SESSION_EXPIRING = (1 << 1), 00155 VCSS_MT_DISCONNECTED_DISABLED = (1 << 2), 00156 VCSS_MT_DISCONNECTED_TRUSTED_NW = (1 << 3), 00157 VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE = (1 << 4), 00158 VCSS_MT_DISCONNECTED_LAUNCH_FAILED = (1 << 5), 00159 VCSS_MT_DISCONNECTED_CONNECT_FAILED = (1 << 6), 00160 VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG = (1 << 7), 00161 VCSS_MT_DISCONNECTED_SW_UP_PENDING = (1 << 8), 00162 VCSS_MTU_ADJUSTMENT_PENDING = (1 << 9) 00163 }; 00164 00165 typedef enum 00166 { 00167 NCS_RESTRICTED = 0, //a client configuration has been applied to the endpoints 00168 //operating system configuration 00169 NCS_PARTIAL_RESTRICTED_CAPTIVE_PORTAL, //a client configuration has been applied to the 00170 //endpoints operating system configuration to allow 00171 //captive portal remediation 00172 NCS_UNRESTRICTED //the endpoints operating system configuration is not currently altered by the client 00173 } NETCTRL_STATE; 00174 00175 00176 // Note that while these values are defined like a bitmap, the network environment state 00177 // is not used as a bitmap. No two values are ever combined. They are used like linear 00178 // values. The bitmap arrangement of values is to enable testing for many possible values 00179 // all at once in a single compare without having to do a series of compares against 00180 // different linear values. 00181 // 00182 typedef enum 00183 { 00184 NES_NO_NETWORK_INTERFACE = (1 << 0), 00185 NES_NO_PUBLIC_INTERFACE = (1 << 1), 00186 NES_NO_DNS_CONNECTIVITY = (1 << 2), 00187 NES_CAPTIVE_PORTAL_DETECTED = (1 << 3), 00188 NES_AUTH_PROXY_DETECTED = (1 << 4), 00189 NES_NETWORK_ACCESSIBLE = (1 << 5), 00190 NES_SECURE_GATEWAY_ACCESSIBLE = (1 << 6) 00191 } NETENV_STATE; 00192 00193 00194 // Trusted Network Detection types. 00195 typedef enum 00196 { 00197 NT_TRUSTED, 00198 NT_UNTRUSTED, 00199 NT_UNDEFINED 00200 } NETWORK_TYPE; 00201 00202 // Firewall enums 00203 typedef enum 00204 { FW_PERMISSION_UNKNOWN, 00205 FW_PERMISSION_PERMIT, 00206 FW_PERMISSION_DENY 00207 } FW_Permission; 00208 00209 typedef enum 00210 { FW_PROTOCOL_UNKNOWN, 00211 FW_PROTOCOL_TCP, 00212 FW_PROTOCOL_UDP, 00213 FW_PROTOCOL_ICMP, 00214 FW_PROTOCOL_ANY 00215 } FW_Protocol; 00216 00217 typedef enum 00218 { 00219 FW_INTERFACE_UNKNOWN, 00220 FW_INTERFACE_PUBLIC, 00221 FW_INTERFACE_PRIVATE 00222 } FW_Interface; 00223 00224 typedef enum 00225 { 00226 FW_RULE_DIRECTION_IN, 00227 FW_RULE_DIRECTION_OUT, 00228 FW_RULE_DIRECTION_BOTH 00229 } FW_Rule_Direction; 00230 00231 typedef enum 00232 { 00233 MUS_STATUS_UNKNOWN = 0, 00234 MUS_STATUS_ENABLED, 00235 MUS_STATUS_DISABLED, 00236 MUS_STATUS_UNCONFIRMED 00237 } MUS_STATUS; 00238 00239 // These can be used to get/set an automatic preference value using the 00240 // generic UserPreferences.getAutomaticPreferenceValue() and 00241 // setAutomaticPreferenceValue() methods, rather than using the individual 00242 // getters/setters. 00243 typedef enum 00244 { 00245 HeadendSelectionCacheId = 0, 00246 DefaultUserId, 00247 DefaultSecondUserId, 00248 DefaultHostId, 00249 DefaultGroupId, 00250 ProxyHostId, 00251 ProxyPortId, 00252 SDITokenTypeId, 00253 NoSDITokenId, 00254 ClientCertThumbprintId, 00255 ServerCertThumbprintId, 00256 UnknownAutomaticPreference 00257 } AutoPreferenceId ; 00258 00259 // Used to determine if CPublicProxies, CPrivateProxies or no proxies should be used. 00260 typedef enum 00261 { 00262 TRANSPORT_PROXY_NONE, 00263 TRANSPORT_PROXY_PUBLIC, 00264 TRANSPORT_PROXY_CURRENT 00265 } TRANSPORT_PROXY_TYPE; 00266 00267 // user authentication methods 00268 // these are shared between Agent and API 00269 // 00270 // Note that IKE PSK is supported for reconnects only. The API can never 00271 // initiate an IPsec connection using IKE PSK authentication. 00272 typedef enum 00273 { 00274 USER_AUTH_UNKNOWN = 0, 00275 USER_AUTH_SSL_MACHINE_STORE_CERT, 00276 USER_AUTH_IKE_PSK, 00277 USER_AUTH_IKE_RSA, 00278 USER_AUTH_IKE_ECDSA, 00279 USER_AUTH_IKE_EAP_MD5, 00280 USER_AUTH_IKE_EAP_MSCHAPv2, 00281 USER_AUTH_IKE_EAP_GTC, 00282 USER_AUTH_IKE_EAP_ANYCONNECT, // Default 00283 } USER_AUTH_METHOD; 00284 00285 typedef enum 00286 { 00287 CFR_NONE = 0, 00288 CFR_HOST_UNREACHABLE, 00289 } CONNECT_FAILURE_REASON; 00290 00291 typedef enum 00292 { 00293 DYN_SPLIT_TUN_EXC, 00294 DYN_SPLIT_TUN_INC 00295 } DYN_SPLIT_TUN_TYPE; 00296 00297 typedef enum 00298 { 00299 VPN_TUNNEL_SCOPE_USER, 00300 VPN_TUNNEL_SCOPE_MACHINE, 00301 VPN_TUNNEL_SCOPE_UNDEFINED 00302 } VPN_TUNNEL_SCOPE; 00303 00304 #define IS_USER_TUNNEL(x) (VPN_TUNNEL_SCOPE_USER == x) 00305 #define IS_MGMT_TUNNEL(x) (VPN_TUNNEL_SCOPE_MACHINE == x) 00306 00307 #endif // __GLOBALENUMS_H