v4.43-9799-beta

src/Cedar/CM.c

@@ -5910,6 +5910,7 @@ void CmConfigDlgInit(HWND hWnd)
 	}
 
 	Check(hWnd, R_ALLOW_REMOTE_CONFIG, c.AllowRemoteConfig);
+	Check(hWnd, R_TUNNELCRACK, c.EnableTunnelCrackProtect);
 
 	Check(hWnd, R_USE_KEEP_CONNECT, c.UseKeepConnect);
 	SetTextA(hWnd, E_HOSTNAME, c.KeepConnectHost);
@@ -5936,6 +5937,15 @@ void CmConfigDlgInit(HWND hWnd)
 		Disable(hWnd, R_ALPHA);
 	}
 
+	if (OS_IS_WINDOWS_NT(cm->Client->OsType))
+	{
+		Enable(hWnd, R_TUNNELCRACK);
+	}
+	else
+	{
+		Disable(hWnd, R_TUNNELCRACK);
+	}
+
 	CmConfigDlgRefresh(hWnd);
 }
 
@@ -6015,6 +6025,7 @@ void CmConfigDlgOnOk(HWND hWnd)
 
 	Zero(&c, sizeof(c));
 	c.AllowRemoteConfig = IsChecked(hWnd, R_ALLOW_REMOTE_CONFIG);
+	c.EnableTunnelCrackProtect = IsChecked(hWnd, R_TUNNELCRACK);
 	c.UseKeepConnect = IsChecked(hWnd, R_USE_KEEP_CONNECT);
 	GetTxtA(hWnd, E_HOSTNAME, c.KeepConnectHost, sizeof(c.KeepConnectHost));
 	c.KeepConnectPort = GetInt(hWnd, E_PORT);

src/Cedar/Cedar.h

@@ -126,10 +126,10 @@
 
 
 // Version number
-#define	CEDAR_VER					442
+#define	CEDAR_VER					443
 
 // Build Number
-#define	CEDAR_BUILD					9798
+#define	CEDAR_BUILD					9799
 
 // Beta number
 //#define	BETA_NUMBER					3
@@ -149,11 +149,11 @@
 
 // Specifies the build date
 #define	BUILD_DATE_Y		2023
-#define	BUILD_DATE_M		6
-#define	BUILD_DATE_D		30
+#define	BUILD_DATE_M		8
+#define	BUILD_DATE_D		31
 #define	BUILD_DATE_HO		10
-#define	BUILD_DATE_MI		47
-#define	BUILD_DATE_SE		4
+#define	BUILD_DATE_MI		30
+#define	BUILD_DATE_SE		0
 
 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)
@@ -183,7 +183,6 @@
 //////////////////////////////////////////////////////////////////////
 
 #define	MAX_ACCOUNT_NAME_LEN		255		// Maximum account name length
-#define	MAX_USERNAME_LEN			255		// User name maximum length
 #define	MAX_PASSWORD_LEN			255		// Password name maximum length
 #define	MAX_PROXY_USERNAME_LEN		255		// Proxy user name maximum length
 #define	MAX_PROXY_PASSWORD_LEN		255		// Proxy Password maximum length
@@ -194,10 +193,8 @@
 #define	MAX_CONNECTION_NAME_LEN		255		// Maximum length of connection name
 #define	MAX_DEVICE_NAME_LEN			31		// Device name maximum length
 #define	MAX_DEVICE_NAME_LEN_9X		4		// Maximum length of Virtual LAN card name in Win9x
-#define	MAX_ACCESSLIST_NOTE_LEN		255		// Maximum length of the note of access list entry
 #define	MAX_SECURE_DEVICE_FILE_LEN	255		// Secure device file name maximum length
 #define	MAX_ADMIN_OPTION_NAME_LEN	63		// Management option name
-#define	MAX_REDIRECT_URL_LEN		255		// URL length to redirect
 
 
 //////////////////////////////////////////////////////////////////////

src/Cedar/CedarType.h

@@ -213,7 +213,6 @@ typedef struct HUB_OPTION HUB_OPTION;
 typedef struct MAC_TABLE_ENTRY MAC_TABLE_ENTRY;
 typedef struct IP_TABLE_ENTRY IP_TABLE_ENTRY;
 typedef struct LOOP_LIST LOOP_LIST;
-typedef struct ACCESS ACCESS;
 typedef struct TICKET TICKET;
 typedef struct TRAFFIC_DIFF TRAFFIC_DIFF;
 typedef struct HUB HUB;

src/Cedar/Client.c

@@ -3935,6 +3935,7 @@ void InRpcClientConfig(CLIENT_CONFIG *c, PACK *p)
 	c->KeepConnectProtocol = PackGetInt(p, "KeepConnectProtocol");
 	c->KeepConnectInterval = PackGetInt(p, "KeepConnectInterval");
 	c->AllowRemoteConfig = PackGetInt(p, "AllowRemoteConfig") == 0 ? false : true;
+	c->EnableTunnelCrackProtect = PackGetInt(p, "EnableTunnelCrackProtect") == 0 ? false : true;
 	PackGetStr(p, "KeepConnectHost", c->KeepConnectHost, sizeof(c->KeepConnectHost));
 }
 void OutRpcClientConfig(PACK *p, CLIENT_CONFIG *c)
@@ -3950,6 +3951,7 @@ void OutRpcClientConfig(PACK *p, CLIENT_CONFIG *c)
 	PackAddInt(p, "KeepConnectProtocol", c->KeepConnectProtocol);
 	PackAddInt(p, "KeepConnectInterval", c->KeepConnectInterval);
 	PackAddInt(p, "AllowRemoteConfig", c->AllowRemoteConfig);
+	PackAddInt(p, "EnableTunnelCrackProtect", c->EnableTunnelCrackProtect);
 	PackAddStr(p, "KeepConnectHost", c->KeepConnectHost);
 }
 
@@ -9501,6 +9503,8 @@ void CiLoadClientConfig(CLIENT_CONFIG *c, FOLDER *f)
 	c->KeepConnectInterval = MAKESURE(CfgGetInt(f, "KeepConnectInterval"), KEEP_INTERVAL_MIN, KEEP_INTERVAL_MAX);
 	c->NoChangeWcmNetworkSettingOnWindows8 = CfgGetBool(f, "NoChangeWcmNetworkSettingOnWindows8");
 
+	c->EnableTunnelCrackProtect = CfgGetBool(f, "EnableTunnelCrackProtect");
+
 	if (CfgIsItem(f, "DisableRpcDynamicPortListener"))
 	{
 		c->DisableRpcDynamicPortListener = CfgGetBool(f, "DisableRpcDynamicPortListener");
@@ -10066,6 +10070,7 @@ void CiWriteClientConfig(FOLDER *cc, CLIENT_CONFIG *config)
 	CfgAddInt(cc, "KeepConnectInterval", config->KeepConnectInterval);
 	CfgAddBool(cc, "NoChangeWcmNetworkSettingOnWindows8", config->NoChangeWcmNetworkSettingOnWindows8);
 	CfgAddBool(cc, "DisableRpcDynamicPortListener", config->DisableRpcDynamicPortListener);
+	CfgAddBool(cc, "EnableTunnelCrackProtect", config->EnableTunnelCrackProtect);
 }
 
 // Write the client authentication data

src/Cedar/Client.h

@@ -187,6 +187,7 @@ struct CLIENT_CONFIG
 	UINT KeepConnectInterval;				// Interval
 	bool NoChangeWcmNetworkSettingOnWindows8;	// Don't change the WCM network settings on Windows 8
 	bool DisableRpcDynamicPortListener;
+	bool EnableTunnelCrackProtect;
 };
 
 // Version acquisition

src/Cedar/Command.c

@@ -14786,55 +14786,6 @@ bool StrToPassOrDiscard(char *str)
 	return false;
 }
 
-// Convert the string to the protocol
-UINT StrToProtocol(char *str)
-{
-	if (IsEmptyStr(str))
-	{
-		return 0;
-	}
-
-	if (StartWith("ip", str))
-	{
-		return 0;
-	}
-	else if (StartWith("tcp", str))
-	{
-		return IP_PROTO_TCP;
-	}
-	else if (StartWith("udp", str))
-	{
-		return IP_PROTO_UDP;
-	}
-	else if (StartWith("icmpv4", str))
-	{
-		return IP_PROTO_ICMPV4;
-	}
-	else if (StartWith("icmpv6", str))
-	{
-		return IP_PROTO_ICMPV6;
-	}
-
-	if (ToInt(str) == 0)
-	{
-		if (StrCmpi(str, "0") == 0)
-		{
-			return 0;
-		}
-		else
-		{
-			return INFINITE;
-		}
-	}
-
-	if (ToInt(str) >= 256)
-	{
-		return INFINITE;
-	}
-
-	return ToInt(str);
-}
-
 // Check the protocol name
 bool CmdEvalProtocol(CONSOLE *c, wchar_t *str, void *param)
 {

src/Cedar/Command.h

@@ -356,7 +356,6 @@ void CmdPrintStatusToListViewEx(CT *ct, RPC_CLIENT_GET_CONNECTION_STATUS *s, boo
 bool CmdEvalPassOrDiscard(CONSOLE *c, wchar_t *str, void *param);
 bool StrToPassOrDiscard(char *str);
 bool CmdEvalProtocol(CONSOLE *c, wchar_t *str, void *param);
-UINT StrToProtocol(char *str);
 bool CmdEvalPortRange(CONSOLE *c, wchar_t *str, void *param);
 bool ParsePortRange(char *str, UINT *start, UINT *end);
 wchar_t *GetAuthTypeStr(UINT id);

src/Cedar/Hub.h

@@ -306,58 +306,6 @@ struct LOOP_LIST
 	SESSION **Session;
 };
 
-// Access list
-struct ACCESS
-{
-	// IPv4
-	UINT Id;							// ID
-	wchar_t Note[MAX_ACCESSLIST_NOTE_LEN + 1];	// Note
-
-	// --- Please add items to the bottom of here for enhancements ---
-	bool Active;						// Enable flag
-	UINT Priority;						// Priority
-	bool Discard;						// Discard flag
-	UINT SrcIpAddress;					// Source IP address
-	UINT SrcSubnetMask;					// Source subnet mask
-	UINT DestIpAddress;					// Destination IP address
-	UINT DestSubnetMask;				// Destination subnet mask
-	UINT Protocol;						// Protocol
-	UINT SrcPortStart;					// Source port number starting point
-	UINT SrcPortEnd;					// Source port number end point
-	UINT DestPortStart;					// Destination port number starting point
-	UINT DestPortEnd;					// Destination port number end point
-	UINT64 SrcUsernameHash;				// Source user name hash
-	bool IsSrcUsernameIncludeOrExclude;	// The source user name is formed as the "include:" or "exclude:"
-	char SrcUsername[MAX_USERNAME_LEN + 1];
-	bool IsDestUsernameIncludeOrExclude;	// The destination user name is formed as "include:" or "exclude:"
-	UINT64 DestUsernameHash;			// Destination user name hash
-	char DestUsername[MAX_USERNAME_LEN + 1];
-	bool CheckSrcMac;					// Presence of a source MAC address setting
-	UCHAR SrcMacAddress[6];				// Source MAC address
-	UCHAR SrcMacMask[6];				// Source MAC address mask
-	bool CheckDstMac;					// Whether the setting of the destination MAC address exists
-	UCHAR DstMacAddress[6];				// Destination MAC address
-	UCHAR DstMacMask[6];				// Destination MAC address mask
-	bool CheckTcpState;					// The state of the TCP connection
-	bool Established;					// Establieshed(TCP)
-	UINT Delay;							// Delay
-	UINT Jitter;						// Jitter
-	UINT Loss;							// Packet loss
-	char RedirectUrl[MAX_REDIRECT_URL_LEN + 1];	// URL to redirect to
-
-	// IPv6
-	bool IsIPv6;						// Whether it's an IPv6
-	IPV6_ADDR SrcIpAddress6;			// The source IP address (IPv6)
-	IPV6_ADDR SrcSubnetMask6;			// Source subnet mask (IPv6)
-	IPV6_ADDR DestIpAddress6;			// Destination IP address (IPv6)
-	IPV6_ADDR DestSubnetMask6;			// Destination subnet mask (IPv6)
-
-	// --- Please add items to the above of here for enhancements ---
-
-	// For management
-	UINT UniqueId;						// Unique ID
-};
-
 // Ticket
 struct TICKET
 {

src/Cedar/VLanWin32.c

@@ -1148,6 +1148,12 @@ void VLanPaFree(SESSION *s)
 	}
 
 	t = v->RouteState;
+
+	if (v->TunnelCrackFw != NULL)
+	{
+		StopTunnelCrackFw(v->TunnelCrackFw);
+	}
+
 	// End the virtual LAN card
 	FreeVLan(v);
 
@@ -1156,6 +1162,7 @@ void VLanPaFree(SESSION *s)
 	{
 		RouteTrackingStop(s, t);
 	}
+
 	s->PacketAdapter->Param = NULL;
 }
 
@@ -1250,6 +1257,18 @@ bool VLanPaInit(SESSION *s)
 		RouteTrackingStart(s);
 	}
 
+	if (s->Cedar->Client != NULL && s->Cedar->Client->Config.EnableTunnelCrackProtect)
+	{
+		if (IsZeroIP(&s->ServerIP) == false)
+		{
+			TUNNELCRACK_FW_PARAM p = CLEAN;
+
+			InitTunnelCrackFwParamForVpn(&p, &s->ServerIP);
+
+			v->TunnelCrackFw = StartTunnelCrackFw(&p);
+		}
+	}
+
 	return true;
 }
 

src/Cedar/VLanWin32.h

@@ -151,6 +151,7 @@ struct VLAN
 	UINT CurrentPacketCount;	// Packet number to be read next
 	void *PutBuffer;			// Buffer for writing received packet
 	ROUTE_TRACKING *RouteState;	// Routing tracking state machine
+	TUNNELCRACK_FW *TunnelCrackFw; // TunnelCrack FW
 };
 
 // Instance list

src/CurrentBuild.txt

@@ -1,4 +1,4 @@
-BUILD_NUMBER 9798
-VERSION 442
-BUILD_NAME rtm
-BUILD_DATE 20230630_104704
+BUILD_NUMBER 9799
+VERSION 443
+BUILD_NAME beta
+BUILD_DATE 20230831_103000

src/Mayaqua/Internat.c

@@ -1580,6 +1580,26 @@ UINT UtfToUni(wchar_t *unistr, UINT size, char *utfstr)
 	return UniStrLen(unistr);
 }
 
+void UniTrimDoubleQuotation(wchar_t *str)
+{
+	if (str == NULL || UniStrLen(str) <= 2)
+	{
+		return;
+	}
+
+	if (UniStartWith(str, L"\"") && UniEndWith(str, L"\""))
+	{
+		UINT len;
+
+		UniStrCpy(str, 0, str + 1);
+		len = UniStrLen(str);
+		if (len >= 1)
+		{
+			str[len - 1] = 0;
+		}
+	}
+}
+
 // Copy the UTF-8 string to a Unicode string
 wchar_t *CopyUtfToUni(char *utfstr)
 {

src/Mayaqua/Internat.h

@@ -180,11 +180,13 @@ UINT StrToUtf(char *utfstr, UINT size, char *str);
 UINT UtfToStr(char *str, UINT size, char *utfstr);
 UINT UniToUtf(char *utfstr, UINT size, wchar_t *unistr);
 UINT UtfToUni(wchar_t *unistr, UINT size, char *utfstr);
+void UniTrimDoubleQuotation(wchar_t *str);
 char *CopyUniToUtf(wchar_t *unistr);
 char *CopyStrToUtf(char *str);
 char *CopyUniToStr(wchar_t *unistr);
 wchar_t *CopyUtfToUni(char *utfstr);
 char *CopyUtfToStr(char *utfstr);
+wchar_t *CopyUtfToUni(char *utfstr);
 wchar_t *UniReplaceFormatStringFor64(wchar_t *fmt);
 void UniToStr64(wchar_t *str, UINT64 value);
 UINT64 UniToInt64(wchar_t *str);

src/Mayaqua/MayaType.h

@@ -539,6 +539,9 @@ typedef struct PROXY_PROTOCOL PROXY_PROTOCOL;
 typedef struct SSL_CTX_SHARED SSL_CTX_SHARED;
 typedef struct SSL_CTX_SHARED_SETTINGS2 SSL_CTX_SHARED_SETTINGS2;
 typedef struct SSL_CTX_SHARED_SETTINGS SSL_CTX_SHARED_SETTINGS;
+typedef struct ACCESS ACCESS;
+typedef struct TUNNELCRACK_FW TUNNELCRACK_FW;
+typedef struct TUNNELCRACK_FW_PARAM TUNNELCRACK_FW_PARAM;
 
 // Tick64.h
 typedef struct ADJUST_TIME ADJUST_TIME;

src/Mayaqua/Microsoft.c

@@ -12547,6 +12547,19 @@ bool MsDetermineIsLockedByWtsApi()
 	return wts_is_locked_flag;
 }
 
+// New GUID
+void MsNewGuid(void *guid)
+{
+	if (guid == NULL)
+	{
+		return;
+	}
+
+	Zero(guid, sizeof(GUID));
+
+	CoCreateGuid(guid);
+}
+
 // IsLocked Window Proc
 LRESULT CALLBACK MsIsLockedWindowHandlerWindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam)
 {

src/Mayaqua/Microsoft.h

@@ -747,7 +747,7 @@ void MsFreeIsLocked(MS_ISLOCKED *d);
 void MsStartIsLockedThread();
 void MsStopIsLockedThread();
 bool MsDetermineIsLockedByWtsApi();
-
+void MsNewGuid(void *guid);
 
 bool MsShutdown(bool reboot, bool force);
 bool MsShutdownEx(bool reboot, bool force, UINT time_limit, char *message);

src/Mayaqua/Network.c

@@ -123,6 +123,8 @@
 #include <ws2ipdef.h>
 #include <netioapi.h>
 #include <Icmpapi.h>
+#include <fixed_Fwpmu.h>
+#include <fixed_Fwpmtypes.h>
 #endif	// WIN32
 
 #include <stdio.h>
@@ -155,6 +157,190 @@ struct ROUTE_CHANGE_DATA
 	HANDLE Handle;
 	UINT NumCalled;
 };
+
+
+// For WFP
+// API function
+typedef struct DU_WFP_FUNCTIONS
+{
+	DWORD (WINAPI *FwpmEngineOpen0)(
+		IN OPTIONAL const wchar_t* serverName,
+		IN UINT32 authnService,
+		IN OPTIONAL SEC_WINNT_AUTH_IDENTITY_W* authIdentity,
+		IN OPTIONAL const FWPM_SESSION0* session,
+		OUT HANDLE* engineHandle
+		);
+
+	DWORD (WINAPI *FwpmEngineClose0)(IN HANDLE engineHandle);
+
+	void (WINAPI *FwpmFreeMemory0)(IN OUT void** p);
+
+	DWORD (WINAPI *FwpmFilterAdd0)(
+		IN HANDLE engineHandle,
+		IN const FWPM_FILTER0* filter,
+		IN OPTIONAL PSECURITY_DESCRIPTOR sd,
+		OUT OPTIONAL UINT64* id
+		);
+
+	DWORD (WINAPI *IPsecSaContextCreate0)(
+		IN HANDLE engineHandle,
+		IN const IPSEC_TRAFFIC0* outboundTraffic,
+		OUT OPTIONAL UINT64* inboundFilterId,
+		OUT UINT64* id
+		);
+
+	DWORD (WINAPI *IPsecSaContextGetSpi0)(
+		IN HANDLE engineHandle,
+		IN UINT64 id,
+		IN const IPSEC_GETSPI0* getSpi,
+		OUT IPSEC_SA_SPI* inboundSpi
+		);
+
+	DWORD (WINAPI *IPsecSaContextAddInbound0)(
+		IN HANDLE engineHandle,
+		IN UINT64 id,
+		IN const IPSEC_SA_BUNDLE0* inboundBundle
+		);
+
+	DWORD (WINAPI *IPsecSaContextAddOutbound0)(
+		IN HANDLE engineHandle,
+		IN UINT64 id,
+		IN const IPSEC_SA_BUNDLE0* outboundBundle
+		);
+
+	DWORD (WINAPI *FwpmCalloutAdd0)(
+		IN HANDLE engineHandle,
+		IN const FWPM_CALLOUT0* callout,
+		IN OPTIONAL PSECURITY_DESCRIPTOR sd,
+		OUT OPTIONAL UINT32* id
+		);
+
+	DWORD (WINAPI *FwpmSubLayerAdd0)(
+		IN HANDLE engineHandle,
+		IN const FWPM_SUBLAYER0 *subLayer,
+		IN OPTIONAL PSECURITY_DESCRIPTOR sd
+		);
+
+	DWORD (WINAPI *FwpmProviderAdd0)(
+		IN HANDLE engineHandle,
+		IN const FWPM_PROVIDER0 *provider,
+		IN OPTIONAL PSECURITY_DESCRIPTOR sd
+		);
+
+	DWORD (WINAPI *FwpmGetAppIdFromFileName0)(
+		IN PCWSTR fileName,
+		OUT FWP_BYTE_BLOB **appId
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventCreateEnumHandle0)(
+		__in HANDLE engineHandle,
+		__in_opt const FWPM_NET_EVENT_ENUM_TEMPLATE0 *enumTemplate,
+		__out HANDLE *enumHandle
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventEnum0)(
+		__in HANDLE engineHandle,
+		__in HANDLE enumHandle,
+		__in UINT32 numEntriesRequested,
+		__deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT1 ***entries,
+		__out UINT32 *numEntriesReturned
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventEnum1)(
+		__in HANDLE engineHandle,
+		__in HANDLE enumHandle,
+		__in UINT32 numEntriesRequested,
+		__deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT1 ***entries,
+		__out UINT32 *numEntriesReturned
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventEnum2)(
+		__in HANDLE engineHandle,
+		__in HANDLE enumHandle,
+		__in UINT32 numEntriesRequested,
+		__deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT1 ***entries,
+		__out UINT32 *numEntriesReturned
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventEnum3)(
+		__in HANDLE engineHandle,
+		__in HANDLE enumHandle,
+		__in UINT32 numEntriesRequested,
+		__deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT1 ***entries,
+		__out UINT32 *numEntriesReturned
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventEnum4)(
+		__in HANDLE engineHandle,
+		__in HANDLE enumHandle,
+		__in UINT32 numEntriesRequested,
+		__deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT1 ***entries,
+		__out UINT32 *numEntriesReturned
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventEnum5)(
+		__in HANDLE engineHandle,
+		__in HANDLE enumHandle,
+		__in UINT32 numEntriesRequested,
+		__deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT1 ***entries,
+		__out UINT32 *numEntriesReturned
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventDestroyEnumHandle0)(
+		__in HANDLE engineHandle,
+		__inout HANDLE enumHandle
+		);
+
+	DWORD
+		(WINAPI *FwpmEngineGetOption0)(
+		__in HANDLE engineHandle,
+		__in FWPM_ENGINE_OPTION option,
+		__deref_out FWP_VALUE0 **value
+		);
+
+	DWORD
+		(WINAPI *FwpmEngineSetOption0)(
+		__in HANDLE engineHandle,
+		__in FWPM_ENGINE_OPTION option,
+		__in const FWP_VALUE0 *newValue
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventSubscribe0)(
+		__in HANDLE engineHandle,
+		__in const FWPM_NET_EVENT_SUBSCRIPTION0 *subscription,
+		__in FWPM_NET_EVENT_CALLBACK0 callback,
+		__in_opt void *context,
+		__out HANDLE *eventsHandle
+		);
+
+	DWORD
+		(WINAPI *FwpmNetEventUnsubscribe0)(
+		__in HANDLE engineHandle,
+		__inout HANDLE eventsHandle
+		);
+
+
+	DWORD
+		(WINAPI *FwpmLayerGetByKey0)(
+		__in HANDLE engineHandle,
+		__in const GUID *key,
+		__deref_out FWPM_LAYER0 **layer
+		);
+
+} DU_WFP_FUNCTIONS;
+
+static DU_WFP_FUNCTIONS *du_wfp_api = NULL;
+static HINSTANCE du_wfp_dll = NULL;
+
 #endif	// OS_WIN32
 
