AnyConnect Secure Mobility Client  4.10.08029
GlobalEnums.h
1 /*******************************************************************************
2 * COPYRIGHT 2007 - Cisco Systems
3 * All Rights Reserved
4 ********************************************************************************
5 **
6 ** GlobalEnums.h
7 **
8 ** Contains enumerations used in the API and TLV classes.
9 **
10 *********************************************************************************/
11 
12 #ifndef __GLOBALENUMS_H
13 #define __GLOBALENUMS_H
14 
15 /***** PUT ONLY ENUMS IN THIS FILE AS IT IS ALSO USED BY THE MIDL COMPILER *****\
16 \******************** This is also compiled with IDL compiler **********************/
17 
18 enum ConnectProtocolType
19 {
20  PROTOCOL_TYPE_UNKNOWN = 0,
21  PROTOCOL_TYPE_SSL,
22  PROTOCOL_TYPE_IPSEC,
23 };
24 
25 enum ProtocolVersion
26 {
27  PROTO_VERSION_UNKNOWN = 0,
28  PROTO_VERSION_TLS10 = 1,
29  PROTO_VERSION_SSL30 = 2,
30  PROTO_VERSION_DTLS10 = 3,
31  PROTO_VERSION_IPSEC = 4,
32  PROTO_VERSION_IPSEC_NAT_T = 5,
33  PROTO_VERSION_TLS11 = 6,
34  PROTO_VERSION_TLS12 = 7,
35  PROTO_VERSION_DTLS12 = 8,
36  PROTO_VERSION_TLS13 = 9,
37 };
38 
39 enum ProtocolCipher
40 {
41  PROTO_CIPHER_UNKNOWN = 0,
42  PROTO_CIPHER_RSA_RC4_128_MD5 = 1,
43  PROTO_CIPHER_RSA_RC4_128_SHA1 = 2,
44  PROTO_CIPHER_RSA_DES_56_SHA1 = 3,
45  PROTO_CIPHER_RSA_3DES_168_SHA1 = 4,
46  PROTO_CIPHER_RSA_AES_128_SHA1 = 5,
47  PROTO_CIPHER_RSA_AES_256_SHA1 = 6,
48  PROTO_CIPHER_ENC_NULL_MD5 = 7,
49  PROTO_CIPHER_ENC_NULL_SHA1 = 8,
50  PROTO_CIPHER_RC4_128 = 9,
51  PROTO_CIPHER_RC4_128_MD5 = 10,
52  PROTO_CIPHER_RC4_128_SHA1 = 11,
53  PROTO_CIPHER_DES_56 = 12,
54  PROTO_CIPHER_DES_56_MD5 = 13,
55  PROTO_CIPHER_DES_56_SHA1 = 14,
56  PROTO_CIPHER_DES_56_SHA256 = 15,
57  PROTO_CIPHER_DES_56_SHA384 = 16,
58  PROTO_CIPHER_DES_56_SHA512 = 17,
59  PROTO_CIPHER_3DES_168 = 18,
60  PROTO_CIPHER_3DES_168_MD5 = 19,
61  PROTO_CIPHER_3DES_168_SHA1 = 20,
62  PROTO_CIPHER_3DES_168_SHA256 = 21,
63  PROTO_CIPHER_3DES_168_SHA384 = 22,
64  PROTO_CIPHER_3DES_168_SHA512 = 23,
65  PROTO_CIPHER_AES_128 = 24,
66  PROTO_CIPHER_AES_128_MD5 = 25,
67  PROTO_CIPHER_AES_128_SHA1 = 26,
68  PROTO_CIPHER_AES_128_SHA256 = 27,
69  PROTO_CIPHER_AES_128_SHA384 = 28,
70  PROTO_CIPHER_AES_128_SHA512 = 29,
71  PROTO_CIPHER_AES_192 = 30,
72  PROTO_CIPHER_AES_192_MD5 = 31,
73  PROTO_CIPHER_AES_192_SHA1 = 32,
74  PROTO_CIPHER_AES_192_SHA256 = 33,
75  PROTO_CIPHER_AES_192_SHA384 = 34,
76  PROTO_CIPHER_AES_192_SHA512 = 35,
77  PROTO_CIPHER_AES_256 = 36,
78  PROTO_CIPHER_AES_256_MD5 = 37,
79  PROTO_CIPHER_AES_256_SHA1 = 38,
80  PROTO_CIPHER_AES_256_SHA256 = 39,
81  PROTO_CIPHER_AES_256_SHA384 = 40,
82  PROTO_CIPHER_AES_256_SHA512 = 41,
83  PROTO_CIPHER_AES_128_GCM = 42,
84  PROTO_CIPHER_AES_192_GCM = 43,
85  PROTO_CIPHER_AES_256_GCM = 44,
86  PROTO_CIPHER_RSA_AES_128_SHA256 = 45, // TLS 1.2
87  PROTO_CIPHER_RSA_AES_256_SHA256 = 46,
88  PROTO_CIPHER_DHE_RSA_AES_128_SHA256 = 47,
89  PROTO_CIPHER_DHE_RSA_AES_256_SHA256 = 48,
90  PROTO_CIPHER_ECDHE_ECDSA_AES256_GCM_SHA384 = 49, // TLS 1.2 phase 2
91  PROTO_CIPHER_ECDHE_RSA_AES256_GCM_SHA384 = 50,
92  PROTO_CIPHER_DHE_RSA_AES256_GCM_SHA384 = 51,
93  PROTO_CIPHER_AES256_GCM_SHA384 = 52,
94  PROTO_CIPHER_ECDHE_ECDSA_AES256_SHA384 = 53,
95  PROTO_CIPHER_ECDHE_RSA_AES256_SHA384 = 54,
