AnyConnect Secure Mobility Client  5.1.2.42
GlobalEnums.h
1 /*******************************************************************************
2 * Copyright (c) 2007, 2022 Cisco Systems Inc.
3 * All Rights Reserved. Cisco Highly Confidential.
4 ********************************************************************************
5 **
6 ** GlobalEnums.h
7 **
8 ** Contains enumerations used in the API and TLV classes.
9 **
10 *********************************************************************************/
11 
12 #ifndef __GLOBALENUMS_H
13 #define __GLOBALENUMS_H
14 
15 /***** PUT ONLY ENUMS IN THIS FILE AS IT IS ALSO USED BY THE MIDL COMPILER *****\
16 \******************** This is also compiled with IDL compiler **********************/
17 
18 enum ConnectProtocolType
19 {
20  PROTOCOL_TYPE_UNKNOWN = 0,
21  PROTOCOL_TYPE_SSL,
22  PROTOCOL_TYPE_IPSEC,
23 };
24 
25 enum ProtocolVersion
26 {
27  PROTO_VERSION_UNKNOWN = 0,
28  PROTO_VERSION_TLS10 = 1,
29  PROTO_VERSION_SSL30 = 2,
30  PROTO_VERSION_DTLS10 = 3,
31  PROTO_VERSION_IPSEC = 4,
32  PROTO_VERSION_IPSEC_NAT_T = 5,
33  PROTO_VERSION_TLS11 = 6,
34  PROTO_VERSION_TLS12 = 7,
35  PROTO_VERSION_DTLS12 = 8,
36  PROTO_VERSION_TLS13 = 9,
37 };
38 
39 enum ProtocolCipher
40 {
41  PROTO_CIPHER_UNKNOWN = 0,
42  PROTO_CIPHER_RSA_RC4_128_MD5 = 1,
43  PROTO_CIPHER_RSA_RC4_128_SHA1 = 2,
44  PROTO_CIPHER_RSA_DES_56_SHA1 = 3,
45  PROTO_CIPHER_RSA_3DES_168_SHA1 = 4,
46  PROTO_CIPHER_RSA_AES_128_SHA1 = 5,
47  PROTO_CIPHER_RSA_AES_256_SHA1 = 6,
48  PROTO_CIPHER_ENC_NULL_MD5 = 7,
49  PROTO_CIPHER_ENC_NULL_SHA1 = 8,
50  PROTO_CIPHER_RC4_128 = 9,
51  PROTO_CIPHER_RC4_128_MD5 = 10,
52  PROTO_CIPHER_RC4_128_SHA1 = 11,
53  PROTO_CIPHER_DES_56 = 12,
54  PROTO_CIPHER_DES_56_MD5 = 13,
55  PROTO_CIPHER_DES_56_SHA1 = 14,
56  PROTO_CIPHER_DES_56_SHA256 = 15,
57  PROTO_CIPHER_DES_56_SHA384 = 16,
58  PROTO_CIPHER_DES_56_SHA512 = 17,
59  PROTO_CIPHER_3DES_168 = 18,
60  PROTO_CIPHER_3DES_168_MD5 = 19,
61  PROTO_CIPHER_3DES_168_SHA1 = 20,
62  PROTO_CIPHER_3DES_168_SHA256 = 21,
63  PROTO_CIPHER_3DES_168_SHA384 = 22,
64  PROTO_CIPHER_3DES_168_SHA512 = 23,
65  PROTO_CIPHER_AES_128 = 24,
66  PROTO_CIPHER_AES_128_MD5 = 25,
67  PROTO_CIPHER_AES_128_SHA1 = 26,
68  PROTO_CIPHER_AES_128_SHA256 = 27,
69  PROTO_CIPHER_AES_128_SHA384 = 28,
70  PROTO_CIPHER_AES_128_SHA512 = 29,
71  PROTO_CIPHER_AES_192 = 30,
72  PROTO_CIPHER_AES_192_MD5 = 31,
73  PROTO_CIPHER_AES_192_SHA1 = 32,
74  PROTO_CIPHER_AES_192_SHA256 = 33,
75  PROTO_CIPHER_AES_192_SHA384 = 34,
76  PROTO_CIPHER_AES_192_SHA512 = 35,
77  PROTO_CIPHER_AES_256 = 36,
78  PROTO_CIPHER_AES_256_MD5 = 37,
79  PROTO_CIPHER_AES_256_SHA1 = 38,
80  PROTO_CIPHER_AES_256_SHA256 = 39,
81  PROTO_CIPHER_AES_256_SHA384 = 40,
82  PROTO_CIPHER_AES_256_SHA512 = 41,
83  PROTO_CIPHER_AES_128_GCM = 42,
84  PROTO_CIPHER_AES_192_GCM = 43,
85  PROTO_CIPHER_AES_256_GCM = 44,
86  PROTO_CIPHER_RSA_AES_128_SHA256 = 45, // TLS 1.2
87  PROTO_CIPHER_RSA_AES_256_SHA256 = 46,
88  PROTO_CIPHER_DHE_RSA_AES_128_SHA256 = 47,
89  PROTO_CIPHER_DHE_RSA_AES_256_SHA256 = 48,
90  PROTO_CIPHER_ECDHE_ECDSA_AES256_GCM_SHA384 = 49, // TLS 1.2 phase 2
91  PROTO_CIPHER_ECDHE_RSA_AES256_GCM_SHA384 = 50,
92  PROTO_CIPHER_DHE_RSA_AES256_GCM_SHA384 = 51,
93  PROTO_CIPHER_AES256_GCM_SHA384 = 52,
94  PROTO_CIPHER_ECDHE_ECDSA_AES256_SHA384 = 53,
95  PROTO_CIPHER_ECDHE_RSA_AES256_SHA384 = 54,
96  PROTO_CIPHER_ECDHE_ECDSA_AES128_GCM_SHA256 = 55,