 // Whether the blocking occurs in SSL
@@ -23933,3 +24119,1330 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
 
 	return ret;
 }
+
+
+// Convert the string to the protocol
+UINT StrToProtocol(char *str)
+{
+	if (IsEmptyStr(str))
+	{
+		return 0;
+	}
+
+	if (StartWith("ip", str))
+	{
+		return 0;
+	}
+	else if (StartWith("tcp", str))
+	{
+		return IP_PROTO_TCP;
+	}
+	else if (StartWith("udp", str))
+	{
+		return IP_PROTO_UDP;
+	}
+	else if (StartWith("icmpv4", str))
+	{
+		return IP_PROTO_ICMPV4;
+	}
+	else if (StartWith("icmpv6", str))
+	{
+		return IP_PROTO_ICMPV6;
+	}
+
+	if (ToInt(str) == 0)
+	{
+		if (StrCmpi(str, "0") == 0)
+		{
+			return 0;
+		}
+		else
+		{
+			return INFINITE;
+		}
+	}
+
+	if (ToInt(str) >= 256)
+	{
+		return INFINITE;
+	}
+
+	return ToInt(str);
+}
+
+
+#ifdef OS_WIN32
+
+// Initialization of the API
+bool DuInitWfpApi()
+{
+	if (du_wfp_api != NULL)
+	{
+		return true;
+	}
+
+	if (du_wfp_dll == NULL)
+	{
+		du_wfp_dll = LoadLibraryA("FWPUCLNT.DLL");
+	}
+
+	if (du_wfp_dll == NULL)
+	{
+		return false;
+	}
+
+	du_wfp_api = malloc(sizeof(DU_WFP_FUNCTIONS));
+	Zero(du_wfp_api, sizeof(DU_WFP_FUNCTIONS));
+
+	du_wfp_api->FwpmEngineOpen0 = 
+		(DWORD (__stdcall *)(const wchar_t *,UINT32,SEC_WINNT_AUTH_IDENTITY_W *,const FWPM_SESSION0 *,HANDLE *))
+		GetProcAddress(du_wfp_dll, "FwpmEngineOpen0");
+
+	du_wfp_api->FwpmEngineClose0 =
+		(DWORD (__stdcall *)(HANDLE))
+		GetProcAddress(du_wfp_dll, "FwpmEngineClose0");
+
+	du_wfp_api->FwpmFreeMemory0 =
+		(void (__stdcall *)(void **))
+		GetProcAddress(du_wfp_dll, "FwpmFreeMemory0");
+
+	du_wfp_api->FwpmFilterAdd0 =
+		(DWORD (__stdcall *)(HANDLE,const FWPM_FILTER0 *,PSECURITY_DESCRIPTOR,UINT64 *))
+		GetProcAddress(du_wfp_dll, "FwpmFilterAdd0");
+
+	du_wfp_api->IPsecSaContextCreate0 =
+		(DWORD (__stdcall *)(HANDLE,const IPSEC_TRAFFIC0 *,UINT64 *,UINT64 *))
+		GetProcAddress(du_wfp_dll, "IPsecSaContextCreate0");
+
+	du_wfp_api->IPsecSaContextGetSpi0 =
+		(DWORD (__stdcall *)(HANDLE,UINT64,const IPSEC_GETSPI0 *,IPSEC_SA_SPI *))
+		GetProcAddress(du_wfp_dll, "IPsecSaContextGetSpi0");
+
+	du_wfp_api->IPsecSaContextAddInbound0 =
+		(DWORD (__stdcall *)(HANDLE,UINT64,const IPSEC_SA_BUNDLE0 *))
+		GetProcAddress(du_wfp_dll, "IPsecSaContextAddInbound0");
+
+	du_wfp_api->IPsecSaContextAddOutbound0 =
+		(DWORD (__stdcall *)(HANDLE,UINT64,const IPSEC_SA_BUNDLE0 *))
+		GetProcAddress(du_wfp_dll, "IPsecSaContextAddOutbound0");
+
+	du_wfp_api->FwpmCalloutAdd0 =
+		(DWORD (__stdcall *)(HANDLE,const FWPM_CALLOUT0 *,PSECURITY_DESCRIPTOR,UINT32 *))
+		GetProcAddress(du_wfp_dll, "FwpmCalloutAdd0");
+
+	du_wfp_api->FwpmSubLayerAdd0 =
+		(DWORD(__stdcall *)(HANDLE, const FWPM_SUBLAYER0 *, PSECURITY_DESCRIPTOR))
+		GetProcAddress(du_wfp_dll, "FwpmSubLayerAdd0");
+
+	du_wfp_api->FwpmProviderAdd0 =
+		(DWORD(__stdcall *)(HANDLE, const FWPM_PROVIDER0 *, PSECURITY_DESCRIPTOR))
+		GetProcAddress(du_wfp_dll, "FwpmProviderAdd0");
+
+	du_wfp_api->FwpmGetAppIdFromFileName0 =
+		(DWORD(__stdcall *)(PCWSTR, FWP_BYTE_BLOB **))
+		GetProcAddress(du_wfp_dll, "FwpmGetAppIdFromFileName0");
+
+	du_wfp_api->FwpmNetEventCreateEnumHandle0 =
+		(DWORD(__stdcall *)(HANDLE, const FWPM_NET_EVENT_ENUM_TEMPLATE0 *, HANDLE *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventCreateEnumHandle0");
+
+	du_wfp_api->FwpmNetEventEnum0 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE, UINT32, FWPM_NET_EVENT1 ***, UINT32 *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventEnum0");
+
+	du_wfp_api->FwpmNetEventEnum1 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE, UINT32, FWPM_NET_EVENT1 ***, UINT32 *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventEnum1");
+
+	du_wfp_api->FwpmNetEventEnum2 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE, UINT32, FWPM_NET_EVENT1 ***, UINT32 *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventEnum2");
+
+	du_wfp_api->FwpmNetEventEnum3 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE, UINT32, FWPM_NET_EVENT1 ***, UINT32 *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventEnum3");
+
+	du_wfp_api->FwpmNetEventEnum4 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE, UINT32, FWPM_NET_EVENT1 ***, UINT32 *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventEnum4");
+
+	du_wfp_api->FwpmNetEventEnum5 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE, UINT32, FWPM_NET_EVENT1 ***, UINT32 *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventEnum5");
+
+	du_wfp_api->FwpmNetEventDestroyEnumHandle0 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventDestroyEnumHandle0");
+
+	du_wfp_api->FwpmEngineGetOption0 =
+		(DWORD(__stdcall *)(HANDLE, FWPM_ENGINE_OPTION, FWP_VALUE0 **))
+		GetProcAddress(du_wfp_dll, "FwpmEngineGetOption0");
+
+	du_wfp_api->FwpmEngineSetOption0 =
+		(DWORD(__stdcall *)(HANDLE, FWPM_ENGINE_OPTION, const FWP_VALUE0 *))
+		GetProcAddress(du_wfp_dll, "FwpmEngineSetOption0");
+
+	du_wfp_api->FwpmNetEventSubscribe0 =
+		(DWORD(__stdcall *)(HANDLE, const FWPM_NET_EVENT_SUBSCRIPTION0 *, FWPM_NET_EVENT_CALLBACK0, void *, HANDLE *))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventSubscribe0");
+
+	du_wfp_api->FwpmNetEventUnsubscribe0 =
+		(DWORD(__stdcall *)(HANDLE, HANDLE))
+		GetProcAddress(du_wfp_dll, "FwpmNetEventUnsubscribe0");
+
+	du_wfp_api->FwpmLayerGetByKey0 =
+		(DWORD(__stdcall *)(HANDLE, const GUID *, FWPM_LAYER0 **))
+		GetProcAddress(du_wfp_dll, "FwpmLayerGetByKey0");
+
+	if (du_wfp_api->FwpmEngineOpen0 == NULL ||
+		du_wfp_api->FwpmEngineClose0 == NULL ||
+		du_wfp_api->FwpmFreeMemory0 == NULL ||
+		du_wfp_api->FwpmFilterAdd0 == NULL ||
+		du_wfp_api->IPsecSaContextCreate0 == NULL ||
+		du_wfp_api->IPsecSaContextGetSpi0 == NULL ||
+		du_wfp_api->IPsecSaContextAddInbound0 == NULL ||
+		du_wfp_api->IPsecSaContextAddOutbound0 == NULL ||
+		du_wfp_api->FwpmCalloutAdd0 == NULL ||
+		du_wfp_api->FwpmSubLayerAdd0 == NULL ||
+		du_wfp_api->FwpmProviderAdd0 == NULL ||
+		du_wfp_api->FwpmGetAppIdFromFileName0 == NULL ||
+		du_wfp_api->FwpmEngineGetOption0 == NULL ||
+		du_wfp_api->FwpmEngineSetOption0 == NULL ||
+		du_wfp_api->FwpmLayerGetByKey0 == NULL ||
+		false
+		)
+	{
+		free(du_wfp_api);
+		du_wfp_api = NULL;
+		return false;
+	}
+
+	return true;
+}
+
+UINT DuWfpGetLayerIdFromLayerKey(HANDLE hEngine, const GUID *layer_key)
+{
+	FWPM_LAYER0 *t = NULL;
+	UINT ret, layer_id;
+	if (hEngine == NULL || layer_key == NULL)
+	{
+		return INFINITE;
+	}
+
+	ret = du_wfp_api->FwpmLayerGetByKey0(hEngine, layer_key, &t);
+
+	if (ret)
+	{
+		return INFINITE;
+	}
+
+	layer_id = INFINITE;
+
+	if (t != NULL)
+	{
+		layer_id = t->layerId;
+
+		du_wfp_api->FwpmFreeMemory0(&t);
+	}
+
+	return layer_id;
+}
+
+bool DuWfpCreateProvider(HANDLE hEngine, GUID *created_guid, char *name)
+{
+	wchar_t tmp[MAX_PATH] = CLEAN;
+	FWPM_PROVIDER0 t = CLEAN;
+	UINT ret;
+	if (created_guid == NULL)
+	{
+		return false;
+	}
+
+	Zero(created_guid, sizeof(GUID));
+
+	if (IsEmptyStr(name))
+	{
+		name = "untitled provider";
+	}
+
+	StrToUni(tmp, sizeof(tmp), name);
+
+	t.displayData.description = tmp;
+	t.displayData.name = tmp;
+
+	MsNewGuid(&t.providerKey);
+
+	ret = du_wfp_api->FwpmProviderAdd0(hEngine, &t, NULL);
+
+	if (ret)
+	{
+		Debug("FwpmProviderAdd0 Failed: 0x%X\n", ret);
+		return false;
+	}
+
+	Copy(created_guid, &t.providerKey, sizeof(GUID));
+
+	return true;
+}
+
+bool DuWfpCreateSublayer(HANDLE hEngine, GUID *created_guid, GUID *provider_guid, char *name, USHORT weight)
+{
+	wchar_t tmp[MAX_PATH] = CLEAN;
+	FWPM_SUBLAYER0 t = CLEAN;
+	UINT ret;
+	if (created_guid == NULL || provider_guid == NULL)
+	{
+		return false;
+	}
+
+	if (IsEmptyStr(name))
+	{
+		name = "untitled sublayer";
+	}
+
+	StrToUni(tmp, sizeof(tmp), name);
+
+	t.displayData.description = tmp;
+	t.displayData.name = tmp;
+	t.providerKey = provider_guid;
+	t.weight = weight;
+
+	MsNewGuid(&t.subLayerKey);
+
+	ret = du_wfp_api->FwpmSubLayerAdd0(hEngine, &t, NULL);
+
+	if (ret)
+	{
+		Debug("FwpmSubLayerAdd0 Failed: 0x%X\n", ret);
+		return false;
+	}
+
+	Copy(created_guid, &t.subLayerKey, sizeof(GUID));
+
+	return true;
+}
+
+void DuFwpAddTrustedExe(HANDLE hEngine, GUID *provider, GUID *sublayer, UINT index, wchar_t *exe, UINT allowed_directions, bool disable_wow)
+{
+	FWP_BYTE_BLOB *this_app_id = NULL;
+
+	void *wow = NULL;
+
+	if (exe == NULL)
+	{
+		return;
+	}
+
+	if (disable_wow)
+	{
+		MsDisableWow64FileSystemRedirection();
+	}
+
+	if (du_wfp_api->FwpmGetAppIdFromFileName0(exe, &this_app_id))
+	{
+		this_app_id = NULL;
+	}
+
+	MsRestoreWow64FileSystemRedirection(wow);
+
+	if (this_app_id != NULL)
+	{
+		wchar_t name[MAX_SIZE] = CLEAN;
+
+		UINT i, j, k;
+		for (i = 0;i < 3;i++) // transport protocol (TCP, UDP, ICMP)
+		{
+			for (j = 0;j < 2;j++) // network protocol (IPv4, IPv6)
+			{
+				for (k = 0;k < 2;k++) // direction (IN, OUT)
+				{
+					UINT proto = 0;
+					UINT c_index = 0;
+					FWPM_FILTER_CONDITION0 c[10] = CLEAN;
+					UINT flag_exclude_bits = 0;
+					FWPM_FILTER0 filter = CLEAN;
+					UINT64 weight;
+					bool ok = false;
+
+					UniFormat(name, sizeof(name), L"_SeVPNFW ACL %04u: trusted_exe (%u-%u-%u): %s", index, i, j, k, exe);
+
+					// Exclude loopback
+					flag_exclude_bits |= FWP_CONDITION_FLAG_IS_LOOPBACK;
+
+					// Exclude this app
+					if (this_app_id != NULL)
+					{
+						c[c_index].fieldKey = FWPM_CONDITION_ALE_APP_ID;
+						c[c_index].matchType = FWP_MATCH_EQUAL;
+						c[c_index].conditionValue.type = FWP_BYTE_BLOB_TYPE;
+						c[c_index].conditionValue.byteBlob = this_app_id;
+						c_index++;
+					}
+
+					// Protocol
+					c[c_index].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
+					c[c_index].matchType = FWP_MATCH_EQUAL;
+					c[c_index].conditionValue.type = FWP_UINT8;
+
+					switch (i)
+					{
+					case 0:
+						proto = IP_PROTO_TCP;
+						break;
+					case 1:
+						proto = IP_PROTO_UDP;
+						break;
+					case 2:
+						proto = j == 0 ? IP_PROTO_ICMPV4 : IP_PROTO_ICMPV6;
+						break;
+					}
+
+					c[c_index].conditionValue.uint8 = proto;
+					c_index++;
+
+					weight = ((UINT64)~((UINT64)0)) - (UINT64)index;
+
+					Zero(&filter, sizeof(filter));
+					filter.flags = 0;
+
+					if (k == 0)
+					{
+						// Direction: In
+						filter.layerKey = j == 0 ? FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 : FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
+					}
+					else
+					{
+						// Direction: Out
+						filter.layerKey = j == 0 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
+					}
+
+					if (sublayer != NULL)
+					{
+						filter.subLayerKey = *sublayer;
+					}
+					if (provider != NULL)
+					{
+						filter.providerKey = provider;
+					}
+					filter.weight.type = FWP_UINT64;
+					filter.weight.uint64 = &weight;
+					filter.action.type = FWP_ACTION_PERMIT;
+					filter.displayData.name = name;
+
+					filter.filterCondition = c;
+					filter.numFilterConditions = c_index;
+
+					if (k == 0)
+					{
+						// IN
+						if (allowed_directions & FW_PARSED_ACCESS_JITTER_ALLOW_SERVER)
+						{
+							ok = true;
+						}
+					}
+					else if (k == 1)
+					{
+						// OUT
+						if (allowed_directions & FW_PARSED_ACCESS_JITTER_ALLOW_CLIENT)
+						{
+							ok = true;
+						}
+					}
+
+					if (ok)
+					{
+						UINT ret = du_wfp_api->FwpmFilterAdd0(hEngine, &filter, NULL, NULL);
+						if (ret)
+						{
+							Debug("DuFwpAddTrustedExe: FwpmFilterAdd0 Failed: 0x%X\n", ret);
+						}
+					}
+				}
+			}
+		}
+	}
+
+	if (this_app_id != NULL)
+	{
+		du_wfp_api->FwpmFreeMemory0(&this_app_id);
+	}
+}
+
+void DuFwpAddAccess(HANDLE hEngine, GUID *provider, GUID *sublayer, UINT index, ACCESS *a)
+{
+	FWPM_FILTER0 filter = CLEAN;
+	UINT64 weight = ((UINT64)~((UINT64)0)) - (UINT64)index;
+	wchar_t name[MAX_SIZE] = CLEAN;
+	UINT ret;
+	FWPM_FILTER_CONDITION0 c[10] = CLEAN;
+	bool isv4;
+	FWP_RANGE0 remote_port_range = CLEAN;
+	FWP_RANGE0 local_port_range = CLEAN;
+	FWP_V4_ADDR_AND_MASK remote_subnetv4 = CLEAN;
+	FWP_V6_ADDR_AND_MASK remote_subnetv6 = CLEAN;
+	FWP_V4_ADDR_AND_MASK local_subnetv4 = CLEAN;
+	FWP_V6_ADDR_AND_MASK local_subnetv6 = CLEAN;
+
+	UINT c_index = 0;
+
+	UINT flag_exclude_bits = 0;
+
+	if (a == NULL)
+	{
+		return;
+	}
+
+	isv4 = !a->IsIPv6;
+
+	UniFormat(name, sizeof(name), L"_SeVPNFW ACL %04u", index);
+
+	if (UniIsFilledStr(a->Note))
+	{
+		UniStrCat(name, sizeof(name), L": ");
+		UniStrCat(name, sizeof(name), a->Note);
+	}
+
+	// Exclude loopback
+	flag_exclude_bits |= FWP_CONDITION_FLAG_IS_LOOPBACK;
+
+	if (a->Established == false)
+	{
+		// Only new session packets
+		flag_exclude_bits |= FWP_CONDITION_FLAG_IS_REAUTHORIZE;
+	}
+
+	if (flag_exclude_bits != 0)
+	{
+		c[c_index].fieldKey = FWPM_CONDITION_FLAGS;
+		c[c_index].matchType = FWP_MATCH_FLAGS_NONE_SET;
+		c[c_index].conditionValue.type = FWP_UINT32;
+		c[c_index].conditionValue.uint32 = flag_exclude_bits;
+		c_index++;
+	}
+
+	// Protocol
+	c[c_index].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
+	c[c_index].matchType = FWP_MATCH_EQUAL;
+	c[c_index].conditionValue.type = FWP_UINT8;
+	c[c_index].conditionValue.uint8 = a->Protocol;
+	c_index++;
+
+	// Remote IP
+	if (isv4)
+	{
+		remote_subnetv4.addr = Endian32(a->DestIpAddress);
+		remote_subnetv4.mask = Endian32(a->DestSubnetMask);
+	}
+	else
+	{
+		IP tmp = CLEAN;
+
+		Copy(remote_subnetv6.addr, a->DestIpAddress6.Value, 16);
+		IPv6AddrToIP(&tmp, &a->DestSubnetMask6);
+		remote_subnetv6.prefixLength = SubnetMaskToInt6(&tmp);
+	}
+
+	c[c_index].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
+	c[c_index].matchType = FWP_MATCH_EQUAL;
+	c[c_index].conditionValue.type = isv4 ? FWP_V4_ADDR_MASK : FWP_V6_ADDR_MASK;
+
+	if (isv4)
+	{
+		c[c_index].conditionValue.v4AddrMask = &remote_subnetv4;
+	}
+	else
+	{
+		c[c_index].conditionValue.v6AddrMask = &remote_subnetv6;
+	}
+	c_index++;
+
+	// Local IP
+	if (isv4)
+	{
+		local_subnetv4.addr = Endian32(a->SrcIpAddress);
+		local_subnetv4.mask = Endian32(a->SrcSubnetMask);
+	}
+	else
+	{
+		IP tmp = CLEAN;
+
+		Copy(local_subnetv6.addr, a->SrcIpAddress6.Value, 16);
+		IPv6AddrToIP(&tmp, &a->SrcSubnetMask6);
+		local_subnetv6.prefixLength = SubnetMaskToInt6(&tmp);
+	}
+
+	c[c_index].fieldKey = FWPM_CONDITION_IP_LOCAL_ADDRESS;
+	c[c_index].matchType = FWP_MATCH_EQUAL;
+	c[c_index].conditionValue.type = isv4 ? FWP_V4_ADDR_MASK : FWP_V6_ADDR_MASK;
+
+	if (isv4)
+	{
+		c[c_index].conditionValue.v4AddrMask = &local_subnetv4;
+	}
+	else
+	{
+		c[c_index].conditionValue.v6AddrMask = &local_subnetv6;
+	}
+	c_index++;
+
+	if (a->Protocol == IP_PROTO_TCP || a->Protocol == IP_PROTO_UDP)
+	{
+		// Remote Port
+		remote_port_range.valueLow.type = FWP_UINT16;
+		remote_port_range.valueLow.uint16 = a->DestPortStart;
+		remote_port_range.valueHigh.type = FWP_UINT16;
+		remote_port_range.valueHigh.uint16 = a->DestPortEnd;
+
+		c[c_index].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
+		c[c_index].matchType = FWP_MATCH_RANGE;
+		c[c_index].conditionValue.type = FWP_RANGE_TYPE;
+		c[c_index].conditionValue.rangeValue = &remote_port_range;
+		c_index++;
+
+		// Local Port
+		local_port_range.valueLow.type = FWP_UINT16;
+		local_port_range.valueLow.uint16 = a->SrcPortStart;
+		local_port_range.valueHigh.type = FWP_UINT16;
+		local_port_range.valueHigh.uint16 = a->SrcPortEnd;
+
+		c[c_index].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
+		c[c_index].matchType = FWP_MATCH_RANGE;
+		c[c_index].conditionValue.type = FWP_RANGE_TYPE;
+		c[c_index].conditionValue.rangeValue = &local_port_range;
+		c_index++;
+	}
+
+	Zero(&filter, sizeof(filter));
+	filter.flags = 0;
+	if (a->Active)
+	{