96  PROTO_CIPHER_ECDHE_ECDSA_AES128_GCM_SHA256 = 55,
97  PROTO_CIPHER_ECDHE_RSA_AES128_GCM_SHA256 = 56,
98  PROTO_CIPHER_DHE_RSA_AES128_GCM_SHA256 = 57,
99  PROTO_CIPHER_AES128_GCM_SHA256 = 58,
100  PROTO_CIPHER_ECDHE_ECDSA_AES128_SHA256 = 59,
101  PROTO_CIPHER_ECDHE_RSA_AES128_SHA256 = 60,
102  PROTO_CIPHER_DHE_RSA_AES256_SHA = 61,
103  PROTO_CIPHER_DHE_RSA_AES128_SHA = 62
104 };
105 
106 typedef enum
107 {
108  COMPR_NONE = 0,
109  COMPR_DEFLATE = 1,
110  COMPR_LZS = 2
111 } COMPR_ALGORITHM;
112 
113 /*
114 ** Tunnel states
115 ** New states must be added to the end of the list.
116 ** Downloader tests states, so altering existing states requires verification
117 ** that there won't be backward compability issues with downloader.
118 */
119 //BUGBUG Suggested by Marc: Rename the STATE enum and its values.
120 //BUGBUG We should probably change the enum name from STATE to VPNCON_STATE and
121 //BUGBUG the prefixes on the values from STATE_ to VCS_ (for VPN connection state).
122 //BUGBUG The API and GUI code have to deal with a number of different states, and the
123 //BUGBUG generically named STATE is not very self documenting.
124 //BUGBUG It's a throw back from the very earliest code for SSL VPN.
125 typedef enum
126 {
127  STATE_CONNECTING,
128  STATE_CONNECTED,
129  STATE_RECONNECTING,
130  STATE_DISCONNECTING,
131  STATE_DISCONNECTED,
132  STATE_PAUSING,
133  STATE_PAUSED,
134  STATE_AUTHENTICATING,
135  STATE_SSOPOLLING, // Api is doing the auth-poll.
136  STATE_UNDEFINED,
137 } STATE;
138 
139 /*
140 ** Tunnel sub-states
141 ** New sub-states must be added to the end of the list.
142 ** Sub-states are meant to provide additional details, if necessary, about
143 ** any of the VPN connection states.
144 ** Substates prefixed with "VCSS_MT_" correspond to the management tunnel.
145 */
146 enum VPNCON_SUBSTATE
147 {
148  VCSS_NORMAL = 0,
149  VCSS_INDEFINITE_DELAY = (1 << 0),
150  VCSS_SESSION_EXPIRING = (1 << 1),
151  VCSS_MT_DISCONNECTED_DISABLED = (1 << 2),
152  VCSS_MT_DISCONNECTED_TRUSTED_NW = (1 << 3),
153  VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE = (1 << 4),
154  VCSS_MT_DISCONNECTED_LAUNCH_FAILED = (1 << 5),
155  VCSS_MT_DISCONNECTED_CONNECT_FAILED = (1 << 6),
156  VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG = (1 << 7),
157  VCSS_MT_DISCONNECTED_SW_UP_PENDING = (1 << 8),
158  VCSS_MTU_ADJUSTMENT_PENDING = (1 << 9)
159 };
160 
161 typedef enum
162 {
163  NCS_RESTRICTED = 0, //a client configuration has been applied to the endpoints
164  //operating system configuration
165  NCS_PARTIAL_RESTRICTED_CAPTIVE_PORTAL, //a client configuration has been applied to the
166  //endpoints operating system configuration to allow
167  //captive portal remediation
168  NCS_UNRESTRICTED //the endpoints operating system configuration is not currently altered by the client
169 } NETCTRL_STATE;
170 
171 
172 // Note that while these values are defined like a bitmap, the network environment state
173 // is not used as a bitmap. No two values are ever combined. They are used like linear
174 // values. The bitmap arrangement of values is to enable testing for many possible values
175 // all at once in a single compare without having to do a series of compares against
176 // different linear values.