97  PROTO_CIPHER_ECDHE_RSA_AES128_GCM_SHA256 = 56,
98  PROTO_CIPHER_DHE_RSA_AES128_GCM_SHA256 = 57,
99  PROTO_CIPHER_AES128_GCM_SHA256 = 58,
100  PROTO_CIPHER_ECDHE_ECDSA_AES128_SHA256 = 59,
101  PROTO_CIPHER_ECDHE_RSA_AES128_SHA256 = 60,
102  PROTO_CIPHER_DHE_RSA_AES256_SHA = 61,
103  PROTO_CIPHER_DHE_RSA_AES128_SHA = 62,
104  PROTO_CIPHER_AES_128_GCM_SHA256 = 63, // TLS 1.3
105  PROTO_CIPHER_AES_256_GCM_SHA384 = 64,
106  PROTO_CIPHER_CHACHA20_POLY1305_SHA256 = 65,
107  PROTO_CIPHER_AES_128_CCM_SHA256 = 66
108 };
109 
110 typedef enum
111 {
112  COMPR_NONE = 0,
113  COMPR_DEFLATE = 1,
114  COMPR_LZS = 2
115 } COMPR_ALGORITHM;
116 
117 /*
118 ** VPN Session States
119 ** New states must be added to the end of the list.
120 ** Downloader tests states, so altering existing states requires verification
121 ** that there won't be backward compability issues with downloader.
122 */
123 //BUGBUG Suggested by Marc: Rename the STATE enum and its symbolic values.
124 //BUGBUG We should probably change the enum name from STATE to VPNSES_STATE and
125 //BUGBUG the prefixes on the values from STATE_ to VSS_ (for VPN session state).
126 //BUGBUG The API and GUI code have to deal with a number of different states, and the
127 //BUGBUG generically named STATE is not very self documenting.
128 //BUGBUG It's a throw back from the very earliest code for SSL VPN.
129 typedef enum
130 {
131  STATE_CONNECTING,
132  STATE_CONNECTED,
133  STATE_RECONNECTING,
134  STATE_DISCONNECTING,
135  STATE_DISCONNECTED,
136  STATE_PAUSING,
137  STATE_PAUSED,
138  STATE_AUTHENTICATING,
139  STATE_SSOPOLLING, // Api is doing the auth-poll.
140  STATE_UNDEFINED,
141 } STATE;
142 
143 /*
144 ** Tunnel sub-states
145 ** New sub-states must be added to the end of the list.
146 ** Sub-states are meant to provide additional details, if necessary, about
147 ** any of the VPN connection states.
148 ** Substates prefixed with "VCSS_MT_" correspond to the management tunnel.
149 */
150 enum VPNCON_SUBSTATE
151 {
152  VCSS_NORMAL = 0,
153  VCSS_INDEFINITE_DELAY = (1 << 0),
154  VCSS_SESSION_EXPIRING = (1 << 1),
155  VCSS_MT_DISCONNECTED_DISABLED = (1 << 2),
156  VCSS_MT_DISCONNECTED_TRUSTED_NW = (1 << 3),
157  VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE = (1 << 4),
158  VCSS_MT_DISCONNECTED_LAUNCH_FAILED = (1 << 5),
159  VCSS_MT_DISCONNECTED_CONNECT_FAILED = (1 << 6),
160  VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG = (1 << 7),
161  VCSS_MT_DISCONNECTED_SW_UP_PENDING = (1 << 8),
162  VCSS_MTU_ADJUSTMENT_PENDING = (1 << 9)
163 };
164 
165 typedef enum
166 {
167  NCS_RESTRICTED = 0, //a client configuration has been applied to the endpoints
168  //operating system configuration
169  NCS_PARTIAL_RESTRICTED_CAPTIVE_PORTAL, //a client configuration has been applied to the
170  //endpoints operating system configuration to allow
171  //captive portal remediation
172  NCS_UNRESTRICTED //the endpoints operating system configuration is not currently altered by the client
173 } NETCTRL_STATE;
174 
175 
176 // Note that while these values are defined like a bitmap, the network environment state
177 // is not used as a bitmap. No two values are ever combined. They are used like linear
178 // values. The bitmap arrangement of values is to enable testing for many possible values
179 // all at once in a single compare without having to do a series of compares against
180 // different linear values.