+		// Direction: In
+		filter.layerKey = isv4 ? FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4 : FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
+	}
+	else
+	{
+		// Direction: Out
+		filter.layerKey = isv4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
+	}
+	if (sublayer != NULL)
+	{
+		filter.subLayerKey = *sublayer;
+	}
+	if (provider != NULL)
+	{
+		filter.providerKey = provider;
+	}
+	filter.weight.type = FWP_UINT64;
+	filter.weight.uint64 = &weight;
+	filter.action.type = a->Discard ? FWP_ACTION_BLOCK : FWP_ACTION_PERMIT;
+	filter.displayData.name = name;
+
+	filter.filterCondition = c;
+	filter.numFilterConditions = c_index;
+
+	ret = du_wfp_api->FwpmFilterAdd0(hEngine, &filter, NULL, NULL);
+	if (ret)
+	{
+		Debug("DuFwpAddAccess: FwpmFilterAdd0 Failed: 0x%X\n", ret);
+	}
+}
+
+// Add ACL rule with port
+void DuWfpAddPortAcl(HANDLE hEngine, bool is_in, bool ipv6, UCHAR protocol, UINT port, UINT index, bool permit)
+{
+	FWPM_FILTER0 filter;
+	UINT64 weight = ((UINT64)~((UINT64)0)) - (UINT64)index;
+	wchar_t name[256];
+	UINT ret;
+	FWPM_FILTER_CONDITION0 c[2];
+	bool isv4 = !ipv6;
+
+	UniFormat(name, sizeof(name), L"DU_DuWfpAddPortAcl_%u", index);
+
+	Zero(c, sizeof(c));
+	c[0].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
+	c[0].matchType = FWP_MATCH_EQUAL;
+	c[0].conditionValue.type = FWP_UINT16;
+	c[0].conditionValue.uint16 = port;
+
+	c[1].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
+	c[1].matchType = FWP_MATCH_EQUAL;
+	c[1].conditionValue.type = FWP_UINT8;
+	c[1].conditionValue.uint8 = protocol;
+
+	Zero(&filter, sizeof(filter));
+	filter.flags = 0;
+	if (is_in)
+	{
+		filter.layerKey = isv4 ? FWPM_LAYER_INBOUND_TRANSPORT_V4 : FWPM_LAYER_INBOUND_TRANSPORT_V6;
+	}
+	else
+	{
+		filter.layerKey = isv4 ? FWPM_LAYER_OUTBOUND_TRANSPORT_V4 : FWPM_LAYER_OUTBOUND_TRANSPORT_V6;
+	}
+	filter.weight.type = FWP_UINT64;
+	filter.weight.uint64 = &weight;
+	filter.action.type = permit ? FWP_ACTION_PERMIT : FWP_ACTION_BLOCK;
+	filter.displayData.name = name;
+
+	filter.filterCondition = c;
+	filter.numFilterConditions = 2;
+
+	ret = du_wfp_api->FwpmFilterAdd0(hEngine, &filter, NULL, NULL);
+	if (ret)
+	{
+		Debug("DuWfpAddPortAcl: FwpmFilterAdd0 Failed: 0x%X\n", ret);
+	}
+}
+
+// Add ACL rule with IP
+void DuWfpAddIpAcl(HANDLE hEngine, bool is_in, IP *ip, IP *mask, UINT index, bool permit)
+{
+	FWPM_FILTER0 filter;
+	UINT64 weight = ((UINT64)~((UINT64)0)) - (UINT64)index;
+	wchar_t name[256];
+	UINT ret;
+	FWPM_FILTER_CONDITION0 c;
+	FWP_V4_ADDR_AND_MASK subnetv4;
+	FWP_V6_ADDR_AND_MASK subnetv6;
+
+	bool isv4 = false;
+
+	if (IsIP4(ip) == false || IsIP4(mask) == false)
+	{
+		if (IsIP6(ip) == false || IsIP6(mask) == false)
+		{
+			return;
+		}
+	}
+
+	isv4 = IsIP4(ip);
+
+	UniFormat(name, sizeof(name), L"DU_DuWfpAddIpAcl_%u", index);
+
+	Zero(&subnetv4, sizeof(subnetv4));
+	if (isv4)
+	{
+		subnetv4.addr = Endian32(IPToUINT(ip));
+		subnetv4.mask = Endian32(IPToUINT(mask));
+	}
+
+	Zero(&subnetv6, sizeof(subnetv6));
+	if (isv4 == false)
+	{
+		Copy(subnetv6.addr, ip->ipv6_addr, 16);
+		subnetv6.prefixLength = SubnetMaskToInt6(mask);
+	}
+
+	Zero(&c, sizeof(c));
+	c.fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
+	c.matchType = FWP_MATCH_EQUAL;
+	c.conditionValue.type = isv4 ? FWP_V4_ADDR_MASK : FWP_V6_ADDR_MASK;
+
+	if (isv4)
+	{
+		c.conditionValue.v4AddrMask = &subnetv4;
+	}
+	else
+	{
+		c.conditionValue.v6AddrMask = &subnetv6;
+	}
+
+	Zero(&filter, sizeof(filter));
+	filter.flags = 0;
+
+	if (is_in)
+	{
+		filter.layerKey = isv4 ? FWPM_LAYER_INBOUND_TRANSPORT_V4 : FWPM_LAYER_INBOUND_TRANSPORT_V6;
+	}
+	else
+	{
+		filter.layerKey = isv4 ? FWPM_LAYER_OUTBOUND_TRANSPORT_V4 : FWPM_LAYER_OUTBOUND_TRANSPORT_V6;
+	}
+
+	filter.weight.type = FWP_UINT64;
+	filter.weight.uint64 = &weight;
+	filter.action.type = permit ? FWP_ACTION_PERMIT : FWP_ACTION_BLOCK;
+	filter.displayData.name = name;
+
+	filter.filterCondition = &c;
+	filter.numFilterConditions = 1;
+
+	ret = du_wfp_api->FwpmFilterAdd0(hEngine, &filter, NULL, NULL);
+	if (ret)
+	{
+		Debug("DuWfpAddIpAcl: FwpmFilterAdd0 Failed: 0x%X\n", ret);
+	}
+}
+
+void FwParseIpAndMask(IP *ip, IP *mask, char *str)
+{
+	bool error = false;
+	if (ip == NULL || mask == NULL)
+	{
+		return;
+	}
+
+	ZeroIP4(ip);
+	ZeroIP4(mask);
+
+	if (StartWith(str, "any6") || StartWith(str, "all6"))
+	{
+		ZeroIP6(ip);
+		ZeroIP6(mask);
+		return;
+	}
+	else if (StartWith(str, "any") || StartWith(str, "all") || StrCmpi(str, "*") == 0)
+	{
+		ZeroIP4(ip);
+		ZeroIP4(mask);
+		return;
+	}
+
+	if (IsFilledStr(str))
+	{
+		if (InStr(str, "/") == false && StrToIP(ip, str))
+		{
+			if (IsIP6(ip))
+			{
+				IntToSubnetMask6(mask, 128);
+			}
+			else
+			{
+				IntToSubnetMask4(mask, 32);
+			}
+		}
+		else
+		{
+			if (ParseIpAndMask46(str, ip, mask) == false)
+			{
+				error = true;
+			}
+		}
+	}
+
+	if (error)
+	{
+		if (IsIP6(ip))
+		{
+			StrToIP6(ip, "2001:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
+			IntToSubnetMask6(mask, 128);
+		}
+		else
+		{
+			SetIP(ip, 1, 1, 1, 255);
+			IntToSubnetMask4(mask, 32);
+		}
+	}
+}
+
+void FwParsePortRange(UINT *start, UINT *end, char *str)
+{
+	UINT p1 = 1, p2 = 65535;
+	if (start == NULL || end == NULL)
+	{
+		return;
+	}
+
+	if (IsFilledStr(str))
+	{
+		TOKEN_LIST *t = ParseToken(str, "-:");
+
+		if (t != NULL)
+		{
+			if (t->NumTokens >= 2 && IsNum(t->Token[0]) && IsNum(t->Token[1]))
+			{
+				p1 = ToInt(t->Token[0]);
+				p2 = ToInt(t->Token[1]);
+			}
+			else if (t->NumTokens == 1 && IsNum(t->Token[0]))
+			{
+				p1 = p2 = ToInt(t->Token[0]);
+			}
+			else
+			{
+				p1 = 1;
+				p2 = 65535;
+			}
+
+			FreeToken(t);
+		}
+	}
+
+	p1 = MAX(p1, 1);
+	p1 = MIN(p1, 65535);
+
+	p2 = MAX(p2, 1);
+	p2 = MIN(p2, 65535);
+
+	if (p1 > p2)
+	{
+		UINT x = p1;
+		p1 = p2;
+		p2 = x;
+	}
+
+	*start = p1;
+	*end = p2;
+}
+
+bool FwParseRuleStr(ACCESS *a, char *str)
+{
+	bool ret = false;
+	char *line;
+	if (a == NULL || str == NULL)
+	{
+		return false;
+	}
+
+	Zero(a, sizeof(ACCESS));
+
+	line = CopyStr(str);
+
+	Trim(line);
+
+	if (StartWith(line, "#") == false && StartWith(line, "//") == false &&
+		StartWith(line, ";") == false)
+	{
+		TOKEN_LIST *t;
+		UINT comment_index = SearchStr(line, "#", 0);
+		if (comment_index != INFINITE)
+		{
+			line[comment_index] = 0;
+		}
+
+		t = ParseTokenWithoutNullStr(line, " \t");
+
+		if (t != NULL)
+		{
+			char *first = "";
+			if (t->NumTokens >= 1)
+			{
+				first = t->Token[0];
+			}
+
+			if (IsFilledStr(first))
+			{
+				char *trust_server_tag = "trusted_server";
+				char *trust_client_tag = "trusted_client";
+
+				if (StartWith(line, trust_server_tag))
+				{
+					char tmp[MAX_SIZE] = CLEAN;
+					wchar_t *fullpath;
+					UINT atmark;
+
+					StrCpy(tmp, sizeof(tmp), line + StrLen(trust_server_tag));
+					Trim(tmp);
+
+					fullpath = CopyUtfToUni(tmp);
+
+					atmark = UniSearchStrEx(fullpath, L"@", 0, true);
+
+					if (atmark != INFINITE)
+					{
+						fullpath[atmark] = 0;
+					}
+
+					UniTrim(fullpath);
+
+					UniTrimDoubleQuotation(fullpath);
+
+					UniTrim(fullpath);
+
+					a->Discard = false;
+					UniStrCpy(a->Note, sizeof(a->Note), fullpath);
+
+					a->UniqueId = FW_PARSED_ACCESS_UNIQUE_ID_EXEPATH;
+
+					a->Jitter = FW_PARSED_ACCESS_JITTER_ALLOW_SERVER;
+
+					Free(fullpath);
+
+					ret = true;
+				}
+				else if (StartWith(line, trust_client_tag))
+				{
+					char tmp[MAX_SIZE] = CLEAN;
+					wchar_t *fullpath;
+					UINT atmark;
+
+					StrCpy(tmp, sizeof(tmp), line + StrLen(trust_client_tag));
+					Trim(tmp);
+
+					fullpath = CopyUtfToUni(tmp);
+
+					atmark = UniSearchStrEx(fullpath, L"@", 0, true);
+
+					if (atmark != INFINITE)
+					{
+						fullpath[atmark] = 0;
+					}
+
+					UniTrim(fullpath);
+
+					UniTrimDoubleQuotation(fullpath);
+
+					UniTrim(fullpath);
+
+					a->Discard = false;
+					UniStrCpy(a->Note, sizeof(a->Note), fullpath);
+
+					a->UniqueId = FW_PARSED_ACCESS_UNIQUE_ID_EXEPATH;
+
+					a->Jitter = FW_PARSED_ACCESS_JITTER_ALLOW_CLIENT;
+
+					Free(fullpath);
+
+					ret = true;
+				}
+				else
+				{
+					UINT proto = StrToProtocol(first);
+					if (proto == 0 && StrCmpi(first, "ICMP"))
+					{
+						proto = IP_PROTO_ICMPV4;
+					}
+
+					if (proto == IP_PROTO_TCP || proto == IP_PROTO_UDP || IP_PROTO_ICMPV4 || IP_PROTO_ICMPV6)
+					{
+						if (t->NumTokens >= 5)
+						{
+							char *dir = t->Token[1];
+							char *type = t->Token[2];
+							char *action = t->Token[3];
+							char *remoteip = t->Token[4];
+
+							char *remoteport = t->NumTokens >= 6 ? t->Token[5] : "*";
+							char *localport = t->NumTokens >= 7 ? t->Token[6] : "*";
+							char *localip_str = t->NumTokens >= 8 ? t->Token[7] : "*";
+
+							bool is_in = StartWith(dir, "i");
+							bool is_new = StartWith(type, "n");
+							bool is_permit = StartWith(action, "p") || StartWith(action, "a") || ToBool(action);
+
+							IP ip = CLEAN;
+							IP mask = CLEAN;
+
+							IP localip = CLEAN;
+							IP localmask = CLEAN;
+
+							UINT remoteport_start = 0, remoteport_end = 0;
+							UINT localport_start = 0, localport_end = 0;
+
+							UINT i;
+							char tmpstr[MAX_SIZE] = CLEAN;
+
+							FwParseIpAndMask(&ip, &mask, remoteip);
+							FwParseIpAndMask(&localip, &localmask, localip_str);
+
+							FwParsePortRange(&remoteport_start, &remoteport_end, remoteport);
+							FwParsePortRange(&localport_start, &localport_end, localport);
+
+							a->CheckTcpState = true;
+							a->Established = !is_new;
+							a->Active = is_in;
+							a->Discard = !is_permit;
+
+							if (IsIP4(&ip))
+							{
+								a->DestIpAddress = IPToUINT(&ip);
+								a->DestSubnetMask = IPToUINT(&mask);
+
+								if (StrCmpi(localip_str, "*") != 0)
+								{
+									a->SrcIpAddress = IPToUINT(&localip);
+									a->SrcSubnetMask = IPToUINT(&localmask);
+								}
+							}
+							else
+							{
+								a->IsIPv6 = true;
+								Copy(&a->DestIpAddress6, ip.ipv6_addr, 16);
+								Copy(&a->DestSubnetMask6, mask.ipv6_addr, 16);
+
+								if (StrCmpi(localip_str, "*") != 0)
+								{
+									Copy(&a->SrcIpAddress6, localip.ipv6_addr, 16);
+									Copy(&a->SrcSubnetMask6, localmask.ipv6_addr, 16);
+								}
+							}
+
+							if (proto == IP_PROTO_ICMPV4 || proto == IP_PROTO_ICMPV6)
+							{
+								proto = a->IsIPv6 ? IP_PROTO_ICMPV6 : IP_PROTO_ICMPV4;
+							}
+
+							a->Protocol = proto;
+
+							a->SrcPortStart = localport_start;
+							a->SrcPortEnd = localport_end;
+
+							a->DestPortStart = remoteport_start;
+							a->DestPortEnd = remoteport_end;
+
+							for (i = 0;i < t->NumTokens;i++)
+							{
+								StrCat(tmpstr, sizeof(tmpstr), t->Token[i]);
+								StrCat(tmpstr, sizeof(tmpstr), " ");
+							}
+							Trim(tmpstr);
+							StrLower(tmpstr);
+
+							StrToUni(a->Note, sizeof(a->Note), tmpstr);
+
+							ret = true;
+						}
+					}
+				}
+			}
+
+			FreeToken(t);
+		}
+	}
+
+	Free(line);
+
+	return ret;
+}
+
+void StopTunnelCrackFw(TUNNELCRACK_FW *fw)
+{
+	if (fw == NULL)
+	{
+		return;
+	}
+
+	du_wfp_api->FwpmEngineClose0(fw->Engine);
+
+	Free(fw);
+}
+
+TUNNELCRACK_FW *StartTunnelCrackFw(TUNNELCRACK_FW_PARAM *param)
+{
+	FWPM_SESSION0 session = CLEAN;
+	HANDLE hEngine = NULL;
+	UINT ret;
+	char provider_name[MAX_PATH] = CLEAN;
+	char sublayer_name[MAX_PATH] = CLEAN;
+	GUID provider = CLEAN;
+	GUID sublayer = CLEAN;
+	TUNNELCRACK_FW *fw;
+	UINT index = 0;
+	char tmp[MAX_SIZE] = CLEAN;
+	ACCESS a;
+	if (param == NULL)
+	{
+		return NULL;
+	}
+
+	if (MsIsAdmin() == false)
+	{
+		return NULL;
+	}
+
+	if (DuInitWfpApi() == false)
+	{
+		return NULL;
+	}
+
+	session.flags = FWPM_SESSION_FLAG_DYNAMIC;
+
+	ret = du_wfp_api->FwpmEngineOpen0(NULL, RPC_C_AUTHN_DEFAULT, NULL, &session, &hEngine);
+	if (ret)
+	{
+		return NULL;
+	}
+
+	StrCpy(provider_name, sizeof(provider_name), "SoftEtherNw Provider");
+	StrCpy(sublayer_name, sizeof(sublayer_name), "SoftEtherNw Sublayer");
+
+	if (DuWfpCreateProvider(hEngine, &provider, provider_name) == false)
+	{
+		du_wfp_api->FwpmEngineClose0(hEngine);
+		return NULL;
+	}
+
+	if (DuWfpCreateSublayer(hEngine, &sublayer, &provider, sublayer_name, 0xFFFF) == false)
+	{
+		du_wfp_api->FwpmEngineClose0(hEngine);
+		return NULL;
+	}
+
+	fw = ZeroMalloc(sizeof(TUNNELCRACK_FW));
+
+	fw->Engine = hEngine;
+
+	// Add this EXE as trusted
+	DuFwpAddTrustedExe(hEngine, &provider, &sublayer, ++index, MsGetExeFileNameW(),
+		FW_PARSED_ACCESS_JITTER_ALLOW_SERVER | FW_PARSED_ACCESS_JITTER_ALLOW_CLIENT, false);
+
+	// Add IP address filter
+	{
+		Format(tmp, sizeof(tmp), "tcp out all deny %r * *", &param->TargetVpnServerIP);
+
+		Zero(&a, sizeof(a));
+		if (FwParseRuleStr(&a, tmp))
+		{
+			DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+		}
+	}
+	{
+		Format(tmp, sizeof(tmp), "udp out all deny %r * *", &param->TargetVpnServerIP);
+
+		Zero(&a, sizeof(a));
+		if (FwParseRuleStr(&a, tmp))
+		{
+			DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+		}
+	}
+	{
+		UINT i;
+		for (i = 0;i < TUNNELCRACK_FW_PARAM_MAX_LOCALIP_LIST;i++)
+		{
+			char *subnet = param->LocalNetList[i];
+			char *ip = param->LocalIPList[i];
+
+			if (IsFilledStr(subnet) && IsFilledStr(ip))
+			{
+				Format(tmp, sizeof(tmp), "tcp out all permit %s 53 * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "tcp out new deny %s * * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "tcp out all permit %s * * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "udp out all permit %s 53 * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "udp out all permit %s 67 * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "udp out all permit %s 543 * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "udp out new deny %s * * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "udp out all permit %s * * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+
+				Format(tmp, sizeof(tmp), "icmp out all deny %s * * %s", subnet, ip);
+				Zero(&a, sizeof(a));
+				if (FwParseRuleStr(&a, tmp))
+				{
+					DuFwpAddAccess(hEngine, &provider, &sublayer, ++index, &a);
+				}
+			}
+		}
+	}
+
+	return fw;
+}
+
+void InitTunnelCrackFwParamForVpn(TUNNELCRACK_FW_PARAM *param, IP *vpn_server_ip)
+{
+	MS_ADAPTER_LIST *adapter_list;
+	UINT i;
+	UINT index = 0;
+
+	Zero(param, sizeof(TUNNELCRACK_FW_PARAM));
+
+	if (param == NULL || vpn_server_ip == NULL)
+	{
+		return;
+	}
+
+	CopyIP(&param->TargetVpnServerIP, vpn_server_ip);
+
+	adapter_list = MsCreateAdapterList();
+
+	for (i = 0;i < adapter_list->Num;i++)
+	{
+		MS_ADAPTER *a = adapter_list->Adapters[i];
+
+		if (a->Status == 4)
+		{
+			if (UniInStrEx(a->TitleW, L"VPN", false) == false)
+			{
+				UINT j;
+				for (j = 0;j < a->NumIpAddress;j++)
+				{
+					IP *ip = &a->IpAddresses[j];
+					IP *subnet = &a->SubnetMasks[j];
+
+					if (IsZeroIP(ip) == false && IsZeroIP(subnet) == false)
+					{
+						IP ip2 = CLEAN;
+						char str[MAX_PATH] = CLEAN;
+						if (IsIP4(ip))
+						{
+							IPAnd4(&ip2, ip, subnet);
+						}
+						else
+						{
+							IPAnd6(&ip2, ip, subnet);
+						}
+
+						//Format(str, sizeof(str), "%r/%r", &ip2, subnet);
+
+						if (IsIP4(ip))
+						{
+							StrCpy(str, sizeof(str), "any4");
+						}
+						else
+						{
+							StrCpy(str, sizeof(str), "any6");
+						}
+
+						if (index < TUNNELCRACK_FW_PARAM_MAX_LOCALIP_LIST)
+						{
+							StrCpy(param->LocalNetList[index], MAX_PATH, str);
+							IPToStr(param->LocalIPList[index], MAX_PATH, ip);
+							index++;
+						}
+					}
+				}
+			}
+		}
+	}
+
+	MsFreeAdapterList(adapter_list);
+}
+
+#endif // OS_WIN32
+