177 //
178 typedef enum
179 {
180  NES_NO_NETWORK_INTERFACE = (1 << 0),
181  NES_NO_PUBLIC_INTERFACE = (1 << 1),
182  NES_NO_DNS_CONNECTIVITY = (1 << 2),
183  NES_CAPTIVE_PORTAL_DETECTED = (1 << 3),
184  NES_AUTH_PROXY_DETECTED = (1 << 4),
185  NES_NETWORK_ACCESSIBLE = (1 << 5),
186  NES_SECURE_GATEWAY_ACCESSIBLE = (1 << 6)
187 } NETENV_STATE;
188 
189 
190 // Trusted Network Detection types.
191 typedef enum
192 {
193  NT_TRUSTED,
194  NT_UNTRUSTED,
195  NT_UNDEFINED
196 } NETWORK_TYPE;
197 
198 // Firewall enums
199 typedef enum
200 { FW_PERMISSION_UNKNOWN,
201  FW_PERMISSION_PERMIT,
202  FW_PERMISSION_DENY
203 } FW_Permission;
204 
205 typedef enum
206 { FW_PROTOCOL_UNKNOWN,
207  FW_PROTOCOL_TCP,
208  FW_PROTOCOL_UDP,
209  FW_PROTOCOL_ICMP,
210  FW_PROTOCOL_ANY
211 } FW_Protocol;
212 
213 typedef enum
214 {
215  FW_INTERFACE_UNKNOWN,
216  FW_INTERFACE_PUBLIC,
217  FW_INTERFACE_PRIVATE
218 } FW_Interface;
219 
220 typedef enum
221 {
222  FW_RULE_DIRECTION_IN,
223  FW_RULE_DIRECTION_OUT,
224  FW_RULE_DIRECTION_BOTH
225 } FW_Rule_Direction;
226 
227 typedef enum
228 {
229  MUS_STATUS_UNKNOWN = 0,
230  MUS_STATUS_ENABLED,
231  MUS_STATUS_DISABLED,
232  MUS_STATUS_UNCONFIRMED
233 } MUS_STATUS;
234 
235 // These can be used to get/set an automatic preference value using the
236 // generic UserPreferences.getAutomaticPreferenceValue() and
237 // setAutomaticPreferenceValue() methods, rather than using the individual
238 // getters/setters.
239 typedef enum
240 {
241  HeadendSelectionCacheId = 0,
242  DefaultUserId,
243  DefaultSecondUserId,
244  DefaultHostId,
245  DefaultGroupId,
246  ProxyHostId,
247  ProxyPortId,
248  SDITokenTypeId,
249  NoSDITokenId,
250  ClientCertThumbprintId,
251  ServerCertThumbprintId,
252  UnknownAutomaticPreference
253 } AutoPreferenceId ;
254 
255 // Used to determine if CPublicProxies, CPrivateProxies or no proxies should be used.
256 typedef enum
257 {
258  TRANSPORT_PROXY_NONE,
259  TRANSPORT_PROXY_PUBLIC,
260  TRANSPORT_PROXY_CURRENT
261 } TRANSPORT_PROXY_TYPE;
262 
263 // user authentication methods
264 // these are shared between Agent and API
265 //
266 // Note that IKE PSK is supported for reconnects only. The API can never
267 // initiate an IPsec connection using IKE PSK authentication.
268 typedef enum
269 {
270  USER_AUTH_UNKNOWN = 0,
271  USER_AUTH_SSL_MACHINE_STORE_CERT,
272  USER_AUTH_IKE_PSK,
273  USER_AUTH_IKE_RSA,
274  USER_AUTH_IKE_ECDSA,
275  USER_AUTH_IKE_EAP_MD5,
276  USER_AUTH_IKE_EAP_MSCHAPv2,
277  USER_AUTH_IKE_EAP_GTC,
278  USER_AUTH_IKE_EAP_ANYCONNECT, // Default
279 } USER_AUTH_METHOD;
280 
281 typedef enum
282 {
283  CFR_NONE = 0,
284  CFR_HOST_UNREACHABLE,
285 } CONNECT_FAILURE_REASON;
286 
287 typedef enum
288 {
289  DYN_SPLIT_TUN_EXC,
290  DYN_SPLIT_TUN_INC
291 } DYN_SPLIT_TUN_TYPE;
292 
293 typedef enum
294 {
295  VPN_TUNNEL_SCOPE_USER,
296  VPN_TUNNEL_SCOPE_MACHINE,
297  VPN_TUNNEL_SCOPE_UNDEFINED
298 } VPN_TUNNEL_SCOPE;
299 
300 #define IS_USER_TUNNEL(x) (VPN_TUNNEL_SCOPE_USER == x)
301 #define IS_MGMT_TUNNEL(x) (VPN_TUNNEL_SCOPE_MACHINE == x)
302 
303 #endif // __GLOBALENUMS_H