181 //
182 typedef enum
183 {
184  NES_NO_NETWORK_INTERFACE = (1 << 0),
185  NES_NO_PUBLIC_INTERFACE = (1 << 1),
186  NES_NO_DNS_CONNECTIVITY = (1 << 2),
187  NES_CAPTIVE_PORTAL_DETECTED = (1 << 3),
188  NES_AUTH_PROXY_DETECTED = (1 << 4),
189  NES_NETWORK_ACCESSIBLE = (1 << 5),
190  NES_SECURE_GATEWAY_ACCESSIBLE = (1 << 6)
191 } NETENV_STATE;
192 
193 
194 // Trusted Network Detection types.
195 typedef enum
196 {
197  NT_TRUSTED,
198  NT_UNTRUSTED,
199  NT_UNDEFINED
200 } NETWORK_TYPE;
201 
202 // Firewall enums
203 typedef enum
204 { FW_PERMISSION_UNKNOWN,
205  FW_PERMISSION_PERMIT,
206  FW_PERMISSION_DENY
207 } FW_Permission;
208 
209 typedef enum
210 { FW_PROTOCOL_UNKNOWN,
211  FW_PROTOCOL_TCP,
212  FW_PROTOCOL_UDP,
213  FW_PROTOCOL_ICMP,
214  FW_PROTOCOL_ANY
215 } FW_Protocol;
216 
217 typedef enum
218 {
219  FW_INTERFACE_UNKNOWN,
220  FW_INTERFACE_PUBLIC,
221  FW_INTERFACE_PRIVATE
222 } FW_Interface;
223 
224 typedef enum
225 {
226  FW_RULE_DIRECTION_IN,
227  FW_RULE_DIRECTION_OUT,
228  FW_RULE_DIRECTION_BOTH
229 } FW_Rule_Direction;
230 
231 typedef enum
232 {
233  MUS_STATUS_UNKNOWN = 0,
234  MUS_STATUS_ENABLED,
235  MUS_STATUS_DISABLED,
236  MUS_STATUS_UNCONFIRMED
237 } MUS_STATUS;
238 
239 // These can be used to get/set an automatic preference value using the
240 // generic UserPreferences.getAutomaticPreferenceValue() and
241 // setAutomaticPreferenceValue() methods, rather than using the individual
242 // getters/setters.
243 typedef enum
244 {
245  HeadendSelectionCacheId = 0,
246  DefaultUserId,
247  DefaultSecondUserId,
248  DefaultHostId,
249  DefaultGroupId,
250  ProxyHostId,
251  ProxyPortId,
252  SDITokenTypeId,
253  NoSDITokenId,
254  ClientCertThumbprintId,
255  ServerCertThumbprintId,
256  UnknownAutomaticPreference
257 } AutoPreferenceId ;
258 
259 // Used to determine if CPublicProxies, CPrivateProxies or no proxies should be used.
260 typedef enum
261 {
262  TRANSPORT_PROXY_NONE,
263  TRANSPORT_PROXY_PUBLIC,
264  TRANSPORT_PROXY_CURRENT
265 } TRANSPORT_PROXY_TYPE;
266 
267 // user authentication methods
268 // these are shared between Agent and API
269 //
270 // Note that IKE PSK is supported for reconnects only. The API can never
271 // initiate an IPsec connection using IKE PSK authentication.
272 typedef enum
273 {
274  USER_AUTH_UNKNOWN = 0,
275  USER_AUTH_SSL_MACHINE_STORE_CERT,
276  USER_AUTH_IKE_PSK,
277  USER_AUTH_IKE_RSA,
278  USER_AUTH_IKE_ECDSA,
279  USER_AUTH_IKE_EAP_MD5,
280  USER_AUTH_IKE_EAP_MSCHAPv2,
281  USER_AUTH_IKE_EAP_GTC,
282  USER_AUTH_IKE_EAP_ANYCONNECT, // Default
283 } USER_AUTH_METHOD;
284 
285 typedef enum
286 {
287  CFR_NONE = 0,
288  CFR_HOST_UNREACHABLE,
289 } CONNECT_FAILURE_REASON;
290 
291 typedef enum
292 {
293  DYN_SPLIT_TUN_EXC,
294  DYN_SPLIT_TUN_INC
295 } DYN_SPLIT_TUN_TYPE;
296 
297 typedef enum
298 {
299  VPN_TUNNEL_SCOPE_USER,
300  VPN_TUNNEL_SCOPE_MACHINE,
301  VPN_TUNNEL_SCOPE_UNDEFINED
302 } VPN_TUNNEL_SCOPE;
303 
304 #define IS_USER_TUNNEL(x) (VPN_TUNNEL_SCOPE_USER == x)
305 #define IS_MGMT_TUNNEL(x) (VPN_TUNNEL_SCOPE_MACHINE == x)
306 
307 #endif // __GLOBALENUMS_H