src/Mayaqua/Network.h

@@ -1014,6 +1014,65 @@ struct HTTP_HEADER
 
 
 
+#define	MAX_ACCESSLIST_NOTE_LEN		255		// Maximum length of the note of access list entry
+#define	MAX_USERNAME_LEN			255		// User name maximum length
+#define	MAX_REDIRECT_URL_LEN		255		// URL length to redirect
+
+// Access list
+struct ACCESS
+{
+	// IPv4
+	UINT Id;							// ID
+	wchar_t Note[MAX_ACCESSLIST_NOTE_LEN + 1];	// Note
+
+	// --- Please add items to the bottom of here for enhancements ---
+	bool Active;						// Enable flag
+	UINT Priority;						// Priority
+	bool Discard;						// Discard flag
+	UINT SrcIpAddress;					// Source IP address
+	UINT SrcSubnetMask;					// Source subnet mask
+	UINT DestIpAddress;					// Destination IP address
+	UINT DestSubnetMask;				// Destination subnet mask
+	UINT Protocol;						// Protocol
+	UINT SrcPortStart;					// Source port number starting point
+	UINT SrcPortEnd;					// Source port number end point
+	UINT DestPortStart;					// Destination port number starting point
+	UINT DestPortEnd;					// Destination port number end point
+	UINT64 SrcUsernameHash;				// Source user name hash
+	bool IsSrcUsernameIncludeOrExclude;	// The source user name is formed as the "include:" or "exclude:"
+	char SrcUsername[MAX_USERNAME_LEN + 1];
+	bool IsDestUsernameIncludeOrExclude;	// The destination user name is formed as "include:" or "exclude:"
+	UINT64 DestUsernameHash;			// Destination user name hash
+	char DestUsername[MAX_USERNAME_LEN + 1];
+	bool CheckSrcMac;					// Presence of a source MAC address setting
+	UCHAR SrcMacAddress[6];				// Source MAC address
+	UCHAR SrcMacMask[6];				// Source MAC address mask
+	bool CheckDstMac;					// Whether the setting of the destination MAC address exists
+	UCHAR DstMacAddress[6];				// Destination MAC address
+	UCHAR DstMacMask[6];				// Destination MAC address mask
+	bool CheckTcpState;					// The state of the TCP connection
+	bool Established;					// Establieshed(TCP)
+	UINT Delay;							// Delay
+	UINT Jitter;						// Jitter
+	UINT Loss;							// Packet loss
+	char RedirectUrl[MAX_REDIRECT_URL_LEN + 1];	// URL to redirect to
+
+	// IPv6
+	bool IsIPv6;						// Whether it's an IPv6
+	IPV6_ADDR SrcIpAddress6;			// The source IP address (IPv6)
+	IPV6_ADDR SrcSubnetMask6;			// Source subnet mask (IPv6)
+	IPV6_ADDR DestIpAddress6;			// Destination IP address (IPv6)
+	IPV6_ADDR DestSubnetMask6;			// Destination subnet mask (IPv6)
+
+	// --- Please add items to the above of here for enhancements ---
+
+	// For management
+	UINT UniqueId;						// Unique ID
+};
+
+
+
+
 
 
 
@@ -1676,6 +1735,8 @@ bool IsIcmpApiSupported();
 ICMP_RESULT *IcmpApiEchoSend(IP *dest_ip, UCHAR ttl, UCHAR *data, UINT size, UINT timeout);
 void IcmpApiFreeResult(ICMP_RESULT *ret);
 
+UINT StrToProtocol(char *str);
+
 #ifdef	OS_WIN32
 void Win32WaitForTubes(TUBE **tubes, UINT num, UINT timeout);
 #else	// OS_WIN32
@@ -1761,5 +1822,48 @@ UINT64 GetDynValueOrDefault(char *name, UINT64 default_value, UINT64 min_value,
 UINT64 GetDynValueOrDefaultSafe(char *name, UINT64 default_value);
 
 
+#ifdef WIN32
+#ifdef	NETWORK_C
+
+#define	FW_PARSED_ACCESS_UNIQUE_ID_EXEPATH		10000001
+
+#define	FW_PARSED_ACCESS_JITTER_ALLOW_SERVER	1
+#define	FW_PARSED_ACCESS_JITTER_ALLOW_CLIENT	2
+
+
+bool DuWfpCreateProvider(HANDLE hEngine, GUID *created_guid, char *name);
+bool DuWfpCreateSublayer(HANDLE hEngine, GUID *created_guid, GUID *provider_guid, char *name, USHORT weight);
+void DuFwpAddTrustedExe(HANDLE hEngine, GUID *provider, GUID *sublayer, UINT index, wchar_t *exe, UINT allowed_directions, bool disable_wow);
+void DuFwpAddAccess(HANDLE hEngine, GUID *provider, GUID *sublayer, UINT index, ACCESS *a);
+void DuWfpAddPortAcl(HANDLE hEngine, bool is_in, bool ipv6, UCHAR protocol, UINT port, UINT index, bool permit);
+void DuWfpAddIpAcl(HANDLE hEngine, bool is_in, IP *ip, IP *mask, UINT index, bool permit);
+
+#endif	// NETWORK_C
+
+void InitTunnelCrackFwParamForVpn(TUNNELCRACK_FW_PARAM *param, IP *vpn_server_ip);
+TUNNELCRACK_FW *StartTunnelCrackFw(TUNNELCRACK_FW_PARAM *param);
+void StopTunnelCrackFw(TUNNELCRACK_FW *fw);
+
+bool FwParseRuleStr(ACCESS *a, char *str);
+void FwParsePortRange(UINT *start, UINT *end, char *str);
+void FwParseIpAndMask(IP *ip, IP *mask, char *str);
+
+#endif // OS_WIN32
+
+struct TUNNELCRACK_FW
+{
+	void *Engine;
+};
+
+#define TUNNELCRACK_FW_PARAM_MAX_LOCALIP_LIST	16
+
+struct TUNNELCRACK_FW_PARAM
+{
+	IP TargetVpnServerIP;
+	char LocalNetList[TUNNELCRACK_FW_PARAM_MAX_LOCALIP_LIST][MAX_PATH];
+	char LocalIPList[TUNNELCRACK_FW_PARAM_MAX_LOCALIP_LIST][MAX_PATH];
+};
+
+
 #endif	// NETWORK_H
 

src/Mayaqua/fixed_fwpmtypes.h

@@ -0,0 +1,789 @@
+
+
+/* this ALWAYS GENERATED file contains the definitions for the interfaces */
+
+
+ /* File created by MIDL compiler version 7.00.0555 */
+/* Compiler settings for fwpmtypes.idl:
+    Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 7.00.0555 
+    protocol : dce , ms_ext, c_ext, robust
+    error checks: allocation ref bounds_check enum stub_data 
+    VC __declspec() decoration level: 
+         __declspec(uuid()), __declspec(selectany), __declspec(novtable)
+         DECLSPEC_UUID(), MIDL_INTERFACE()
+*/
+/* @@MIDL_FILE_HEADING(  ) */
+
+#pragma warning( disable: 4049 )  /* more than 64k source lines */
+
+
+/* verify that the <rpcndr.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCNDR_H_VERSION__
+#define __REQUIRED_RPCNDR_H_VERSION__ 500
+#endif
+
+/* verify that the <rpcsal.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCSAL_H_VERSION__
+#define __REQUIRED_RPCSAL_H_VERSION__ 100
+#endif
+
+#include "rpc.h"
+#include "rpcndr.h"
+
+#ifndef __RPCNDR_H_VERSION__
+#error this stub requires an updated version of <rpcndr.h>
+#endif // __RPCNDR_H_VERSION__
+
+
+#ifndef __fwpmtypes_h__
+#define __fwpmtypes_h__
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1020)
+#pragma once
+#endif
+
+/* Forward Declarations */ 
+
+/* header files for imported files */
+#include "fixed_fwptypes.h"
+#include "fixed_iketypes.h"
+#include "fixed_ipsectypes.h"
+
+#ifdef __cplusplus
+extern "C"{
+#endif 
+
+
+/* interface __MIDL_itf_fwpmtypes_0000_0000 */
+/* [local] */ 
+
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(push)
+#endif
+#pragma warning(disable:4201)
+#endif
+#ifndef _DEFINE_DL_ADDRESS_TYPE_
+#define _DEFINE_DL_ADDRESS_TYPE_
+typedef /* [public][public][v1_enum] */ 
+enum __MIDL___MIDL_itf_fwpmtypes_0000_0000_0001
+    {	DlUnicast	= 0,
+	DlMulticast	= ( DlUnicast + 1 ) ,
+	DlBroadcast	= ( DlMulticast + 1 ) 
+    } 	DL_ADDRESS_TYPE;
+
+typedef /* [v1_enum] */ enum __MIDL___MIDL_itf_fwpmtypes_0000_0000_0001 *PDL_ADDRESS_TYPE;
+
+#endif
+typedef struct FWPM_DISPLAY_DATA0_
+    {
+    wchar_t *name;
+    wchar_t *description;
+    } 	FWPM_DISPLAY_DATA0;
+
+typedef /* [v1_enum] */ 
+enum FWPM_CHANGE_TYPE_
+    {	FWPM_CHANGE_ADD	= 1,
+	FWPM_CHANGE_DELETE	= ( FWPM_CHANGE_ADD + 1 ) ,
+	FWPM_CHANGE_TYPE_MAX	= ( FWPM_CHANGE_DELETE + 1 ) 
+    } 	FWPM_CHANGE_TYPE;
+
+#define FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_ADD    (0x00000001)
+#define FWPM_SUBSCRIPTION_FLAG_NOTIFY_ON_DELETE (0x00000002)
+typedef 
+enum FWPM_SERVICE_STATE_
+    {	FWPM_SERVICE_STOPPED	= 0,
+	FWPM_SERVICE_START_PENDING	= ( FWPM_SERVICE_STOPPED + 1 ) ,
+	FWPM_SERVICE_STOP_PENDING	= ( FWPM_SERVICE_START_PENDING + 1 ) ,
+	FWPM_SERVICE_RUNNING	= ( FWPM_SERVICE_STOP_PENDING + 1 ) ,
+	FWPM_SERVICE_STATE_MAX	= ( FWPM_SERVICE_RUNNING + 1 ) 
+    } 	FWPM_SERVICE_STATE;
+
+#define FWPM_NET_EVENT_KEYWORD_INBOUND_MCAST (0x00000001)
+#define FWPM_NET_EVENT_KEYWORD_INBOUND_BCAST (0x00000002)
+typedef 
+enum FWPM_ENGINE_OPTION_
+    {	FWPM_ENGINE_COLLECT_NET_EVENTS	= 0,
+	FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDS	= ( FWPM_ENGINE_COLLECT_NET_EVENTS + 1 ) ,
+	FWPM_ENGINE_NAME_CACHE	= ( FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDS + 1 ) ,
+	FWPM_ENGINE_OPTION_MAX	= ( FWPM_ENGINE_NAME_CACHE + 1 ) 
+    } 	FWPM_ENGINE_OPTION;
+
+#define FWPM_SESSION_FLAG_DYNAMIC (0x00000001)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_SESSION_FLAG_RESERVED (0x10000000)
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_SESSION0_
+    {
+    GUID sessionKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    UINT32 txnWaitTimeoutInMSec;
+    DWORD processId;
+    SID *sid;
+    wchar_t *username;
+    BOOL kernelMode;
+    } 	FWPM_SESSION0;
+
+typedef struct FWPM_SESSION_ENUM_TEMPLATE0_
+    {
+    UINT64 reserved;
+    } 	FWPM_SESSION_ENUM_TEMPLATE0;
+
+#define FWPM_PROVIDER_FLAG_PERSISTENT  (0x00000001)
+#define FWPM_PROVIDER_FLAG_DISABLED    (0x00000010)
+typedef struct FWPM_PROVIDER0_
+    {
+    GUID providerKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    FWP_BYTE_BLOB providerData;
+    wchar_t *serviceName;
+    } 	FWPM_PROVIDER0;
+
+typedef struct FWPM_PROVIDER_ENUM_TEMPLATE0_
+    {
+    UINT64 reserved;
+    } 	FWPM_PROVIDER_ENUM_TEMPLATE0;
+
+typedef struct FWPM_PROVIDER_CHANGE0_
+    {
+    FWPM_CHANGE_TYPE changeType;
+    GUID providerKey;
+    } 	FWPM_PROVIDER_CHANGE0;
+
+typedef struct FWPM_PROVIDER_SUBSCRIPTION0_
+    {
+    FWPM_PROVIDER_ENUM_TEMPLATE0 *enumTemplate;
+    UINT32 flags;
+    GUID sessionKey;
+    } 	FWPM_PROVIDER_SUBSCRIPTION0;
+
+#define FWPM_PROVIDER_CONTEXT_FLAG_PERSISTENT  (0x00000001)
+typedef struct FWPM_CLASSIFY_OPTION0_
+    {
+    FWP_CLASSIFY_OPTION_TYPE type;
+    FWP_VALUE0 value;
+    } 	FWPM_CLASSIFY_OPTION0;
+
+typedef struct FWPM_CLASSIFY_OPTIONS0_
+    {
+    UINT32 numOptions;
+    FWPM_CLASSIFY_OPTION0 *options;
+    } 	FWPM_CLASSIFY_OPTIONS0;
+
+typedef /* [v1_enum] */ 
+enum FWPM_PROVIDER_CONTEXT_TYPE_
+    {	FWPM_IPSEC_KEYING_CONTEXT	= 0,
+	FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT	= ( FWPM_IPSEC_KEYING_CONTEXT + 1 ) ,
+	FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT	= ( FWPM_IPSEC_IKE_QM_TRANSPORT_CONTEXT + 1 ) ,
+	FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT	= ( FWPM_IPSEC_IKE_QM_TUNNEL_CONTEXT + 1 ) ,
+	FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT	= ( FWPM_IPSEC_AUTHIP_QM_TRANSPORT_CONTEXT + 1 ) ,
+	FWPM_IPSEC_IKE_MM_CONTEXT	= ( FWPM_IPSEC_AUTHIP_QM_TUNNEL_CONTEXT + 1 ) ,
+	FWPM_IPSEC_AUTHIP_MM_CONTEXT	= ( FWPM_IPSEC_IKE_MM_CONTEXT + 1 ) ,
+	FWPM_CLASSIFY_OPTIONS_CONTEXT	= ( FWPM_IPSEC_AUTHIP_MM_CONTEXT + 1 ) ,
+	FWPM_GENERAL_CONTEXT	= ( FWPM_CLASSIFY_OPTIONS_CONTEXT + 1 ) ,
+	FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT	= ( FWPM_GENERAL_CONTEXT + 1 ) ,
+	FWPM_IPSEC_IKEV2_MM_CONTEXT	= ( FWPM_IPSEC_IKEV2_QM_TUNNEL_CONTEXT + 1 ) ,
+	FWPM_IPSEC_DOSP_CONTEXT	= ( FWPM_IPSEC_IKEV2_MM_CONTEXT + 1 ) ,
+	FWPM_PROVIDER_CONTEXT_TYPE_MAX	= ( FWPM_IPSEC_DOSP_CONTEXT + 1 ) 
+    } 	FWPM_PROVIDER_CONTEXT_TYPE;
+
+typedef struct FWPM_PROVIDER_CONTEXT0_
+    {
+    GUID providerContextKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    GUID *providerKey;
+    FWP_BYTE_BLOB providerData;
+    FWPM_PROVIDER_CONTEXT_TYPE type;
+    union 
+        {
+        IPSEC_KEYING_POLICY0 *keyingPolicy;
+        IPSEC_TRANSPORT_POLICY0 *ikeQmTransportPolicy;
+        IPSEC_TUNNEL_POLICY0 *ikeQmTunnelPolicy;
+        IPSEC_TRANSPORT_POLICY0 *authipQmTransportPolicy;
+        IPSEC_TUNNEL_POLICY0 *authipQmTunnelPolicy;
+        IKEEXT_POLICY0 *ikeMmPolicy;
+        IKEEXT_POLICY0 *authIpMmPolicy;
+        FWP_BYTE_BLOB *dataBuffer;
+        FWPM_CLASSIFY_OPTIONS0 *classifyOptions;
+         /* Empty union arm */ 
+        } 	;
+    UINT64 providerContextId;
+    } 	FWPM_PROVIDER_CONTEXT0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_PROVIDER_CONTEXT1_
+    {
+    GUID providerContextKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    GUID *providerKey;
+    FWP_BYTE_BLOB providerData;
+    FWPM_PROVIDER_CONTEXT_TYPE type;
+    union 
+        {
+        IPSEC_KEYING_POLICY0 *keyingPolicy;
+        IPSEC_TRANSPORT_POLICY1 *ikeQmTransportPolicy;
+        IPSEC_TUNNEL_POLICY1 *ikeQmTunnelPolicy;
+        IPSEC_TRANSPORT_POLICY1 *authipQmTransportPolicy;
+        IPSEC_TUNNEL_POLICY1 *authipQmTunnelPolicy;
+        IKEEXT_POLICY1 *ikeMmPolicy;
+        IKEEXT_POLICY1 *authIpMmPolicy;
+        FWP_BYTE_BLOB *dataBuffer;
+        FWPM_CLASSIFY_OPTIONS0 *classifyOptions;
+        IPSEC_TUNNEL_POLICY1 *ikeV2QmTunnelPolicy;
+        IKEEXT_POLICY1 *ikeV2MmPolicy;
+        IPSEC_DOSP_OPTIONS0 *idpOptions;
+        } 	;
+    UINT64 providerContextId;
+    } 	FWPM_PROVIDER_CONTEXT1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0_
+    {
+    GUID *providerKey;
+    FWPM_PROVIDER_CONTEXT_TYPE providerContextType;
+    } 	FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0;
+
+typedef struct FWPM_PROVIDER_CONTEXT_CHANGE0_
+    {
+    FWPM_CHANGE_TYPE changeType;
+    GUID providerContextKey;
+    UINT64 providerContextId;
+    } 	FWPM_PROVIDER_CONTEXT_CHANGE0;
+
+typedef struct FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0_
+    {
+    FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0 *enumTemplate;
+    UINT32 flags;
+    GUID sessionKey;
+    } 	FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0;
+
+#define FWPM_SUBLAYER_FLAG_PERSISTENT       (0x00000001)
+typedef struct FWPM_SUBLAYER0_
+    {
+    GUID subLayerKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    GUID *providerKey;
+    FWP_BYTE_BLOB providerData;
+    UINT16 weight;
+    } 	FWPM_SUBLAYER0;
+
+typedef struct FWPM_SUBLAYER_ENUM_TEMPLATE0_
+    {
+    GUID *providerKey;
+    } 	FWPM_SUBLAYER_ENUM_TEMPLATE0;
+
+typedef struct FWPM_SUBLAYER_CHANGE0_
+    {
+    FWPM_CHANGE_TYPE changeType;
+    GUID subLayerKey;
+    } 	FWPM_SUBLAYER_CHANGE0;
+
+typedef struct FWPM_SUBLAYER_SUBSCRIPTION0_
+    {
+    FWPM_SUBLAYER_ENUM_TEMPLATE0 *enumTemplate;
+    UINT32 flags;
+    GUID sessionKey;
+    } 	FWPM_SUBLAYER_SUBSCRIPTION0;
+
+#define FWPM_LAYER_FLAG_KERNEL           (0x00000001)
+#define FWPM_LAYER_FLAG_BUILTIN          (0x00000002)
+#define FWPM_LAYER_FLAG_CLASSIFY_MOSTLY  (0x00000004)
+#define FWPM_LAYER_FLAG_BUFFERED         (0x00000008)
+typedef /* [v1_enum] */ 
+enum FWPM_FIELD_TYPE_
+    {	FWPM_FIELD_RAW_DATA	= 0,
+	FWPM_FIELD_IP_ADDRESS	= ( FWPM_FIELD_RAW_DATA + 1 ) ,
+	FWPM_FIELD_FLAGS	= ( FWPM_FIELD_IP_ADDRESS + 1 ) ,
+	FWPM_FIELD_TYPE_MAX	= ( FWPM_FIELD_FLAGS + 1 ) 
+    } 	FWPM_FIELD_TYPE;
+
+typedef struct FWPM_FIELD0_
+    {
+    GUID *fieldKey;
+    FWPM_FIELD_TYPE type;
+    FWP_DATA_TYPE dataType;
+    } 	FWPM_FIELD0;
+
+typedef struct FWPM_LAYER0_
+    {
+    GUID layerKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    UINT32 numFields;
+    FWPM_FIELD0 *field;
+    GUID defaultSubLayerKey;
+    UINT16 layerId;
+    } 	FWPM_LAYER0;
+
+typedef struct FWPM_LAYER_ENUM_TEMPLATE0_
+    {
+    UINT64 reserved;
+    } 	FWPM_LAYER_ENUM_TEMPLATE0;
+
+#define FWPM_CALLOUT_FLAG_PERSISTENT             (0x00010000)
+#define FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT  (0x00020000)
+#define FWPM_CALLOUT_FLAG_REGISTERED             (0x00040000)
+typedef struct FWPM_CALLOUT0_
+    {
+    GUID calloutKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    GUID *providerKey;
+    FWP_BYTE_BLOB providerData;
+    GUID applicableLayer;
+    UINT32 calloutId;
+    } 	FWPM_CALLOUT0;
+
+typedef struct FWPM_CALLOUT_ENUM_TEMPLATE0_
+    {
+    GUID *providerKey;
+    GUID layerKey;
+    } 	FWPM_CALLOUT_ENUM_TEMPLATE0;
+
+typedef struct FWPM_CALLOUT_CHANGE0_
+    {
+    FWPM_CHANGE_TYPE changeType;
+    GUID calloutKey;
+    UINT32 calloutId;
+    } 	FWPM_CALLOUT_CHANGE0;
+
+typedef struct FWPM_CALLOUT_SUBSCRIPTION0_
+    {
+    FWPM_CALLOUT_ENUM_TEMPLATE0 *enumTemplate;
+    UINT32 flags;
+    GUID sessionKey;
+    } 	FWPM_CALLOUT_SUBSCRIPTION0;
+
+typedef struct FWPM_ACTION0_
+    {
+    FWP_ACTION_TYPE type;
+    /* [switch_type] */ union 
+        {
+        GUID filterType;
+        GUID calloutKey;
+        } 	;
+    } 	FWPM_ACTION0;
+
+typedef struct FWPM_FILTER_CONDITION0_
+    {
+    GUID fieldKey;
+    FWP_MATCH_TYPE matchType;
+    FWP_CONDITION_VALUE0 conditionValue;
+    } 	FWPM_FILTER_CONDITION0;
+
+#define FWPM_FILTER_FLAG_NONE (0x00000000)
+#define FWPM_FILTER_FLAG_PERSISTENT (0x00000001)
+#define FWPM_FILTER_FLAG_BOOTTIME (0x00000002)
+#define FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT  (0x00000004)
+#define FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT (0x00000008)
+#define FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED (0x00000010)
+#define FWPM_FILTER_FLAG_DISABLED (0x00000020)
+typedef struct FWPM_FILTER0_
+    {
+    GUID filterKey;
+    FWPM_DISPLAY_DATA0 displayData;
+    UINT32 flags;
+    GUID *providerKey;
+    FWP_BYTE_BLOB providerData;
+    GUID layerKey;
+    GUID subLayerKey;
+    FWP_VALUE0 weight;
+    UINT32 numFilterConditions;
+    FWPM_FILTER_CONDITION0 *filterCondition;
+    FWPM_ACTION0 action;
+    /* [switch_type] */ union 
+        {
+        UINT64 rawContext;
+        GUID providerContextKey;
+        } 	;
+    GUID *reserved;
+    UINT64 filterId;
+    FWP_VALUE0 effectiveWeight;
+    } 	FWPM_FILTER0;
+
+typedef struct FWPM_FILTER_ENUM_TEMPLATE0_
+    {
+    GUID *providerKey;
+    GUID layerKey;
+    FWP_FILTER_ENUM_TYPE enumType;
+    UINT32 flags;
+    FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0 *providerContextTemplate;
+    UINT32 numFilterConditions;
+    FWPM_FILTER_CONDITION0 *filterCondition;
+    UINT32 actionMask;
+    GUID *calloutKey;
+    } 	FWPM_FILTER_ENUM_TEMPLATE0;
+
+typedef struct FWPM_FILTER_CHANGE0_
+    {
+    FWPM_CHANGE_TYPE changeType;
+    GUID filterKey;
+    UINT64 filterId;
+    } 	FWPM_FILTER_CHANGE0;
+
+typedef struct FWPM_FILTER_SUBSCRIPTION0_
+    {
+    FWPM_FILTER_ENUM_TEMPLATE0 *enumTemplate;
+    UINT32 flags;
+    GUID sessionKey;
+    } 	FWPM_FILTER_SUBSCRIPTION0;
+
+typedef struct FWPM_LAYER_STATISTICS0_
+    {
+    GUID layerId;
+    UINT32 classifyPermitCount;
+    UINT32 classifyBlockCount;
+    UINT32 classifyVetoCount;
+    UINT32 numCacheEntries;
+    } 	FWPM_LAYER_STATISTICS0;
+
+typedef struct FWPM_STATISTICS0_
+    {
+    UINT32 numLayerStatistics;
+    FWPM_LAYER_STATISTICS0 *layerStatistics;
+    UINT32 inboundAllowedConnectionsV4;
+    UINT32 inboundBlockedConnectionsV4;
+    UINT32 outboundAllowedConnectionsV4;
+    UINT32 outboundBlockedConnectionsV4;
+    UINT32 inboundAllowedConnectionsV6;
+    UINT32 inboundBlockedConnectionsV6;
+    UINT32 outboundAllowedConnectionsV6;
+    UINT32 outboundBlockedConnectionsV6;
+    UINT32 inboundActiveConnectionsV4;
+    UINT32 outboundActiveConnectionsV4;
+    UINT32 inboundActiveConnectionsV6;
+    UINT32 outboundActiveConnectionsV6;
+    } 	FWPM_STATISTICS0;
+
+#define FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET (0x00000001)
+#define FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET  (0x00000002)
+#define FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET (0x00000004)
+#define FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET  (0x00000008)
+#define FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET (0x00000010)
+#define FWPM_NET_EVENT_FLAG_APP_ID_SET      (0x00000020)
+#define FWPM_NET_EVENT_FLAG_USER_ID_SET     (0x00000040)
+#define FWPM_NET_EVENT_FLAG_SCOPE_ID_SET    (0x00000080)
+#define FWPM_NET_EVENT_FLAG_IP_VERSION_SET  (0x00000100)
+#define FWPM_NET_EVENT_FLAG_REAUTH_REASON_SET (0x00000200)
+typedef struct FWPM_NET_EVENT_HEADER0_
+    {
+    FILETIME timeStamp;
+    UINT32 flags;
+    FWP_IP_VERSION ipVersion;
+    UINT8 ipProtocol;
+    union 
+        {
+        UINT32 localAddrV4;
+        FWP_BYTE_ARRAY16 localAddrV6;
+        } 	;
+    union 
+        {
+        UINT32 remoteAddrV4;
+        FWP_BYTE_ARRAY16 remoteAddrV6;
+        } 	;
+    UINT16 localPort;
+    UINT16 remotePort;
+    UINT32 scopeId;
+    FWP_BYTE_BLOB appId;
+    SID *userId;
+    } 	FWPM_NET_EVENT_HEADER0;
+
+typedef struct FWPM_NET_EVENT_HEADER1_
+    {
+    FILETIME timeStamp;
+    UINT32 flags;
+    FWP_IP_VERSION ipVersion;
+    UINT8 ipProtocol;
+    union 
+        {
+        UINT32 localAddrV4;
+        FWP_BYTE_ARRAY16 localAddrV6;
+         /* Empty union arm */ 
+        } 	;
+    union 
+        {
+        UINT32 remoteAddrV4;
+        FWP_BYTE_ARRAY16 remoteAddrV6;
+         /* Empty union arm */ 
+        } 	;
+    UINT16 localPort;
+    UINT16 remotePort;
+    UINT32 scopeId;
+    FWP_BYTE_BLOB appId;
+    SID *userId;
+    union 
+        {
+        struct 
+            {
+            FWP_AF addressFamily;
+            union 
+                {
+                struct 
+                    {
+                    FWP_BYTE_ARRAY6 dstAddrEth;
+                    FWP_BYTE_ARRAY6 srcAddrEth;
+                    DL_ADDRESS_TYPE addrType;
+                    FWP_ETHER_ENCAP_METHOD encapMethod;
+                    UINT16 etherType;
+                    UINT32 snapControl;
+                    UINT32 snapOui;
+                    UINT16 vlanTag;
+                    UINT64 ifLuid;
+                    } 	;
+                } 	;
+            } 	;
+         /* Empty union arm */ 
+        } 	;
+    } 	FWPM_NET_EVENT_HEADER1;
+
+typedef /* [v1_enum] */ 
+enum FWPM_NET_EVENT_TYPE_
+    {	FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE	= 0,
+	FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE	= ( FWPM_NET_EVENT_TYPE_IKEEXT_MM_FAILURE + 1 ) ,
+	FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE	= ( FWPM_NET_EVENT_TYPE_IKEEXT_QM_FAILURE + 1 ) ,
+	FWPM_NET_EVENT_TYPE_CLASSIFY_DROP	= ( FWPM_NET_EVENT_TYPE_IKEEXT_EM_FAILURE + 1 ) ,
+	FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP	= ( FWPM_NET_EVENT_TYPE_CLASSIFY_DROP + 1 ) ,
+	FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP	= ( FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP + 1 ) ,
+	FWPM_NET_EVENT_TYPE_MAX	= ( FWPM_NET_EVENT_TYPE_IPSEC_DOSP_DROP + 1 ) 
+    } 	FWPM_NET_EVENT_TYPE;
+
+#define IKEEXT_CERT_HASH_LEN 20
+#define FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_BENIGN (0x00000001)
+#define FWPM_NET_EVENT_IKEEXT_MM_FAILURE_FLAG_MULTIPLE (0x00000002)
+typedef struct FWPM_NET_EVENT_IKEEXT_MM_FAILURE0_
+    {
+    UINT32 failureErrorCode;
+    IPSEC_FAILURE_POINT failurePoint;
+    UINT32 flags;
+    IKEEXT_KEY_MODULE_TYPE keyingModuleType;
+    IKEEXT_MM_SA_STATE mmState;
+    IKEEXT_SA_ROLE saRole;
+    IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod;
+    UINT8 endCertHash[ 20 ];
+    UINT64 mmId;
+    UINT64 mmFilterId;
+    } 	FWPM_NET_EVENT_IKEEXT_MM_FAILURE0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_NET_EVENT_IKEEXT_MM_FAILURE1_
+    {
+    UINT32 failureErrorCode;
+    IPSEC_FAILURE_POINT failurePoint;
+    UINT32 flags;
+    IKEEXT_KEY_MODULE_TYPE keyingModuleType;
+    IKEEXT_MM_SA_STATE mmState;
+    IKEEXT_SA_ROLE saRole;
+    IKEEXT_AUTHENTICATION_METHOD_TYPE mmAuthMethod;
+    UINT8 endCertHash[ 20 ];
+    UINT64 mmId;
+    UINT64 mmFilterId;
+    wchar_t *localPrincipalNameForAuth;
+    wchar_t *remotePrincipalNameForAuth;
+    UINT32 numLocalPrincipalGroupSids;
+    LPWSTR *localPrincipalGroupSids;
+    UINT32 numRemotePrincipalGroupSids;
+    LPWSTR *remotePrincipalGroupSids;
+    } 	FWPM_NET_EVENT_IKEEXT_MM_FAILURE1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_NET_EVENT_IKEEXT_QM_FAILURE0_
+    {
+    UINT32 failureErrorCode;
+    IPSEC_FAILURE_POINT failurePoint;
+    IKEEXT_KEY_MODULE_TYPE keyingModuleType;
+    IKEEXT_QM_SA_STATE qmState;
+    IKEEXT_SA_ROLE saRole;
+    IPSEC_TRAFFIC_TYPE saTrafficType;
+    union 
+        {
+         /* Empty union arm */ 
+        FWP_CONDITION_VALUE0 localSubNet;
+        } 	;
+    union 
+        {
+         /* Empty union arm */ 
+        FWP_CONDITION_VALUE0 remoteSubNet;
+        } 	;
+    UINT64 qmFilterId;
+    } 	FWPM_NET_EVENT_IKEEXT_QM_FAILURE0;
+
+#define FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_MULTIPLE (0x00000001)
+#define FWPM_NET_EVENT_IKEEXT_EM_FAILURE_FLAG_BENIGN (0x00000002)
+typedef struct FWPM_NET_EVENT_IKEEXT_EM_FAILURE0_
+    {
+    UINT32 failureErrorCode;
+    IPSEC_FAILURE_POINT failurePoint;
+    UINT32 flags;
+    IKEEXT_EM_SA_STATE emState;
+    IKEEXT_SA_ROLE saRole;
+    IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod;
+    UINT8 endCertHash[ 20 ];
+    UINT64 mmId;
+    UINT64 qmFilterId;
+    } 	FWPM_NET_EVENT_IKEEXT_EM_FAILURE0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_NET_EVENT_IKEEXT_EM_FAILURE1_
+    {
+    UINT32 failureErrorCode;
+    IPSEC_FAILURE_POINT failurePoint;
+    UINT32 flags;
+    IKEEXT_EM_SA_STATE emState;
+    IKEEXT_SA_ROLE saRole;
+    IKEEXT_AUTHENTICATION_METHOD_TYPE emAuthMethod;
+    UINT8 endCertHash[ 20 ];
+    UINT64 mmId;
+    UINT64 qmFilterId;
+    wchar_t *localPrincipalNameForAuth;
+    wchar_t *remotePrincipalNameForAuth;
+    UINT32 numLocalPrincipalGroupSids;
+    LPWSTR *localPrincipalGroupSids;
+    UINT32 numRemotePrincipalGroupSids;
+    LPWSTR *remotePrincipalGroupSids;
+    IPSEC_TRAFFIC_TYPE saTrafficType;
+    } 	FWPM_NET_EVENT_IKEEXT_EM_FAILURE1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_NET_EVENT_CLASSIFY_DROP0_
+    {
+    UINT64 filterId;
+    UINT16 layerId;
+    } 	FWPM_NET_EVENT_CLASSIFY_DROP0;
+
+typedef struct FWPM_NET_EVENT_CLASSIFY_DROP1_
+    {
+    UINT64 filterId;
+    UINT16 layerId;
+    UINT32 reauthReason;
+    UINT32 originalProfile;
+    UINT32 currentProfile;
+    UINT32 msFwpDirection;
+    BOOL isLoopback;
+    } 	FWPM_NET_EVENT_CLASSIFY_DROP1;
+
+typedef struct FWPM_NET_EVENT_IPSEC_KERNEL_DROP0_
+    {
+    INT32 failureStatus;
+    FWP_DIRECTION direction;
+    IPSEC_SA_SPI spi;
+    UINT64 filterId;
+    UINT16 layerId;
+    } 	FWPM_NET_EVENT_IPSEC_KERNEL_DROP0;
+
+typedef struct FWPM_NET_EVENT_IPSEC_DOSP_DROP0_
+    {
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 publicHostV4Addr;
+        UINT8 publicHostV6Addr[ 16 ];
+        } 	;
+    union 
+        {
+        UINT32 internalHostV4Addr;
+        UINT8 internalHostV6Addr[ 16 ];
+        } 	;
+    INT32 failureStatus;
+    FWP_DIRECTION direction;
+    } 	FWPM_NET_EVENT_IPSEC_DOSP_DROP0;
+
+typedef struct FWPM_NET_EVENT0_
+    {
+    FWPM_NET_EVENT_HEADER0 header;
+    FWPM_NET_EVENT_TYPE type;
+    union 
+        {
+        FWPM_NET_EVENT_IKEEXT_MM_FAILURE0 *ikeMmFailure;
+        FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 *ikeQmFailure;
+        FWPM_NET_EVENT_IKEEXT_EM_FAILURE0 *ikeEmFailure;
+        FWPM_NET_EVENT_CLASSIFY_DROP0 *classifyDrop;
+        FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 *ipsecDrop;
+        FWPM_NET_EVENT_IPSEC_DOSP_DROP0 *idpDrop;
+        } 	;
+    } 	FWPM_NET_EVENT0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_NET_EVENT1_
+    {
+    FWPM_NET_EVENT_HEADER1 header;
+    FWPM_NET_EVENT_TYPE type;
+    union 
+        {
+        FWPM_NET_EVENT_IKEEXT_MM_FAILURE1 *ikeMmFailure;
+        FWPM_NET_EVENT_IKEEXT_QM_FAILURE0 *ikeQmFailure;
+        FWPM_NET_EVENT_IKEEXT_EM_FAILURE1 *ikeEmFailure;
+        FWPM_NET_EVENT_CLASSIFY_DROP1 *classifyDrop;
+        FWPM_NET_EVENT_IPSEC_KERNEL_DROP0 *ipsecDrop;
+        FWPM_NET_EVENT_IPSEC_DOSP_DROP0 *idpDrop;
+        } 	;
+    } 	FWPM_NET_EVENT1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct FWPM_NET_EVENT_ENUM_TEMPLATE0_
+    {
+    FILETIME startTime;
+    FILETIME endTime;
+    UINT32 numFilterConditions;
+    FWPM_FILTER_CONDITION0 *filterCondition;
+    } 	FWPM_NET_EVENT_ENUM_TEMPLATE0;
+
+typedef struct FWPM_NET_EVENT_SUBSCRIPTION0_
+    {
+    FWPM_NET_EVENT_ENUM_TEMPLATE0 *enumTemplate;
+    UINT32 flags;
+    GUID sessionKey;
+    } 	FWPM_NET_EVENT_SUBSCRIPTION0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef /* [v1_enum] */ 
+enum FWPM_SYSTEM_PORT_TYPE_
+    {	FWPM_SYSTEM_PORT_RPC_EPMAP	= 0,
+	FWPM_SYSTEM_PORT_TEREDO	= ( FWPM_SYSTEM_PORT_RPC_EPMAP + 1 ) ,
+	FWPM_SYSTEM_PORT_IPHTTPS_IN	= ( FWPM_SYSTEM_PORT_TEREDO + 1 ) ,
+	FWPM_SYSTEM_PORT_IPHTTPS_OUT	= ( FWPM_SYSTEM_PORT_IPHTTPS_IN + 1 ) ,
+	FWPM_SYSTEM_PORT_TYPE_MAX	= ( FWPM_SYSTEM_PORT_IPHTTPS_OUT + 1 ) 
+    } 	FWPM_SYSTEM_PORT_TYPE;
+
+typedef struct FWPM_SYSTEM_PORTS_BY_TYPE0_
+    {
+    FWPM_SYSTEM_PORT_TYPE type;
+    UINT32 numPorts;
+    UINT16 *ports;
+    } 	FWPM_SYSTEM_PORTS_BY_TYPE0;
+
+typedef struct FWPM_SYSTEM_PORTS0_
+    {
+    UINT32 numTypes;
+    FWPM_SYSTEM_PORTS_BY_TYPE0 *types;
+    } 	FWPM_SYSTEM_PORTS0;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(pop)
+#else
+#pragma warning(default:4201)
+#endif
+#endif
+
+
+extern RPC_IF_HANDLE __MIDL_itf_fwpmtypes_0000_0000_v0_0_c_ifspec;
+extern RPC_IF_HANDLE __MIDL_itf_fwpmtypes_0000_0000_v0_0_s_ifspec;
+
+/* Additional Prototypes for ALL interfaces */
+
+/* end of Additional Prototypes */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
+

src/Mayaqua/fixed_fwpmu.h

@@ -0,0 +1,3884 @@
+/*
+   Copyright (c) Microsoft Corporation
+
+   SYNOPSIS
+
+     Declares the management portion of the FWP API.
+*/
+
+//#if (NTDDI_VERSION >= NTDDI_WIN6)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// GUIDs for built-in layers.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// c86fd1bf-21cd-497e-a0bb-17425c885c58
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_IPPACKET_V4,
+   0xc86fd1bf,
+   0x21cd,
+   0x497e,
+   0xa0, 0xbb, 0x17, 0x42, 0x5c, 0x88, 0x5c, 0x58
+);
+
+// b5a230d0-a8c0-44f2-916e-991b53ded1f7
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_IPPACKET_V4_DISCARD,
+   0xb5a230d0,
+   0xa8c0,
+   0x44f2,
+   0x91, 0x6e, 0x99, 0x1b, 0x53, 0xde, 0xd1, 0xf7
+);
+
+// f52032cb-991c-46e7-971d-2601459a91ca
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_IPPACKET_V6,
+   0xf52032cb,
+   0x991c,
+   0x46e7,
+   0x97, 0x1d, 0x26, 0x01, 0x45, 0x9a, 0x91, 0xca
+);
+
+// bb24c279-93b4-47a2-83ad-ae1698b50885
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_IPPACKET_V6_DISCARD,
+   0xbb24c279,
+   0x93b4,
+   0x47a2,
+   0x83, 0xad, 0xae, 0x16, 0x98, 0xb5, 0x08, 0x85
+);
+
+// 1e5c9fae-8a84-4135-a331-950b54229ecd
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_IPPACKET_V4,
+   0x1e5c9fae,
+   0x8a84,
+   0x4135,
+   0xa3, 0x31, 0x95, 0x0b, 0x54, 0x22, 0x9e, 0xcd
+);
+
+// 08e4bcb5-b647-48f3-953c-e5ddbd03937e
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_IPPACKET_V4_DISCARD,
+   0x08e4bcb5,
+   0xb647,
+   0x48f3,
+   0x95, 0x3c, 0xe5, 0xdd, 0xbd, 0x03, 0x93, 0x7e
+);
+
+// a3b3ab6b-3564-488c-9117-f34e82142763
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_IPPACKET_V6,
+   0xa3b3ab6b,
+   0x3564,
+   0x488c,
+   0x91, 0x17, 0xf3, 0x4e, 0x82, 0x14, 0x27, 0x63
+);
+
+// 9513d7c4-a934-49dc-91a7-6ccb80cc02e3
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_IPPACKET_V6_DISCARD,
+   0x9513d7c4,
+   0xa934,
+   0x49dc,
+   0x91, 0xa7, 0x6c, 0xcb, 0x80, 0xcc, 0x02, 0xe3
+);
+
+// a82acc24-4ee1-4ee1-b465-fd1d25cb10a4
+DEFINE_GUID(
+   FWPM_LAYER_IPFORWARD_V4,
+   0xa82acc24,
+   0x4ee1,
+   0x4ee1,
+   0xb4, 0x65, 0xfd, 0x1d, 0x25, 0xcb, 0x10, 0xa4
+);
+
+// 9e9ea773-2fae-4210-8f17-34129ef369eb
+DEFINE_GUID(
+   FWPM_LAYER_IPFORWARD_V4_DISCARD,
+   0x9e9ea773,
+   0x2fae,
+   0x4210,
+   0x8f, 0x17, 0x34, 0x12, 0x9e, 0xf3, 0x69, 0xeb
+);
+
+// 7b964818-19c7-493a-b71f-832c3684d28c
+DEFINE_GUID(
+   FWPM_LAYER_IPFORWARD_V6,
+   0x7b964818,
+   0x19c7,
+   0x493a,
+   0xb7, 0x1f, 0x83, 0x2c, 0x36, 0x84, 0xd2, 0x8c
+);
+
+// 31524a5d-1dfe-472f-bb93-518ee945d8a2
+DEFINE_GUID(
+   FWPM_LAYER_IPFORWARD_V6_DISCARD,
+   0x31524a5d,
+   0x1dfe,
+   0x472f,
+   0xbb, 0x93, 0x51, 0x8e, 0xe9, 0x45, 0xd8, 0xa2
+);
+
+// 5926dfc8-e3cf-4426-a283-dc393f5d0f9d
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_TRANSPORT_V4,
+   0x5926dfc8,
+   0xe3cf,
+   0x4426,
+   0xa2, 0x83, 0xdc, 0x39, 0x3f, 0x5d, 0x0f, 0x9d
+);
+
+// ac4a9833-f69d-4648-b261-6dc84835ef39
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_TRANSPORT_V4_DISCARD,
+   0xac4a9833,
+   0xf69d,
+   0x4648,
+   0xb2, 0x61, 0x6d, 0xc8, 0x48, 0x35, 0xef, 0x39
+);
+
+// 634a869f-fc23-4b90-b0c1-bf620a36ae6f
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_TRANSPORT_V6,
+   0x634a869f,
+   0xfc23,
+   0x4b90,
+   0xb0, 0xc1, 0xbf, 0x62, 0x0a, 0x36, 0xae, 0x6f
+);
+
+// 2a6ff955-3b2b-49d2-9848-ad9d72dcaab7
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_TRANSPORT_V6_DISCARD,
+   0x2a6ff955,
+   0x3b2b,
+   0x49d2,
+   0x98, 0x48, 0xad, 0x9d, 0x72, 0xdc, 0xaa, 0xb7
+);
+
+// 09e61aea-d214-46e2-9b21-b26b0b2f28c8
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_TRANSPORT_V4,
+   0x09e61aea,
+   0xd214,
+   0x46e2,
+   0x9b, 0x21, 0xb2, 0x6b, 0x0b, 0x2f, 0x28, 0xc8
+);
+
+// c5f10551-bdb0-43d7-a313-50e211f4d68a
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_TRANSPORT_V4_DISCARD,
+   0xc5f10551,
+   0xbdb0,
+   0x43d7,
+   0xa3, 0x13, 0x50, 0xe2, 0x11, 0xf4, 0xd6, 0x8a
+);
+
+// e1735bde-013f-4655-b351-a49e15762df0
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_TRANSPORT_V6,
+   0xe1735bde,
+   0x013f,
+   0x4655,
+   0xb3, 0x51, 0xa4, 0x9e, 0x15, 0x76, 0x2d, 0xf0
+);
+
+// f433df69-ccbd-482e-b9b2-57165658c3b3
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_TRANSPORT_V6_DISCARD,
+   0xf433df69,
+   0xccbd,
+   0x482e,
+   0xb9, 0xb2, 0x57, 0x16, 0x56, 0x58, 0xc3, 0xb3
+);
+
+// 3b89653c-c170-49e4-b1cd-e0eeeee19a3e
+DEFINE_GUID(
+   FWPM_LAYER_STREAM_V4,
+   0x3b89653c,
+   0xc170,
+   0x49e4,
+   0xb1, 0xcd, 0xe0, 0xee, 0xee, 0xe1, 0x9a, 0x3e
+);
+
+// 25c4c2c2-25ff-4352-82f9-c54a4a4726dc
+DEFINE_GUID(
+   FWPM_LAYER_STREAM_V4_DISCARD,
+   0x25c4c2c2,
+   0x25ff,
+   0x4352,
+   0x82, 0xf9, 0xc5, 0x4a, 0x4a, 0x47, 0x26, 0xdc
+);
+
+// 47c9137a-7ec4-46b3-b6e4-48e926b1eda4
+DEFINE_GUID(
+   FWPM_LAYER_STREAM_V6,
+   0x47c9137a,
+   0x7ec4,
+   0x46b3,
+   0xb6, 0xe4, 0x48, 0xe9, 0x26, 0xb1, 0xed, 0xa4
+);
+
+// 10a59fc7-b628-4c41-9eb8-cf37d55103cf
+DEFINE_GUID(
+   FWPM_LAYER_STREAM_V6_DISCARD,
+   0x10a59fc7,
+   0xb628,
+   0x4c41,
+   0x9e, 0xb8, 0xcf, 0x37, 0xd5, 0x51, 0x03, 0xcf
+);
+
+// 3d08bf4e-45f6-4930-a922-417098e20027
+DEFINE_GUID(
+   FWPM_LAYER_DATAGRAM_DATA_V4,
+   0x3d08bf4e,
+   0x45f6,
+   0x4930,
+   0xa9, 0x22, 0x41, 0x70, 0x98, 0xe2, 0x00, 0x27
+);
+
+// 18e330c6-7248-4e52-aaab-472ed67704fd
+DEFINE_GUID(
+   FWPM_LAYER_DATAGRAM_DATA_V4_DISCARD,
+   0x18e330c6,
+   0x7248,
+   0x4e52,
+   0xaa, 0xab, 0x47, 0x2e, 0xd6, 0x77, 0x04, 0xfd
+);
+
+// fa45fe2f-3cba-4427-87fc-57b9a4b10d00
+DEFINE_GUID(
+   FWPM_LAYER_DATAGRAM_DATA_V6,
+   0xfa45fe2f,
+   0x3cba,
+   0x4427,
+   0x87, 0xfc, 0x57, 0xb9, 0xa4, 0xb1, 0x0d, 0x00
+);
+
+// 09d1dfe1-9b86-4a42-be9d-8c315b92a5d0
+DEFINE_GUID(
+   FWPM_LAYER_DATAGRAM_DATA_V6_DISCARD,
+   0x09d1dfe1,
+   0x9b86,
+   0x4a42,
+   0xbe, 0x9d, 0x8c, 0x31, 0x5b, 0x92, 0xa5, 0xd0
+);
+
+// 61499990-3cb6-4e84-b950-53b94b6964f3
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_ICMP_ERROR_V4,
+   0x61499990,
+   0x3cb6,
+   0x4e84,
+   0xb9, 0x50, 0x53, 0xb9, 0x4b, 0x69, 0x64, 0xf3
+);
+
+// a6b17075-ebaf-4053-a4e7-213c8121ede5
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_ICMP_ERROR_V4_DISCARD,
+   0xa6b17075,
+   0xebaf,
+   0x4053,
+   0xa4, 0xe7, 0x21, 0x3c, 0x81, 0x21, 0xed, 0xe5
+);
+
+// 65f9bdff-3b2d-4e5d-b8c6-c720651fe898
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_ICMP_ERROR_V6,
+   0x65f9bdff,
+   0x3b2d,
+   0x4e5d,
+   0xb8, 0xc6, 0xc7, 0x20, 0x65, 0x1f, 0xe8, 0x98
+);
+
+// a6e7ccc0-08fb-468d-a472-9771d5595e09
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_ICMP_ERROR_V6_DISCARD,
+   0xa6e7ccc0,
+   0x08fb,
+   0x468d,
+   0xa4, 0x72, 0x97, 0x71, 0xd5, 0x59, 0x5e, 0x09
+);
+
+// 41390100-564c-4b32-bc1d-718048354d7c
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4,
+   0x41390100,
+   0x564c,
+   0x4b32,
+   0xbc, 0x1d, 0x71, 0x80, 0x48, 0x35, 0x4d, 0x7c
+);
+
+// b3598d36-0561-4588-a6bf-e955e3f6264b
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_ICMP_ERROR_V4_DISCARD,
+   0xb3598d36,
+   0x0561,
+   0x4588,
+   0xa6, 0xbf, 0xe9, 0x55, 0xe3, 0xf6, 0x26, 0x4b
+);
+
+// 7fb03b60-7b8d-4dfa-badd-980176fc4e12
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_ICMP_ERROR_V6,
+   0x7fb03b60,
+   0x7b8d,
+   0x4dfa,
+   0xba, 0xdd, 0x98, 0x01, 0x76, 0xfc, 0x4e, 0x12
+);
+
+// 65f2e647-8d0c-4f47-b19b-33a4d3f1357c
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_ICMP_ERROR_V6_DISCARD,
+   0x65f2e647,
+   0x8d0c,
+   0x4f47,
+   0xb1, 0x9b, 0x33, 0xa4, 0xd3, 0xf1, 0x35, 0x7c
+);
+
+// 1247d66d-0b60-4a15-8d44-7155d0f53a0c
+DEFINE_GUID(
+   FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4,
+   0x1247d66d,
+   0x0b60,
+   0x4a15,
+   0x8d, 0x44, 0x71, 0x55, 0xd0, 0xf5, 0x3a, 0x0c
+);
+
+// 0b5812a2-c3ff-4eca-b88d-c79e20ac6322
+DEFINE_GUID(
+   FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4_DISCARD,
+   0x0b5812a2,
+   0xc3ff,
+   0x4eca,
+   0xb8, 0x8d, 0xc7, 0x9e, 0x20, 0xac, 0x63, 0x22
+);
+
+// 55a650e1-5f0a-4eca-a653-88f53b26aa8c
+DEFINE_GUID(
+   FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6,
+   0x55a650e1,
+   0x5f0a,
+   0x4eca,
+   0xa6, 0x53, 0x88, 0xf5, 0x3b, 0x26, 0xaa, 0x8c
+);
+
+// cbc998bb-c51f-4c1a-bb4f-9775fcacab2f
+DEFINE_GUID(
+   FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6_DISCARD,
+   0xcbc998bb,
+   0xc51f,
+   0x4c1a,
+   0xbb, 0x4f, 0x97, 0x75, 0xfc, 0xac, 0xab, 0x2f
+);
+
+// 88bb5dad-76d7-4227-9c71-df0a3ed7be7e
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_LISTEN_V4,
+   0x88bb5dad,
+   0x76d7,
+   0x4227,
+   0x9c, 0x71, 0xdf, 0x0a, 0x3e, 0xd7, 0xbe, 0x7e
+);
+
+// 371dfada-9f26-45fd-b4eb-c29eb212893f
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_LISTEN_V4_DISCARD,
+   0x371dfada,
+   0x9f26,
+   0x45fd,
+   0xb4, 0xeb, 0xc2, 0x9e, 0xb2, 0x12, 0x89, 0x3f
+);
+
+// 7ac9de24-17dd-4814-b4bd-a9fbc95a321b
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_LISTEN_V6,
+   0x7ac9de24,
+   0x17dd,
+   0x4814,
+   0xb4, 0xbd, 0xa9, 0xfb, 0xc9, 0x5a, 0x32, 0x1b
+);
+
+// 60703b07-63c8-48e9-ada3-12b1af40a617
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_LISTEN_V6_DISCARD,
+   0x60703b07,
+   0x63c8,
+   0x48e9,
+   0xad, 0xa3, 0x12, 0xb1, 0xaf, 0x40, 0xa6, 0x17
+);
+
+// e1cd9fe7-f4b5-4273-96c0-592e487b8650
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4,
+   0xe1cd9fe7,
+   0xf4b5,
+   0x4273,
+   0x96, 0xc0, 0x59, 0x2e, 0x48, 0x7b, 0x86, 0x50
+);
+
+// 9eeaa99b-bd22-4227-919f-0073c63357b1
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4_DISCARD,
+   0x9eeaa99b,
+   0xbd22,
+   0x4227,
+   0x91, 0x9f, 0x00, 0x73, 0xc6, 0x33, 0x57, 0xb1
+);
+
+// a3b42c97-9f04-4672-b87e-cee9c483257f
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6,
+   0xa3b42c97,
+   0x9f04,
+   0x4672,
+   0xb8, 0x7e, 0xce, 0xe9, 0xc4, 0x83, 0x25, 0x7f
+);
+
+// 89455b97-dbe1-453f-a224-13da895af396
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6_DISCARD,
+   0x89455b97,
+   0xdbe1,
+   0x453f,
+   0xa2, 0x24, 0x13, 0xda, 0x89, 0x5a, 0xf3, 0x96
+);
+
+// c38d57d1-05a7-4c33-904f-7fbceee60e82
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_CONNECT_V4,
+   0xc38d57d1,
+   0x05a7,
+   0x4c33,
+   0x90, 0x4f, 0x7f, 0xbc, 0xee, 0xe6, 0x0e, 0x82
+);
+
+// d632a801-f5ba-4ad6-96e3-607017d9836a
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_CONNECT_V4_DISCARD,
+   0xd632a801,
+   0xf5ba,
+   0x4ad6,
+   0x96, 0xe3, 0x60, 0x70, 0x17, 0xd9, 0x83, 0x6a
+);
+
+// 4a72393b-319f-44bc-84c3-ba54dcb3b6b4
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_CONNECT_V6,
+   0x4a72393b,
+   0x319f,
+   0x44bc,
+   0x84, 0xc3, 0xba, 0x54, 0xdc, 0xb3, 0xb6, 0xb4
+);
+
+// c97bc3b8-c9a3-4e33-8695-8e17aad4de09
+DEFINE_GUID(
+   FWPM_LAYER_ALE_AUTH_CONNECT_V6_DISCARD,
+   0xc97bc3b8,
+   0xc9a3,
+   0x4e33,
+   0x86, 0x95, 0x8e, 0x17, 0xaa, 0xd4, 0xde, 0x09
+);
+
+// af80470a-5596-4c13-9992-539e6fe57967
+DEFINE_GUID(
+   FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4,
+   0xaf80470a,
+   0x5596,
+   0x4c13,
+   0x99, 0x92, 0x53, 0x9e, 0x6f, 0xe5, 0x79, 0x67
+);
+
+// 146ae4a9-a1d2-4d43-a31a-4c42682b8e4f
+DEFINE_GUID(
+   FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4_DISCARD,
+   0x146ae4a9,
+   0xa1d2,
+   0x4d43,
+   0xa3, 0x1a, 0x4c, 0x42, 0x68, 0x2b, 0x8e, 0x4f
+);
+
+// 7021d2b3-dfa4-406e-afeb-6afaf7e70efd
+DEFINE_GUID(
+   FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6,
+   0x7021d2b3,
+   0xdfa4,
+   0x406e,
+   0xaf, 0xeb, 0x6a, 0xfa, 0xf7, 0xe7, 0x0e, 0xfd
+);
+
+// 46928636-bbca-4b76-941d-0fa7f5d7d372
+DEFINE_GUID(
+   FWPM_LAYER_ALE_FLOW_ESTABLISHED_V6_DISCARD,
+   0x46928636,
+   0xbbca,
+   0x4b76,
+   0x94, 0x1d, 0x0f, 0xa7, 0xf5, 0xd7, 0xd3, 0x72
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+// effb7edb-0055-4f9a-a23a-4ff8131ad191
+DEFINE_GUID(
+   FWPM_LAYER_INBOUND_MAC_FRAME_802_3,
+   0xeffb7edb,
+   0x0055,
+   0x4f9a,
+   0xa2, 0x31, 0x4f, 0xf8, 0x13, 0x1a, 0xd1, 0x91
+);
+
+// 694673bc-d6db-4870-adee-0acdbdb7f4b2
+DEFINE_GUID(
+   FWPM_LAYER_OUTBOUND_MAC_FRAME_802_3,
+   0x694673bc,
+   0xd6db,
+   0x4870,
+   0xad, 0xee, 0x0a, 0xcd, 0xbd, 0xb7, 0xf4, 0xb2
+);
+
+#endif
+
+// f02b1526-a459-4a51-b9e3-759de52b9d2c
+DEFINE_GUID(
+   FWPM_LAYER_IPSEC_KM_DEMUX_V4,
+   0xf02b1526,
+   0xa459,
+   0x4a51,
+   0xb9, 0xe3, 0x75, 0x9d, 0xe5, 0x2b, 0x9d, 0x2c
+);
+
+// 2f755cf6-2fd4-4e88-b3e4-a91bca495235
+DEFINE_GUID(
+   FWPM_LAYER_IPSEC_KM_DEMUX_V6,
+   0x2f755cf6,
+   0x2fd4,
+   0x4e88,
+   0xb3, 0xe4, 0xa9, 0x1b, 0xca, 0x49, 0x52, 0x35
+);
+
+// eda65c74-610d-4bc5-948f-3c4f89556867
+DEFINE_GUID(
+   FWPM_LAYER_IPSEC_V4,
+   0xeda65c74,
+   0x610d,
+   0x4bc5,
+   0x94, 0x8f, 0x3c, 0x4f, 0x89, 0x55, 0x68, 0x67
+);
+
+// 13c48442-8d87-4261-9a29-59d2abc348b4
+DEFINE_GUID(
+   FWPM_LAYER_IPSEC_V6,
+   0x13c48442,
+   0x8d87,
+   0x4261,
+   0x9a, 0x29, 0x59, 0xd2, 0xab, 0xc3, 0x48, 0xb4
+);
+
+// b14b7bdb-dbbd-473e-bed4-8b4708d4f270
+DEFINE_GUID(
+   FWPM_LAYER_IKEEXT_V4,
+   0xb14b7bdb,
+   0xdbbd,
+   0x473e,
+   0xbe, 0xd4, 0x8b, 0x47, 0x08, 0xd4, 0xf2, 0x70
+);
+
+// b64786b3-f687-4eb9-89d2-8ef32acdabe2
+DEFINE_GUID(
+   FWPM_LAYER_IKEEXT_V6,
+   0xb64786b3,
+   0xf687,
+   0x4eb9,
+   0x89, 0xd2, 0x8e, 0xf3, 0x2a, 0xcd, 0xab, 0xe2
+);
+
+// 75a89dda-95e4-40f3-adc7-7688a9c847e1
+DEFINE_GUID(
+   FWPM_LAYER_RPC_UM,
+   0x75a89dda,
+   0x95e4,
+   0x40f3,
+   0xad, 0xc7, 0x76, 0x88, 0xa9, 0xc8, 0x47, 0xe1
+);
+
+// 9247bc61-eb07-47ee-872c-bfd78bfd1616
+DEFINE_GUID(
+   FWPM_LAYER_RPC_EPMAP,
+   0x9247bc61,
+   0xeb07,
+   0x47ee,
+   0x87, 0x2c, 0xbf, 0xd7, 0x8b, 0xfd, 0x16, 0x16
+);
+
+// 618dffc7-c450-4943-95db-99b4c16a55d4
+DEFINE_GUID(
+   FWPM_LAYER_RPC_EP_ADD,
+   0x618dffc7,
+   0xc450,
+   0x4943,
+   0x95, 0xdb, 0x99, 0xb4, 0xc1, 0x6a, 0x55, 0xd4
+);
+
+// 94a4b50b-ba5c-4f27-907a-229fac0c2a7a
+DEFINE_GUID(
+   FWPM_LAYER_RPC_PROXY_CONN,
+   0x94a4b50b,
+   0xba5c,
+   0x4f27,
+   0x90, 0x7a, 0x22, 0x9f, 0xac, 0x0c, 0x2a, 0x7a
+);
+
+// f8a38615-e12c-41ac-98df-121ad981aade
+DEFINE_GUID(
+   FWPM_LAYER_RPC_PROXY_IF,
+   0xf8a38615,
+   0xe12c,
+   0x41ac,
+   0x98, 0xdf, 0x12, 0x1a, 0xd9, 0x81, 0xaa, 0xde
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+// 4aa226e9-9020-45fb-956a-c0249d841195
+DEFINE_GUID(
+   FWPM_LAYER_KM_AUTHORIZATION,
+   0x4aa226e9,
+   0x9020,
+   0x45fb,
+   0x95,0x6a, 0xc0, 0x24, 0x9d, 0x84, 0x11, 0x95
+);
+
+// 0c2aa681-905b-4ccd-a467-4dd811d07b7b
+DEFINE_GUID(
+   FWPM_LAYER_NAME_RESOLUTION_CACHE_V4,
+   0x0c2aa681,
+   0x905b,
+   0x4ccd,
+   0xa4, 0x67, 0x4d, 0xd8, 0x11, 0xd0, 0x7b, 0x7b  
+);
+
+// 92d592fa-6b01-434a-9dea-d1e96ea97da9
+DEFINE_GUID(
+   FWPM_LAYER_NAME_RESOLUTION_CACHE_V6,
+   0x92d592fa,
+   0x6b01,
+   0x434a,
+   0x9d, 0xea, 0xd1, 0xe9, 0x6e, 0xa9, 0x7d, 0xa9
+);
+
+// 74365cce-ccb0-401a-bfc1-b89934ad7e15
+DEFINE_GUID(
+   FWPM_LAYER_ALE_RESOURCE_RELEASE_V4,
+   0x74365cce,
+   0xccb0,
+   0x401a,
+   0xbf, 0xc1, 0xb8, 0x99, 0x34, 0xad, 0x7e, 0x15
+);
+
+// f4e5ce80-edcc-4e13-8a2f-b91454bb057b
+DEFINE_GUID(
+   FWPM_LAYER_ALE_RESOURCE_RELEASE_V6,
+   0xf4e5ce80,
+   0xedcc,
+   0x4e13,
+   0x8a, 0x2f, 0xb9, 0x14, 0x54, 0xbb, 0x05, 0x7b
+);
+
+// b4766427-e2a2-467a-bd7e-dbcd1bd85a09
+DEFINE_GUID(
+   FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V4,
+   0xb4766427,
+   0xe2a2,
+   0x467a,
+   0xbd, 0x7e, 0xdb, 0xcd, 0x1b, 0xd8, 0x5a, 0x09
+);
+
+// bb536ccd-4755-4ba9-9ff7-f9edf8699c7b
+DEFINE_GUID(
+   FWPM_LAYER_ALE_ENDPOINT_CLOSURE_V6,
+   0xbb536ccd,
+   0x4755,
+   0x4ba9,
+   0x9f, 0xf7, 0xf9, 0xed, 0xf8, 0x69, 0x9c, 0x7b
+);
+
+// c6e63c8c-b784-4562-aa7d-0a67cfcaf9a3
+DEFINE_GUID(
+   FWPM_LAYER_ALE_CONNECT_REDIRECT_V4,
+   0xc6e63c8c,
+   0xb784,
+   0x4562,
+   0xaa, 0x7d, 0x0a, 0x67, 0xcf, 0xca, 0xf9, 0xa3
+);
+
+// 587e54a7-8046-42ba-a0aa-b716250fc7fd
+DEFINE_GUID(
+   FWPM_LAYER_ALE_CONNECT_REDIRECT_V6,
+   0x587e54a7,
+   0x8046,
+   0x42ba,
+   0xa0, 0xaa, 0xb7, 0x16, 0x25, 0x0f, 0xc7, 0xfd
+);
+
+// 66978cad-c704-42ac-86ac-7c1a231bd253
+DEFINE_GUID(
+   FWPM_LAYER_ALE_BIND_REDIRECT_V4,
+   0x66978cad,
+   0xc704,
+   0x42ac,
+   0x86, 0xac, 0x7c, 0x1a, 0x23, 0x1b, 0xd2, 0x53
+);
+
+// bef02c9c-606b-4536-8c26-1c2fc7b631d4
+DEFINE_GUID(
+   FWPM_LAYER_ALE_BIND_REDIRECT_V6,
+   0xbef02c9c,
+   0x606b,
+   0x4536,
+   0x8c, 0x26, 0x1c, 0x2f, 0xc7, 0xb6, 0x31, 0xd4
+);
+
+// af52d8ec-cb2d-44e5-ad92-f8dc38d2eb29
+DEFINE_GUID(
+   FWPM_LAYER_STREAM_PACKET_V4,
+   0xaf52d8ec,
+   0xcb2d,
+   0x44e5,
+   0xad, 0x92, 0xf8, 0xdc, 0x38, 0xd2, 0xeb, 0x29
+);
+
+// 779a8ca3-f099-468f-b5d4-83535c461c02
+DEFINE_GUID(
+   FWPM_LAYER_STREAM_PACKET_V6,
+   0x779a8ca3,
+   0xf099,
+   0x468f,
+   0xb5, 0xd4, 0x83, 0x53, 0x5c, 0x46, 0x1c, 0x02
+);
+
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// GUIDs for built-in sublayers.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// 758c84f4-fb48-4de9-9aeb-3ed9551ab1fd
+DEFINE_GUID(
+   FWPM_SUBLAYER_RPC_AUDIT,
+   0x758c84f4,
+   0xfb48,
+   0x4de9,
+   0x9a, 0xeb, 0x3e, 0xd9, 0x55, 0x1a, 0xb1, 0xfd
+);
+
+// 83f299ed-9ff4-4967-aff4-c309f4dab827
+DEFINE_GUID(
+   FWPM_SUBLAYER_IPSEC_TUNNEL,
+   0x83f299ed,
+   0x9ff4,
+   0x4967,
+   0xaf, 0xf4, 0xc3, 0x09, 0xf4, 0xda, 0xb8, 0x27
+);
+
+// eebecc03-ced4-4380-819a-2734397b2b74
+DEFINE_GUID(
+   FWPM_SUBLAYER_UNIVERSAL,
+   0xeebecc03,
+   0xced4,
+   0x4380,
+   0x81, 0x9a, 0x27, 0x34, 0x39, 0x7b, 0x2b, 0x74
+);
+
+// 1b75c0ce-ff60-4711-a70f-b4958cc3b2d0
+DEFINE_GUID(
+   FWPM_SUBLAYER_LIPS,
+   0x1b75c0ce,
+   0xff60,
+   0x4711,
+   0xa7, 0x0f, 0xb4, 0x95, 0x8c, 0xc3, 0xb2, 0xd0
+);
+
+// 15a66e17-3f3c-4f7b-aa6c-812aa613dd82
+DEFINE_GUID(
+   FWPM_SUBLAYER_SECURE_SOCKET,
+   0x15a66e17,
+   0x3f3c,
+   0x4f7b,
+   0xaa, 0x6c, 0x81, 0x2a, 0xa6, 0x13, 0xdd, 0x82
+);
+
+// 337608b9-b7d5-4d5f-82f9-3618618bc058
+DEFINE_GUID(
+   FWPM_SUBLAYER_TCP_CHIMNEY_OFFLOAD,
+   0x337608b9,
+   0xb7d5,
+   0x4d5f,
+   0x82, 0xf9, 0x36, 0x18, 0x61, 0x8b, 0xc0, 0x58
+);
+
+// 877519e1-e6a9-41a5-81b4-8c4f118e4a60
+DEFINE_GUID(
+   FWPM_SUBLAYER_INSPECTION,
+   0x877519e1,
+   0xe6a9,
+   0x41a5,
+   0x81, 0xb4, 0x8c, 0x4f, 0x11, 0x8e, 0x4a, 0x60
+);
+
+// ba69dc66-5176-4979-9c89-26a7b46a8327
+DEFINE_GUID(
+   FWPM_SUBLAYER_TEREDO,
+   0xba69dc66,
+   0x5176,
+   0x4979,
+   0x9c, 0x89, 0x26, 0xa7, 0xb4, 0x6a, 0x83, 0x27
+);
+
+#define FWPM_SUBLAYER_EDGE_TRAVERSAL FWPM_SUBLAYER_TEREDO
+    
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+// a5082e73-8f71-4559-8a9a-101cea04ef87
+DEFINE_GUID(
+   FWPM_SUBLAYER_IPSEC_FORWARD_OUTBOUND_TUNNEL,
+   0xa5082e73,
+   0x8f71,
+   0x4559,
+   0x8a, 0x9a, 0x10, 0x1c, 0xea, 0x04, 0xef, 0x87
+);
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+// e076d572-5d3d-48ef-802b-909eddb098bd
+DEFINE_GUID(
+   FWPM_SUBLAYER_IPSEC_DOSP,
+   0xe076d572,
+   0x5d3d,
+   0x48ef,
+   0x80, 0x2b, 0x90, 0x9e, 0xdd, 0xb0, 0x98, 0xbd
+);
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// GUIDs for built-in conditions.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+// d999e981-7948-4c8e-b742-c84e3b678f8f
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_DESTINATION_ADDRESS,
+   0xd999e981,
+   0x7948,
+   0x4c83,
+   0xb7, 0x42, 0xc8, 0x4e, 0x3b, 0x67, 0x8f, 0x8f
+);
+
+// 408f2ed4-3a70-4b4d-92a6-415ac20e2f12
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_SOURCE_ADDRESS,
+   0x408f2ed4,
+   0x3a70,
+   0x4b4d,
+   0x92, 0xa6, 0x41, 0x5a, 0xc2, 0x0e, 0x2f, 0x12
+);
+
+// ad2a4e10-e9e9-4e27-9cfa-fd3e5d184c11
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_ADDRESS_TYPE,
+   0xad2a4e10,
+   0xe9e9,
+   0x4e27,
+   0x9c, 0xfa, 0xfd, 0x3e, 0x5d, 0x18, 0x4c, 0x11
+);
+
+// a38e51e9-0ac5-44eb-9387-a1c75b576e82
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_ENCAP_METHOD,
+   0xa38e51e9,
+   0x0ac5,
+   0x44eb,
+   0x93, 0x87, 0xa1, 0xc7, 0x5b, 0x57, 0x6e, 0x82
+);
+
+// fd08948d-a219-4d52-bb98-1a5540ee7b4e
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_TYPE,
+   0xfd08948d,
+   0xa219,
+   0x4d52,
+   0xbb, 0x98, 0x1a, 0x55, 0x40, 0xee, 0x7b, 0x4e
+);
+
+// c45f5381-0caf-47d0-b96c-238acb17806b
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_SNAP_CONTROL,
+   0xc45f5381,
+   0x0caf,
+   0x47d0,
+   0xb9, 0x6c, 0x23, 0x8a, 0xcb, 0x17, 0x80, 0x6b
+);
+
+// af37332e-d7dc-4a69-9f4e-3d683ab7365b
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_SNAP_OUI,
+   0xaf37332e,
+   0xd7dc,
+   0x4a69,
+   0x9f, 0x4e, 0x3d, 0x68, 0x3a, 0xb7, 0x36, 0x5b
+);
+
+// 938eab21-3618-4e64-9ca5-2141ebda1ca2
+DEFINE_GUID(
+   FWPM_CONDITION_ETHER_VLAN_TAG,
+   0x938eab21,
+   0x3618,
+   0x4e64,
+   0x9c, 0xa5, 0x21, 0x41, 0xeb, 0xda, 0x1c, 0xa2
+);
+#endif
+
+#define FWPM_CONDITION_INTERFACE_LUID FWPM_CONDITION_IP_LOCAL_INTERFACE
+
+// d9ee00de-c1ef-4617-bfe3-ffd8f5a08957
+DEFINE_GUID(
+   FWPM_CONDITION_IP_LOCAL_ADDRESS,
+   0xd9ee00de,
+   0xc1ef,
+   0x4617,
+   0xbf, 0xe3, 0xff, 0xd8, 0xf5, 0xa0, 0x89, 0x57
+);
+
+// b235ae9a-1d64-49b8-a44c-5ff3d9095045
+DEFINE_GUID(
+   FWPM_CONDITION_IP_REMOTE_ADDRESS,
+   0xb235ae9a,
+   0x1d64,
+   0x49b8,
+   0xa4, 0x4c, 0x5f, 0xf3, 0xd9, 0x09, 0x50, 0x45
+);
+
+// ae96897e-2e94-4bc9-b313-b27ee80e574d
+DEFINE_GUID(
+   FWPM_CONDITION_IP_SOURCE_ADDRESS,
+   0xae96897e,
+   0x2e94,
+   0x4bc9,
+   0xb3, 0x13, 0xb2, 0x7e, 0xe8, 0x0e, 0x57, 0x4d
+);
+
+// 2d79133b-b390-45c6-8699-acaceaafed33
+DEFINE_GUID(
+   FWPM_CONDITION_IP_DESTINATION_ADDRESS,
+   0x2d79133b,
+   0xb390,
+   0x45c6,
+   0x86, 0x99, 0xac, 0xac, 0xea, 0xaf, 0xed, 0x33
+);
+
+// 6ec7f6c4-376b-45d7-9e9c-d337cedcd237
+DEFINE_GUID(
+   FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE,
+   0x6ec7f6c4,
+   0x376b,
+   0x45d7,
+   0x9e, 0x9c, 0xd3, 0x37, 0xce, 0xdc, 0xd2, 0x37
+);
+
+// 1ec1b7c9-4eea-4f5e-b9ef-76beaaaf17ee
+DEFINE_GUID(
+   FWPM_CONDITION_IP_DESTINATION_ADDRESS_TYPE,
+   0x1ec1b7c9,
+   0x4eea,
+   0x4f5e,
+   0xb9, 0xef, 0x76, 0xbe, 0xaa, 0xaf, 0x17, 0xee
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+// eabe448a-a711-4d64-85b7-3f76b65299c7
+DEFINE_GUID(
+   FWPM_CONDITION_IP_NEXTHOP_ADDRESS,
+   0xeabe448a,
+   0xa711,
+   0x4d64,
+   0x85, 0xb7, 0x3f, 0x76, 0xb6, 0x52, 0x99, 0xc7
+);
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+// 4cd62a49-59c3-4969-b7f3-bda5d32890a4
+DEFINE_GUID(
+   FWPM_CONDITION_IP_LOCAL_INTERFACE,
+   0x4cd62a49,
+   0x59c3,
+   0x4969,
+   0xb7, 0xf3, 0xbd, 0xa5, 0xd3, 0x28, 0x90, 0xa4
+);
+
+
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+// 618a9b6d-386b-4136-ad6e-b51587cfb1cd
+DEFINE_GUID(
+   FWPM_CONDITION_IP_ARRIVAL_INTERFACE,
+   0x618a9b6d,
+   0x386b,
+   0x4136,
+   0xad, 0x6e, 0xb5, 0x15, 0x87, 0xcf, 0xb1, 0xcd 
+);
+
+// 89f990de-e798-4e6d-ab76-7c9558292e6f
+DEFINE_GUID(
+   FWPM_CONDITION_ARRIVAL_INTERFACE_TYPE,
+   0x89f990de,
+   0xe798,
+   0x4e6d,
+   0xab, 0x76, 0x7c, 0x95, 0x58, 0x29, 0x2e, 0x6f
+);
+
+// 511166dc-7a8c-4aa7-b533-95ab59fb0340
+DEFINE_GUID(
+   FWPM_CONDITION_ARRIVAL_TUNNEL_TYPE,
+   0x511166dc,
+   0x7a8c,
+   0x4aa7,
+   0xb5, 0x33, 0x95, 0xab, 0x59, 0xfb, 0x03, 0x40
+);
+
+// cc088db3-1792-4a71-b0f9-037d21cd828b
+DEFINE_GUID(
+   FWPM_CONDITION_ARRIVAL_INTERFACE_INDEX,
+   0xcc088db3,
+   0x1792,
+   0x4a71,
+   0xb0, 0xf9, 0x03, 0x7d, 0x21, 0xcd, 0x82, 0x8b
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+// ef8a6122-0577-45a7-9aaf-825fbeb4fb95
+DEFINE_GUID(
+   FWPM_CONDITION_NEXTHOP_SUB_INTERFACE_INDEX,
+   0xef8a6122,
+   0x0577,
+   0x45a7,
+   0x9a, 0xaf, 0x82, 0x5f, 0xbe, 0xb4, 0xfb, 0x95
+);
+
+// 93ae8f5b-7f6f-4719-98c8-14e97429ef04
+DEFINE_GUID(
+   FWPM_CONDITION_IP_NEXTHOP_INTERFACE,
+   0x93ae8f5b,
+   0x7f6f,
+   0x4719,
+   0x98, 0xc8, 0x14, 0xe9, 0x74, 0x29, 0xef, 0x04 
+);
+
+// 97537c6c-d9a3-4767-a381-e942675cd920
+DEFINE_GUID(
+   FWPM_CONDITION_NEXTHOP_INTERFACE_TYPE,
+   0x97537c6c,
+   0xd9a3,
+   0x4767,
+   0xa3, 0x81, 0xe9, 0x42, 0x67, 0x5c, 0xd9, 0x20
+);
+
+// 72b1a111-987b-4720-99dd-c7c576fa2d4c
+DEFINE_GUID(
+   FWPM_CONDITION_NEXTHOP_TUNNEL_TYPE,
+   0x72b1a111,
+   0x987b,
+   0x4720,
+   0x99, 0xdd, 0xc7, 0xc5, 0x76, 0xfa, 0x2d, 0x4c
+);
+
+// 138e6888-7ab8-4d65-9ee8-0591bcf6a494
+DEFINE_GUID(
+   FWPM_CONDITION_NEXTHOP_INTERFACE_INDEX,
+   0x138e6888,
+   0x7ab8,
+   0x4d65,
+   0x9e, 0xe8, 0x05, 0x91, 0xbc, 0xf6, 0xa4, 0x94
+);
+
+// 46ea1551-2255-492b-8019-aabeee349f40
+DEFINE_GUID(
+   FWPM_CONDITION_ORIGINAL_PROFILE_ID,
+   0x46ea1551,
+   0x2255,
+   0x492b,
+   0x80, 0x19, 0xaa, 0xbe, 0xee, 0x34, 0x9f, 0x40
+);
+
+// ab3033c9-c0e3-4759-937d-5758c65d4ae3
+DEFINE_GUID(
+   FWPM_CONDITION_CURRENT_PROFILE_ID,
+   0xab3033c9,
+   0xc0e3,
+   0x4759,
+   0x93, 0x7d, 0x57, 0x58, 0xc6, 0x5d, 0x4a, 0xe3
+);
+
+// 4ebf7562-9f18-4d06-9941-a7a625744d71
+DEFINE_GUID(
+   FWPM_CONDITION_LOCAL_INTERFACE_PROFILE_ID,
+   0x4ebf7562,
+   0x9f18,
+   0x4d06,
+   0x99, 0x41, 0xa7, 0xa6, 0x25, 0x74, 0x4d, 0x71
+);
+
+// cdfe6aab-c083-4142-8679-c08f95329c61
+DEFINE_GUID(
+   FWPM_CONDITION_ARRIVAL_INTERFACE_PROFILE_ID,
+   0xcdfe6aab,
+   0xc083,
+   0x4142,
+   0x86, 0x79, 0xc0, 0x8f, 0x95, 0x32, 0x9c, 0x61
+);
+
+// d7ff9a56-cdaa-472b-84db-d23963c1d1bf
+DEFINE_GUID(
+   FWPM_CONDITION_NEXTHOP_INTERFACE_PROFILE_ID,
+   0xd7ff9a56,
+   0xcdaa,
+   0x472b,
+   0x84, 0xdb, 0xd2, 0x39, 0x63, 0xc1, 0xd1, 0xbf
+);
+
+
+// 11205e8c-11ae-457a-8a44-477026dd764a
+DEFINE_GUID(
+   FWPM_CONDITION_REAUTHORIZE_REASON,
+   0x11205e8c,
+   0x11ae,
+   0x457a,
+   0x8a, 0x44, 0x47, 0x70, 0x26, 0xdd, 0x76, 0x4a
+);
+
+// 076dfdbe-c56c-4f72-ae8a-2cfe7e5c8286
+DEFINE_GUID(
+   FWPM_CONDITION_ORIGINAL_ICMP_TYPE,
+   0x076dfdbe,
+   0xc56c,
+   0x4f72,
+   0xae, 0x8a, 0x2c, 0xfe, 0x7e, 0x5c, 0x82, 0x86
+);
+
+// da50d5c8-fa0d-4c89-b032-6e62136d1e96
+DEFINE_GUID(
+   FWPM_CONDITION_IP_PHYSICAL_ARRIVAL_INTERFACE,
+   0xda50d5c8,
+   0xfa0d,
+   0x4c89,
+   0xb0, 0x32, 0x6e, 0x62, 0x13, 0x6d, 0x1e, 0x96 
+);
+
+// f09bd5ce-5150-48be-b098-c25152fb1f92
+DEFINE_GUID(
+   FWPM_CONDITION_IP_PHYSICAL_NEXTHOP_INTERFACE,
+   0xf09bd5ce,
+   0x5150,
+   0x48be,
+   0xb0, 0x98, 0xc2, 0x51, 0x52, 0xfb, 0x1f, 0x92 
+);
+
+// cce68d5e-053b-43a8-9a6f-33384c28e4f6
+DEFINE_GUID(
+   FWPM_CONDITION_INTERFACE_QUARANTINE_EPOCH,
+   0xcce68d5e,
+   0x053b,
+   0x43a8,
+   0x9a, 0x6f, 0x33, 0x38, 0x4c, 0x28, 0xe4, 0xf6 
+);
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+// daf8cd14-e09e-4c93-a5ae-c5c13b73ffca
+DEFINE_GUID(
+   FWPM_CONDITION_INTERFACE_TYPE,
+   0xdaf8cd14,
+   0xe09e,
+   0x4c93,
+   0xa5, 0xae, 0xc5, 0xc1, 0x3b, 0x73, 0xff, 0xca
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+#define FWPM_CONDITION_LOCAL_INTERFACE_TYPE FWPM_CONDITION_INTERFACE_TYPE
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+// 77a40437-8779-4868-a261-f5a902f1c0cd
+DEFINE_GUID(
+   FWPM_CONDITION_TUNNEL_TYPE,
+   0x77a40437,
+   0x8779,
+   0x4868,
+   0xa2, 0x61, 0xf5, 0xa9, 0x02, 0xf1, 0xc0, 0xcd
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+#define FWPM_CONDITION_LOCAL_TUNNEL_TYPE FWPM_CONDITION_TUNNEL_TYPE
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+// 1076b8a5-6323-4c5e-9810-e8d3fc9e6136
+DEFINE_GUID(
+   FWPM_CONDITION_IP_FORWARD_INTERFACE,
+   0x1076b8a5,
+   0x6323,
+   0x4c5e,
+   0x98, 0x10, 0xe8, 0xd3, 0xfc, 0x9e, 0x61, 0x36
+);
+
+// 3971ef2b-623e-4f9a-8cb1-6e79b806b9a7
+DEFINE_GUID(
+   FWPM_CONDITION_IP_PROTOCOL,
+   0x3971ef2b,
+   0x623e,
+   0x4f9a,
+   0x8c, 0xb1, 0x6e, 0x79, 0xb8, 0x06, 0xb9, 0xa7
+);
+
+// 0c1ba1af-5765-453f-af22-a8f791ac775b
+DEFINE_GUID(
+   FWPM_CONDITION_IP_LOCAL_PORT,
+   0x0c1ba1af,
+   0x5765,
+   0x453f,
+   0xaf, 0x22, 0xa8, 0xf7, 0x91, 0xac, 0x77, 0x5b
+);
+
+#define FWPM_CONDITION_ICMP_TYPE FWPM_CONDITION_IP_LOCAL_PORT
+
+// c35a604d-d22b-4e1a-91b4-68f674ee674b
+DEFINE_GUID(
+   FWPM_CONDITION_IP_REMOTE_PORT,
+   0xc35a604d,
+   0xd22b,
+   0x4e1a,
+   0x91, 0xb4, 0x68, 0xf6, 0x74, 0xee, 0x67, 0x4b
+);
+
+#define FWPM_CONDITION_ICMP_CODE FWPM_CONDITION_IP_REMOTE_PORT
+
+// 4672a468-8a0a-4202-abb4-849e92e66809
+DEFINE_GUID(
+   FWPM_CONDITION_EMBEDDED_LOCAL_ADDRESS_TYPE,
+   0x4672a468,
+   0x8a0a,
+   0x4202,
+   0xab, 0xb4, 0x84, 0x9e, 0x92, 0xe6, 0x68, 0x09
+);
+
+// 77ee4b39-3273-4671-b63b-ab6feb66eeb6
+DEFINE_GUID(
+   FWPM_CONDITION_EMBEDDED_REMOTE_ADDRESS,
+   0x77ee4b39,
+   0x3273,
+   0x4671,
+   0xb6, 0x3b, 0xab, 0x6f, 0xeb, 0x66, 0xee, 0xb6
+);
+
+// 07784107-a29e-4c7b-9ec7-29c44afafdbc
+DEFINE_GUID(
+   FWPM_CONDITION_EMBEDDED_PROTOCOL,
+   0x07784107,
+   0xa29e,
+   0x4c7b,
+   0x9e, 0xc7, 0x29, 0xc4, 0x4a, 0xfa, 0xfd, 0xbc
+);
+
+// bfca394d-acdb-484e-b8e6-2aff79757345
+DEFINE_GUID(
+   FWPM_CONDITION_EMBEDDED_LOCAL_PORT,
+   0xbfca394d,
+   0xacdb,
+   0x484e,
+   0xb8, 0xe6, 0x2a, 0xff, 0x79, 0x75, 0x73, 0x45
+);
+
+// cae4d6a1-2968-40ed-a4ce-547160dda88d
+DEFINE_GUID(
+   FWPM_CONDITION_EMBEDDED_REMOTE_PORT,
+   0xcae4d6a1,
+   0x2968,
+   0x40ed,
+   0xa4, 0xce, 0x54, 0x71, 0x60, 0xdd, 0xa8, 0x8d
+);
+
+// 632ce23b-5167-435c-86d7-e903684aa80c
+DEFINE_GUID(
+   FWPM_CONDITION_FLAGS,
+   0x632ce23b,
+   0x5167,
+   0x435c,
+   0x86, 0xd7, 0xe9, 0x03, 0x68, 0x4a, 0xa8, 0x0c
+);
+
+// 8784c146-ca97-44d6-9fd1-19fb1840cbf7
+DEFINE_GUID(
+   FWPM_CONDITION_DIRECTION,
+   0x8784c146,
+   0xca97,
+   0x44d6,
+   0x9f, 0xd1, 0x19, 0xfb, 0x18, 0x40, 0xcb, 0xf7
+);
+
+// 667fd755-d695-434a-8af5-d3835a1259bc
+DEFINE_GUID(
+   FWPM_CONDITION_INTERFACE_INDEX,
+   0x667fd755,
+   0xd695,
+   0x434a,
+   0x8a, 0xf5, 0xd3, 0x83, 0x5a, 0x12, 0x59, 0xbc
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+#define FWPM_CONDITION_LOCAL_INTERFACE_INDEX FWPM_CONDITION_INTERFACE_INDEX
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+
+// 0cd42473-d621-4be3-ae8c-72a348d283e1
+DEFINE_GUID(
+   FWPM_CONDITION_SUB_INTERFACE_INDEX,
+   0x0cd42473,
+   0xd621,
+   0x4be3,
+   0xae, 0x8c, 0x72, 0xa3, 0x48, 0xd2, 0x83, 0xe1
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+#define FWPM_CONDITION_ARRIVAL_SUB_INTERFACE_INDEX \
+        FWPM_CONDITION_SUB_INTERFACE_INDEX
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+// 2311334d-c92d-45bf-9496-edf447820e2d
+DEFINE_GUID(
+   FWPM_CONDITION_SOURCE_INTERFACE_INDEX,
+   0x2311334d,
+   0xc92d,
+   0x45bf,
+   0x94, 0x96, 0xed, 0xf4, 0x47, 0x82, 0x0e, 0x2d
+);
+
+// 055edd9d-acd2-4361-8dab-f9525d97662f
+DEFINE_GUID(
+   FWPM_CONDITION_SOURCE_SUB_INTERFACE_INDEX,
+   0x055edd9d,
+   0xacd2,
+   0x4361,
+   0x8d, 0xab, 0xf9, 0x52, 0x5d, 0x97, 0x66, 0x2f
+);
+
+// 35cf6522-4139-45ee-a0d5-67b80949d879
+DEFINE_GUID(
+   FWPM_CONDITION_DESTINATION_INTERFACE_INDEX,
+   0x35cf6522,
+   0x4139,
+   0x45ee,
+   0xa0, 0xd5, 0x67, 0xb8, 0x09, 0x49, 0xd8, 0x79
+);
+
+// 2b7d4399-d4c7-4738-a2f5-e994b43da388
+DEFINE_GUID(
+   FWPM_CONDITION_DESTINATION_SUB_INTERFACE_INDEX,
+   0x2b7d4399,
+   0xd4c7,
+   0x4738,
+   0xa2, 0xf5, 0xe9, 0x94, 0xb4, 0x3d, 0xa3, 0x88
+);
+
+// d78e1e87-8644-4ea5-9437-d809ecefc971
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_APP_ID,
+   0xd78e1e87,
+   0x8644,
+   0x4ea5,
+   0x94, 0x37, 0xd8, 0x09, 0xec, 0xef, 0xc9, 0x71
+);
+
+// af043a0a-b34d-4f86-979c-c90371af6e66
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_USER_ID,
+   0xaf043a0a,
+   0xb34d,
+   0x4f86,
+   0x97, 0x9c, 0xc9, 0x03, 0x71, 0xaf, 0x6e, 0x66
+);
+
+// f63073b7-0189-4ab0-95a4-6123cbfab862
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_REMOTE_USER_ID,
+   0xf63073b7,
+   0x0189,
+   0x4ab0,
+   0x95, 0xa4, 0x61, 0x23, 0xcb, 0xfa, 0xb8, 0x62
+);
+
+// 1aa47f51-7f93-4508-a271-81abb00c9cab
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_REMOTE_MACHINE_ID,
+   0x1aa47f51,
+   0x7f93,
+   0x4508,
+   0xa2, 0x71, 0x81, 0xab, 0xb0, 0x0c, 0x9c, 0xab
+);
+
+// 1c974776-7182-46e9-afd3-b02910e30334
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_PROMISCUOUS_MODE,
+   0x1c974776,
+   0x7182,
+   0x46e9,
+   0xaf, 0xd3, 0xb0, 0x29, 0x10, 0xe3, 0x03, 0x34
+);
+
+// b9f4e088-cb98-4efb-a2c7-ad07332643db
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_SIO_FIREWALL_SYSTEM_PORT,
+   0xb9f4e088,
+   0xcb98,
+   0x4efb,
+   0xa2, 0xc7, 0xad, 0x07, 0x33, 0x26, 0x43, 0xdb
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_CONDITION_ALE_SIO_FIREWALL_SOCKET_PROPERTY \
+        FWPM_CONDITION_ALE_SIO_FIREWALL_SYSTEM_PORT
+
+// b482d227-1979-4a98-8044-18bbe6237542
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_REAUTH_REASON,
+   0xb482d227,
+   0x1979,
+   0x4a98,
+   0x80, 0x44, 0x18, 0xbb, 0xe6, 0x23, 0x75, 0x42
+);
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+// 46275a9d-c03f-4d77-b784-1c57f4d02753
+DEFINE_GUID(
+   FWPM_CONDITION_ALE_NAP_CONTEXT,
+   0x46275a9d,
+   0xc03f,
+   0x4d77,
+   0xb7, 0x84, 0x1c, 0x57, 0xf4, 0xd0, 0x27, 0x53
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+// 35d0ea0e-15ca-492b-900e-97fd46352cce
+DEFINE_GUID(
+   FWPM_CONDITION_KM_AUTH_NAP_CONTEXT,
+   0x35d0ea0e,
+   0x15ca,
+   0x492b,
+   0x90, 0x0e, 0x97, 0xfd, 0x46, 0x35, 0x2c, 0xce
+);
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+// 9bf0ee66-06c9-41b9-84da-288cb43af51f
+DEFINE_GUID(
+    FWPM_CONDITION_REMOTE_USER_TOKEN,
+    0x9bf0ee66,
+    0x06c9,
+    0x41b9,
+    0x84, 0xda, 0x28, 0x8c, 0xb4, 0x3a, 0xf5, 0x1f
+);
+
+// 7c9c7d9f-0075-4d35-a0d1-8311c4cf6af1
+DEFINE_GUID(
+   FWPM_CONDITION_RPC_IF_UUID,
+   0x7c9c7d9f,
+   0x0075,
+   0x4d35,
+   0xa0, 0xd1, 0x83, 0x11, 0xc4, 0xcf, 0x6a, 0xf1
+);
+
+// eabfd9b7-1262-4a2e-adaa-5f96f6fe326d
+DEFINE_GUID(
+   FWPM_CONDITION_RPC_IF_VERSION,
+   0xeabfd9b7,
+   0x1262,
+   0x4a2e,
+   0xad, 0xaa, 0x5f, 0x96, 0xf6, 0xfe, 0x32, 0x6d
+);
+
+// 238a8a32-3199-467d-871c-272621ab3896
+DEFINE_GUID(
+    FWPM_CONDITION_RPC_IF_FLAG,
+    0x238a8a32,
+    0x3199,
+    0x467d,
+    0x87, 0x1c, 0x27, 0x26, 0x21, 0xab, 0x38, 0x96
+);
+
+// ff2e7b4d-3112-4770-b636-4d24ae3a6af2
+DEFINE_GUID(
+    FWPM_CONDITION_DCOM_APP_ID,
+    0xff2e7b4d,
+    0x3112,
+    0x4770,
+    0xb6, 0x36, 0x4d, 0x24, 0xae, 0x3a, 0x6a, 0xf2
+);
+
+// d024de4d-deaa-4317-9c85-e40ef6e140c3
+DEFINE_GUID(
+    FWPM_CONDITION_IMAGE_NAME,
+    0xd024de4d,
+    0xdeaa,
+    0x4317,
+    0x9c, 0x85, 0xe4, 0x0e, 0xf6, 0xe1, 0x40, 0xc3
+);
+
+// 2717bc74-3a35-4ce7-b7ef-c838fabdec45
+DEFINE_GUID(
+    FWPM_CONDITION_RPC_PROTOCOL,
+    0x2717bc74,
+    0x3a35,
+    0x4ce7,
+    0xb7, 0xef, 0xc8, 0x38, 0xfa, 0xbd, 0xec, 0x45
+);
+
+// daba74ab-0d67-43e7-986e-75b84f82f594
+DEFINE_GUID(
+   FWPM_CONDITION_RPC_AUTH_TYPE,
+   0xdaba74ab,
+   0x0d67,
+   0x43e7,
+   0x98, 0x6e, 0x75, 0xb8, 0x4f, 0x82, 0xf5, 0x94
+);
+
+// e5a0aed5-59ac-46ea-be05-a5f05ecf446e
+DEFINE_GUID(
+   FWPM_CONDITION_RPC_AUTH_LEVEL,
+   0xe5a0aed5,
+   0x59ac,
+   0x46ea,
+   0xbe, 0x05, 0xa5, 0xf0, 0x5e, 0xcf, 0x44, 0x6e
+);
+
+// 0d306ef0-e974-4f74-b5c7-591b0da7d562
+DEFINE_GUID(
+   FWPM_CONDITION_SEC_ENCRYPT_ALGORITHM,
+   0x0d306ef0,
+   0xe974,
+   0x4f74,
+   0xb5, 0xc7, 0x59, 0x1b, 0x0d, 0xa7, 0xd5, 0x62
+);
+
+// 4772183b-ccf8-4aeb-bce1-c6c6161c8fe4
+DEFINE_GUID(
+    FWPM_CONDITION_SEC_KEY_SIZE,
+    0x4772183b,
+    0xccf8,
+    0x4aeb,
+    0xbc, 0xe1, 0xc6, 0xc6, 0x16, 0x1c, 0x8f, 0xe4
+);
+
+// 03a629cb-6e52-49f8-9c41-5709633c09cf
+DEFINE_GUID(
+   FWPM_CONDITION_IP_LOCAL_ADDRESS_V4,
+   0x03a629cb,
+   0x6e52,
+   0x49f8,
+   0x9c, 0x41, 0x57, 0x09, 0x63, 0x3c, 0x09, 0xcf
+);
+
+// 2381be84-7524-45b3-a05b-1e637d9c7a6a
+DEFINE_GUID(
+   FWPM_CONDITION_IP_LOCAL_ADDRESS_V6,
+   0x2381be84,
+   0x7524,
+   0x45b3,
+   0xa0, 0x5b, 0x1e, 0x63, 0x7d, 0x9c, 0x7a, 0x6a
+);
+
+// 1bd0741d-e3df-4e24-8634-762046eef6eb
+DEFINE_GUID(
+    FWPM_CONDITION_PIPE,
+    0x1bd0741d,
+    0xe3df,
+    0x4e24,
+    0x86, 0x34, 0x76, 0x20, 0x46, 0xee, 0xf6, 0xeb
+);
+
+// 1febb610-3bcc-45e1-bc36-2e067e2cb186
+DEFINE_GUID(
+   FWPM_CONDITION_IP_REMOTE_ADDRESS_V4,
+   0x1febb610,
+   0x3bcc,
+   0x45e1,
+   0xbc, 0x36, 0x2e, 0x06, 0x7e, 0x2c, 0xb1, 0x86
+);
+
+// 246e1d8c-8bee-4018-9b98-31d4582f3361
+DEFINE_GUID(
+   FWPM_CONDITION_IP_REMOTE_ADDRESS_V6,
+   0x246e1d8c,
+   0x8bee,
+   0x4018,
+   0x9b, 0x98, 0x31, 0xd4, 0x58, 0x2f, 0x33, 0x61
+);
+
+// e31180a8-bbbd-4d14-a65e-7157b06233bb
+DEFINE_GUID(
+    FWPM_CONDITION_PROCESS_WITH_RPC_IF_UUID,
+    0xe31180a8,
+    0xbbbd,
+    0x4d14,
+    0xa6, 0x5e, 0x71, 0x57, 0xb0, 0x62, 0x33, 0xbb
+);
+
+// dccea0b9-0886-4360-9c6a-ab043a24fba9
+DEFINE_GUID(
+    FWPM_CONDITION_RPC_EP_VALUE,
+    0xdccea0b9,
+    0x0886,
+    0x4360,
+    0x9c, 0x6a, 0xab, 0x04, 0x3a, 0x24, 0xfb, 0xa9
+);
+
+// 218b814a-0a39-49b8-8e71-c20c39c7dd2e
+DEFINE_GUID(
+    FWPM_CONDITION_RPC_EP_FLAGS,
+    0x218b814a,
+    0x0a39,
+    0x49b8,
+    0x8e, 0x71, 0xc2, 0x0c, 0x39, 0xc7, 0xdd, 0x2e
+);
+
+// c228fc1e-403a-4478-be05-c9baa4c05ace
+DEFINE_GUID(
+    FWPM_CONDITION_CLIENT_TOKEN,
+    0xc228fc1e,
+    0x403a,
+    0x4478,
+    0xbe, 0x05, 0xc9, 0xba, 0xa4, 0xc0, 0x5a, 0xce
+);
+
+// b605a225-c3b3-48c7-9833-7aefa9527546
+DEFINE_GUID(
+    FWPM_CONDITION_RPC_SERVER_NAME,
+    0xb605a225,
+    0xc3b3,
+    0x48c7,
+    0x98, 0x33, 0x7a, 0xef, 0xa9, 0x52, 0x75, 0x46
+);
+
+// 8090f645-9ad5-4e3b-9f9f-8023ca097909
+DEFINE_GUID(
+    FWPM_CONDITION_RPC_SERVER_PORT,
+    0x8090f645,
+    0x9ad5,
+    0x4e3b,
+    0x9f, 0x9f, 0x80, 0x23, 0xca, 0x09, 0x79, 0x09
+);
+
+// 40953fe2-8565-4759-8488-1771b4b4b5db
+DEFINE_GUID(
+    FWPM_CONDITION_RPC_PROXY_AUTH_TYPE,
+    0x40953fe2,
+    0x8565,
+    0x4759,
+    0x84, 0x88, 0x17, 0x71, 0xb4, 0xb4, 0xb5, 0xdb
+);
+
+// a3ec00c7-05f4-4df7-91f2-5f60d91ff443
+DEFINE_GUID(
+    FWPM_CONDITION_CLIENT_CERT_KEY_LENGTH,
+    0xa3ec00c7,
+    0x05f4,
+    0x4df7,
+    0x91, 0xf2, 0x5f, 0x60, 0xd9, 0x1f, 0xf4, 0x43
+);
+
+// c491ad5e-f882-4283-b916-436b103ff4ad
+DEFINE_GUID(
+    FWPM_CONDITION_CLIENT_CERT_OID,
+    0xc491ad5e,
+    0xf882,
+    0x4283,
+    0xb9, 0x16, 0x43, 0x6b, 0x10, 0x3f, 0xf4, 0xad
+);
+
+// 206e9996-490e-40cf-b831-b38641eb6fcb
+DEFINE_GUID(
+   FWPM_CONDITION_NET_EVENT_TYPE,
+   0x206e9996,
+   0x490e,
+   0x40cf,
+   0xb8, 0x31, 0xb3, 0x86, 0x41, 0xeb, 0x6f, 0xcb
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+// 9b539082-eb90-4186-a6cc-de5b63235016
+DEFINE_GUID(
+   FWPM_CONDITION_PEER_NAME,
+   0x9b539082,
+   0xeb90,
+   0x4186,
+   0xa6, 0xcc, 0xde, 0x5b, 0x63, 0x23, 0x50, 0x16
+);
+
+//f68166fd-0682-4c89-b8f5-86436c7ef9b7
+DEFINE_GUID(
+   FWPM_CONDITION_REMOTE_ID,
+   0xf68166fd,
+   0x0682,
+   0x4c89,
+   0xb8, 0xf5, 0x86, 0x43, 0x6c, 0x7e, 0xf9, 0xb7
+);
+
+//eb458cd5-da7b-4ef9-8d43-7b0a840332f2
+DEFINE_GUID(
+   FWPM_CONDITION_AUTHENTICATION_TYPE,
+   0xeb458cd5,
+   0xda7b,
+   0x4ef9,
+   0x8d, 0x43, 0x7b, 0x0a, 0x84, 0x03, 0x32, 0xf2
+);
+
+//ff0f5f49-0ceb-481b-8638-1479791f3f2c
+DEFINE_GUID(
+   FWPM_CONDITION_KM_TYPE,
+   0xff0f5f49,
+   0x0ceb,
+   0x481b,
+   0x86, 0x38, 0x14, 0x79, 0x79, 0x1f, 0x3f, 0x2c   
+);
+
+//feef4582-ef8f-4f7b-858b-9077d122de47
+DEFINE_GUID(
+   FWPM_CONDITION_KM_MODE,
+   0xfeef4582,
+   0xef8f,
+   0x4f7b,
+   0x85, 0x8b, 0x90, 0x77, 0xd1, 0x22, 0xde, 0x47   
+);
+
+//ad37dee3-722f-45cc-a4e3-068048124452
+DEFINE_GUID(
+   FWPM_CONDITION_IPSEC_POLICY_KEY,
+   0xad37dee3,
+   0x722f,
+   0x45cc,
+   0xa4, 0xe3, 0x06, 0x80, 0x48, 0x12, 0x44, 0x52
+);
+
+#endif
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// GUIDs for built-in providers.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// 10ad9216-ccde-456c-8b16-e9f04e60a90b
+DEFINE_GUID(
+   FWPM_PROVIDER_IKEEXT,
+   0x10ad9216,
+   0xccde,
+   0x456c,
+   0x8b, 0x16, 0xe9, 0xf0, 0x4e, 0x60, 0xa9, 0x0b
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+// 3c6c05a9-c05c-4bb9-8338-2327814ce8bf
+DEFINE_GUID(
+   FWPM_PROVIDER_IPSEC_DOSP_CONFIG,
+   0x3c6c05a9,
+   0xc05c,
+   0x4bb9,
+   0x83, 0x38, 0x23, 0x27, 0x81, 0x4c, 0xe8, 0xbf
+);
+#endif
+
+// 896aa19e-9a34-4bcb-ae79-beb9127c84b9
+DEFINE_GUID(
+   FWPM_PROVIDER_TCP_CHIMNEY_OFFLOAD,
+   0x896aa19e,
+   0x9a34,
+   0x4bcb,
+   0xae, 0x79, 0xbe, 0xb9, 0x12, 0x7c, 0x84, 0xb9
+);
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// GUIDs for built-in callouts.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// 5132900d-5e84-4b5f-80e4-01741e81ff10
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V4,
+   0x5132900d,
+   0x5e84,
+   0x4b5f,
+   0x80, 0xe4, 0x01, 0x74, 0x1e, 0x81, 0xff, 0x10
+);
+
+// 49d3ac92-2a6c-4dcf-955f-1c3be009dd99
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_TRANSPORT_V6,
+   0x49d3ac92,
+   0x2a6c,
+   0x4dcf,
+   0x95, 0x5f, 0x1c, 0x3b, 0xe0, 0x09, 0xdd, 0x99
+);
+
+// 4b46bf0a-4523-4e57-aa38-a87987c910d9
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V4,
+   0x4b46bf0a,
+   0x4523,
+   0x4e57,
+   0xaa, 0x38, 0xa8, 0x79, 0x87, 0xc9, 0x10, 0xd9
+);
+
+// 38d87722-ad83-4f11-a91f-df0fb077225b
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_OUTBOUND_TRANSPORT_V6,
+   0x38d87722,
+   0xad83,
+   0x4f11,
+   0xa9, 0x1f, 0xdf, 0x0f, 0xb0, 0x77, 0x22, 0x5b
+);
+
+// 191a8a46-0bf8-46cf-b045-4b45dfa6a324
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V4,
+   0x191a8a46,
+   0x0bf8,
+   0x46cf,
+   0xb0, 0x45, 0x4b, 0x45, 0xdf, 0xa6, 0xa3, 0x24
+);
+
+// 80c342e3-1e53-4d6f-9b44-03df5aeee154
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_V6,
+   0x80c342e3,
+   0x1e53,
+   0x4d6f,
+   0x9b, 0x44, 0x03, 0xdf, 0x5a, 0xee, 0xe1, 0x54
+);
+
+// 70a4196c-835b-4fb0-98e8-075f4d977d46
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V4,
+   0x70a4196c,
+   0x835b,
+   0x4fb0,
+   0x98, 0xe8, 0x07, 0x5f, 0x4d, 0x97, 0x7d, 0x46
+);
+
+// f1835363-a6a5-4e62-b180-23db789d8da6
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_OUTBOUND_TUNNEL_V6,
+   0xf1835363,
+   0xa6a5,
+   0x4e62,
+   0xb1, 0x80, 0x23, 0xdb, 0x78, 0x9d, 0x8d, 0xa6
+);
+
+// 28829633-c4f0-4e66-873f-844db2a899c7
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V4,
+   0x28829633,
+   0xc4f0,
+   0x4e66,
+   0x87, 0x3f, 0x84, 0x4d, 0xb2, 0xa8, 0x99, 0xc7
+);
+
+// af50bec2-c686-429a-884d-b74443e7b0b4
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V6,
+   0xaf50bec2,
+   0xc686,
+   0x429a,
+   0x88, 0x4d, 0xb7, 0x44, 0x43, 0xe7, 0xb0, 0xb4
+);
+
+// fb532136-15cb-440b-937c-1717ca320c40
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V4,
+   0xfb532136,
+   0x15cb,
+   0x440b,
+   0x93, 0x7c, 0x17, 0x17, 0xca, 0x32, 0x0c, 0x40
+);
+
+// dae640cc-e021-4bee-9eb6-a48b275c8c1d
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V6,
+   0xdae640cc,
+   0xe021,
+   0x4bee,
+   0x9e, 0xb6, 0xa4, 0x8b, 0x27, 0x5c, 0x8c, 0x1d
+);
+
+// 7dff309b-ba7d-4aba-91aa-ae5c6640c944
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_INITIATE_SECURE_V4,
+   0x7dff309b,
+   0xba7d,
+   0x4aba,
+   0x91, 0xaa, 0xae, 0x5c, 0x66, 0x40, 0xc9, 0x44
+);
+
+// a9a0d6d9-c58c-474e-8aeb-3cfe99d6d53d
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_INITIATE_SECURE_V6,
+   0xa9a0d6d9,
+   0xc58c,
+   0x474e,
+   0x8a, 0xeb, 0x3c, 0xfe, 0x99, 0xd6, 0xd5, 0x3d
+);
+
+// 3df6e7de-fd20-48f2-9f26-f854444cba79
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT_V4,
+   0x3df6e7de,
+   0xfd20,
+   0x48f2,
+   0x9f, 0x26, 0xf8, 0x54, 0x44, 0x4c, 0xba, 0x79
+);
+
+// a1e392d3-72ac-47bb-87a7-0122c69434ab
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT_V6,
+   0xa1e392d3,
+   0x72ac,
+   0x47bb,
+   0x87, 0xa7, 0x01, 0x22, 0xc6, 0x94, 0x34, 0xab
+);
+
+// 6ac141fc-f75d-4203-b9c8-48e6149c2712
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_ALE_CONNECT_V4,
+   0x6ac141fc,
+   0xf75d,
+   0x4203,
+   0xb9,0xc8,0x48, 0xe6, 0x14, 0x9c, 0x27, 0x12
+);
+
+// 4c0dda05-e31f-4666-90b0-b3dfad34129a
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_ALE_CONNECT_V6,
+   0x4c0dda05,
+   0xe31f,
+   0x4666,
+   0x90, 0xb0, 0xb3, 0xdf, 0xad, 0x34, 0x12, 0x9a
+);
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+// 6d08a342-db9e-4fbe-9ed2-57374ce89f79
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_DOSP_FORWARD_V6,
+   0x6d08a342,
+   0xdb9e,
+   0x4fbe,
+   0x9e, 0xd2, 0x57, 0x37, 0x4c, 0xe8, 0x9f, 0x79
+);
+
+// 2fcb56ec-cd37-4b4f-b108-62c2b1850a0c
+DEFINE_GUID(
+   FWPM_CALLOUT_IPSEC_DOSP_FORWARD_V4,
+   0x2fcb56ec,
+   0xcd37,
+   0x4b4f,
+   0xb1, 0x08, 0x62, 0xc2, 0xb1, 0x85, 0x0a, 0x0c
+);
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+// eda08606-2494-4d78-89bc-67837c03b969
+DEFINE_GUID(
+   FWPM_CALLOUT_WFP_TRANSPORT_LAYER_V4_SILENT_DROP,
+   0xeda08606,
+   0x2494,
+   0x4d78,
+   0x89, 0xbc, 0x67, 0x83, 0x7c, 0x03, 0xb9, 0x69
+);
+
+// 8693cc74-a075-4156-b476-9286eece814e
+DEFINE_GUID(
+   FWPM_CALLOUT_WFP_TRANSPORT_LAYER_V6_SILENT_DROP,
+   0x8693cc74,
+   0xa075,
+   0x4156,
+   0xb4, 0x76, 0x92, 0x86, 0xee, 0xce, 0x81, 0x4e
+);
+
+// f3e10ab3-2c25-4279-ac36-c30fc181bec4
+DEFINE_GUID(
+   FWPM_CALLOUT_TCP_CHIMNEY_CONNECT_LAYER_V4,
+   0xf3e10ab3,
+   0x2c25,
+   0x4279,
+   0xac, 0x36, 0xc3, 0x0f, 0xc1, 0x81, 0xbe, 0xc4
+);
+
+// 39e22085-a341-42fc-a279-aec94e689c56
+DEFINE_GUID(
+   FWPM_CALLOUT_TCP_CHIMNEY_CONNECT_LAYER_V6,
+   0x39e22085,
+   0xa341,
+   0x42fc,
+   0xa2, 0x79, 0xae, 0xc9, 0x4e, 0x68, 0x9c, 0x56
+);
+
+// e183ecb2-3a7f-4b54-8ad9-76050ed880ca
+DEFINE_GUID(
+   FWPM_CALLOUT_TCP_CHIMNEY_ACCEPT_LAYER_V4,
+   0xe183ecb2,
+   0x3a7f,
+   0x4b54,
+   0x8a, 0xd9, 0x76, 0x05, 0x0e, 0xd8, 0x80, 0xca
+);
+
+// 0378cf41-bf98-4603-81f2-7f12586079f6
+DEFINE_GUID(
+   FWPM_CALLOUT_TCP_CHIMNEY_ACCEPT_LAYER_V6,
+   0x0378cf41,
+   0xbf98,
+   0x4603,
+   0x81, 0xf2, 0x7f, 0x12, 0x58, 0x60, 0x79, 0xf6
+);
+
+// bc582280-1677-41e9-94ab-c2fcb15c2eeb
+DEFINE_GUID(
+   FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V4,
+   0xbc582280,
+   0x1677,
+   0x41e9,
+   0x94, 0xab, 0xc2, 0xfc, 0xb1, 0x5c, 0x2e, 0xeb
+);
+
+// 98e5373c-b884-490f-b65f-2f6a4a575195
+DEFINE_GUID(
+   FWPM_CALLOUT_SET_OPTIONS_AUTH_CONNECT_LAYER_V6,
+   0x98e5373c,
+   0xb884,
+   0x490f,
+   0xb6, 0x5f, 0x2f, 0x6a, 0x4a, 0x57, 0x51, 0x95
+);
+
+// 31b95392-066e-42a2-b7db-92f8acdd56f9
+DEFINE_GUID(
+   FWPM_CALLOUT_TEREDO_ALE_RESOURCE_ASSIGNMENT_V6,
+   0x31b95392,
+   0x066e,
+   0x42a2,
+   0xb7, 0xdb, 0x92, 0xf8, 0xac, 0xdd, 0x56, 0xf9
+);
+
+#define FWPM_CALLOUT_EDGE_TRAVERSAL_ALE_RESOURCE_ASSIGNMENT_V6 \
+    FWPM_CALLOUT_TEREDO_ALE_RESOURCE_ASSIGNMENT_V6
+
+// 079b1010-f1c5-4fcd-ae05-da41107abd0b
+DEFINE_GUID(
+    FWPM_CALLOUT_EDGE_TRAVERSAL_ALE_RESOURCE_ASSIGNMENT_V4,
+    0x079b1010,
+    0xf1c5,
+    0x4fcd,
+    0xae, 0x05, 0xda, 0x41, 0x10, 0x7a, 0xbd, 0x0b
+);
+
+// 81a434e7-f60c-4378-bab8-c625a30f0197
+DEFINE_GUID(
+   FWPM_CALLOUT_TEREDO_ALE_LISTEN_V6,
+   0x81a434e7,
+   0xf60c,
+   0x4378,
+   0xba, 0xb8, 0xc6, 0x25, 0xa3, 0x0f, 0x01, 0x97
+);
+
+#define FWPM_CALLOUT_EDGE_TRAVERSAL_ALE_LISTEN_V6 \
+    FWPM_CALLOUT_TEREDO_ALE_LISTEN_V6
+
+// 33486ab5-6d5e-4e65-a00b-a7afed0ba9a1
+DEFINE_GUID(
+    FWPM_CALLOUT_EDGE_TRAVERSAL_ALE_LISTEN_V4,
+    0x33486ab5,
+    0x6d5e,
+    0x4e65,
+    0xa0, 0x0b, 0xa7, 0xaf, 0xed, 0x0b, 0xa9, 0xa1
+);
+    
+///////////////////////////////////////////////////////////////////////////////
+//
+// GUIDs for built-in provider contexts.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// b25ea800-0d02-46ed-92bd-7fa84bb73e9d
+DEFINE_GUID(
+   FWPM_PROVIDER_CONTEXT_SECURE_SOCKET_AUTHIP,
+   0xb25ea800,
+   0x0d02,
+   0x46ed,
+   0x92, 0xbd, 0x7f, 0xa8, 0x4b, 0xb7, 0x3e, 0x9d
+);
+
+
+// 8c2d4144-f8e0-42c0-94ce-7ccfc63b2f9b
+DEFINE_GUID(
+   FWPM_PROVIDER_CONTEXT_SECURE_SOCKET_IPSEC,
+   0x8c2d4144,
+   0xf8e0,
+   0x42c0,
+   0x94, 0xce, 0x7c, 0xcf, 0xc6, 0x3b, 0x2f, 0x9b
+);
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// GUIDs for built-in keying modules.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// a9bbf787-82a8-45bb-a400-5d7e5952c7a9
+DEFINE_GUID(
+   FWPM_KEYING_MODULE_IKE,
+   0xa9bbf787,
+   0x82a8,
+   0x45bb,
+   0xa4, 0x00, 0x5d, 0x7e, 0x59, 0x52, 0xc7, 0xa9
+);
+
+// 11e3dae0-dd26-4590-857d-ab4b28d1a095
+DEFINE_GUID(
+   FWPM_KEYING_MODULE_AUTHIP,
+   0x11e3dae0,
+   0xdd26,
+   0x4590,
+   0x85, 0x7d, 0xab, 0x4b, 0x28, 0xd1, 0xa0, 0x95
+);
+
+// 041792cc-8f07-419d-a394-716968cb1647
+DEFINE_GUID(
+   FWPM_KEYING_MODULE_IKEV2,
+   0x041792cc,
+   0x8f07,
+   0x419d,
+   0xa3, 0x94, 0x71, 0x69, 0x68, 0xcb, 0x16, 0x47
+);
+
+#ifndef GUID_DEFS_ONLY
+#ifndef FWPMX_H
+#define FWPMX_H
+
+#include "fixed_fwpmtypes.h"
+#include "fixed_fwpvi.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Well-known filter weight ranges.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// Number of bits used for auto-generated weights.
+#define FWPM_AUTO_WEIGHT_BITS (60)
+// Maximum auto-generated weight.
+#define FWPM_AUTO_WEIGHT_MAX  (MAXUINT64 >> (64 - FWPM_AUTO_WEIGHT_BITS))
+// Maximum allowed weight range.
+#define FWPM_WEIGHT_RANGE_MAX (MAXUINT64 >> FWPM_AUTO_WEIGHT_BITS)
+
+// IPsec policy
+#define FWPM_WEIGHT_RANGE_IPSEC            (0x0)
+// Filters to exempt IKE traffic from IPsec.
+#define FWPM_WEIGHT_RANGE_IKE_EXEMPTIONS   (0xc)
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// IPsec transform constants.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+//////////
+// Authentication transform constants
+//////////
+
+static const IPSEC_AUTH_TRANSFORM_ID0 IPSEC_AUTH_TRANSFORM_ID_HMAC_MD5_96 =
+{
+   IPSEC_AUTH_MD5,
+   IPSEC_AUTH_CONFIG_HMAC_MD5_96
+};
+
+static const IPSEC_AUTH_TRANSFORM_ID0 IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_1_96 =
+{
+   IPSEC_AUTH_SHA_1,
+   IPSEC_AUTH_CONFIG_HMAC_SHA_1_96
+};
+
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+static const IPSEC_AUTH_TRANSFORM_ID0 IPSEC_AUTH_TRANSFORM_ID_HMAC_SHA_256_128 =
+{
+   IPSEC_AUTH_SHA_256,
+   IPSEC_AUTH_CONFIG_HMAC_SHA_256_128
+};
+
+static const IPSEC_AUTH_TRANSFORM_ID0 IPSEC_AUTH_TRANSFORM_ID_GCM_AES_128 =
+{
+   IPSEC_AUTH_AES_128,
+   IPSEC_AUTH_CONFIG_GCM_AES_128
+};
+
+static const IPSEC_AUTH_TRANSFORM_ID0 IPSEC_AUTH_TRANSFORM_ID_GCM_AES_192 =
+{
+   IPSEC_AUTH_AES_192,
+   IPSEC_AUTH_CONFIG_GCM_AES_192
+};
+
+static const IPSEC_AUTH_TRANSFORM_ID0 IPSEC_AUTH_TRANSFORM_ID_GCM_AES_256 =
+{
+   IPSEC_AUTH_AES_256,
+   IPSEC_AUTH_CONFIG_GCM_AES_256
+};
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+//////////
+// Cipher transform constants
+//////////
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_CBC_DES =
+{
+   IPSEC_CIPHER_TYPE_DES,
+   IPSEC_CIPHER_CONFIG_CBC_DES
+};
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_CBC_3DES =
+{
+   IPSEC_CIPHER_TYPE_3DES,
+   IPSEC_CIPHER_CONFIG_CBC_3DES
+};
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_AES_128 =
+{
+   IPSEC_CIPHER_TYPE_AES_128,
+   IPSEC_CIPHER_CONFIG_CBC_AES_128
+};
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_AES_192 =
+{
+   IPSEC_CIPHER_TYPE_AES_192,
+   IPSEC_CIPHER_CONFIG_CBC_AES_192
+};
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_AES_256 =
+{
+   IPSEC_CIPHER_TYPE_AES_256,
+   IPSEC_CIPHER_CONFIG_CBC_AES_256
+};
+
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_128 =
+{
+   IPSEC_CIPHER_TYPE_AES_128,
+   IPSEC_CIPHER_CONFIG_GCM_AES_128
+};
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_192 =
+{
+   IPSEC_CIPHER_TYPE_AES_192,
+   IPSEC_CIPHER_CONFIG_GCM_AES_192
+};
+
+static const IPSEC_CIPHER_TRANSFORM_ID0 IPSEC_CIPHER_TRANSFORM_ID_GCM_AES_256 =
+{
+   IPSEC_CIPHER_TYPE_AES_256,
+   IPSEC_CIPHER_CONFIG_GCM_AES_256
+};
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN6SP1)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Well-known filter contexts.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// IPSec transport filter contexts in inbound layer
+#define FWPM_CONTEXT_IPSEC_INBOUND_PASSTHRU (0x1ui64)
+#define FWPM_CONTEXT_IPSEC_INBOUND_PERSIST_CONNECTION_SECURITY (0x2ui64)
+#define FWPM_CONTEXT_IPSEC_INBOUND_RESERVED (0xff00000000000000ui64)
+							
+// IPSec transport filter contexts in outbound layer
+#define FWPM_CONTEXT_IPSEC_OUTBOUND_NEGOTIATE_DISCOVER (0x1ui64)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_CONTEXT_IPSEC_OUTBOUND_SUPPRESS_NEGOTIATION (0x2ui64)
+#endif
+
+// Filter contexts used in the ALE connect layer
+#define FWPM_CONTEXT_ALE_SET_CONNECTION_REQUIRE_IPSEC_SECURITY (0x2ui64)
+#define FWPM_CONTEXT_ALE_SET_CONNECTION_LAZY_SD_EVALUATION (0x4ui64)
+
+// Filter contexts used in the ALE connect or accept layer
+#define FWPM_CONTEXT_ALE_SET_CONNECTION_REQUIRE_IPSEC_ENCRYPTION (0x8ui64)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_CONTEXT_ALE_SET_CONNECTION_ALLOW_FIRST_INBOUND_PKT_UNENCRYPTED (0x10ui64)
+// FWPM_CONTEXT_ALE_ALLOW_AUTH_FW modifies configurations that require ipsec security
+// Hence, at connect, this is only valid in combination with FWPM_CONTEXT_ALE_SET_CONNECTION_REQUIRE_IPSEC_SECURITY.
+#define FWPM_CONTEXT_ALE_ALLOW_AUTH_FW (0x20ui64)
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+// Contexts used by the TCP Chimney Offload callouts.
+#define FWPM_CONTEXT_TCP_CHIMNEY_OFFLOAD_ENABLE (0x1ui64)
+#define FWPM_CONTEXT_TCP_CHIMNEY_OFFLOAD_DISABLE (0x2ui64)
+
+// Contexts used in the RPC audit sublayer
+#define FWPM_CONTEXT_RPC_AUDIT_ENABLED (0x1ui64)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Access rights
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// Specific access rights.
+#define FWPM_ACTRL_ADD               (0x00000001)
+#define FWPM_ACTRL_ADD_LINK          (0x00000002)
+#define FWPM_ACTRL_BEGIN_READ_TXN    (0x00000004)
+#define FWPM_ACTRL_BEGIN_WRITE_TXN   (0x00000008)
+#define FWPM_ACTRL_CLASSIFY          (0x00000010)
+#define FWPM_ACTRL_ENUM              (0x00000020)
+#define FWPM_ACTRL_OPEN              (0x00000040)
+#define FWPM_ACTRL_READ              (0x00000080)
+#define FWPM_ACTRL_READ_STATS        (0x00000100)
+#define FWPM_ACTRL_SUBSCRIBE         (0x00000200)
+#define FWPM_ACTRL_WRITE             (0x00000400)
+
+// Generic access rights.
+#define FWPM_GENERIC_READ \
+      ( STANDARD_RIGHTS_READ       | \
+        FWPM_ACTRL_BEGIN_READ_TXN  | \
+        FWPM_ACTRL_CLASSIFY        | \
+        FWPM_ACTRL_OPEN            | \
+        FWPM_ACTRL_READ            | \
+        FWPM_ACTRL_READ_STATS      )
+
+#define FWPM_GENERIC_EXECUTE \
+      ( STANDARD_RIGHTS_EXECUTE    | \
+        FWPM_ACTRL_ENUM            | \
+        FWPM_ACTRL_SUBSCRIBE       )
+
+#define FWPM_GENERIC_WRITE \
+      ( STANDARD_RIGHTS_WRITE      | \
+        DELETE                     | \
+        FWPM_ACTRL_ADD             | \
+        FWPM_ACTRL_ADD_LINK        | \
+        FWPM_ACTRL_BEGIN_WRITE_TXN | \
+        FWPM_ACTRL_WRITE           )
+
+#define FWPM_GENERIC_ALL \
+      ( STANDARD_RIGHTS_REQUIRED   | \
+        FWPM_ACTRL_ADD             | \
+        FWPM_ACTRL_ADD_LINK        | \
+        FWPM_ACTRL_BEGIN_READ_TXN  | \
+        FWPM_ACTRL_BEGIN_WRITE_TXN | \
+        FWPM_ACTRL_CLASSIFY        | \
+        FWPM_ACTRL_ENUM            | \
+        FWPM_ACTRL_OPEN            | \
+        FWPM_ACTRL_READ            | \
+        FWPM_ACTRL_READ_STATS      | \
+        FWPM_ACTRL_SUBSCRIBE       | \
+        FWPM_ACTRL_WRITE           )
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Common utility functions.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+void WINAPI FwpmFreeMemory0(__inout void** p);
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing the engine.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmEngineOpen0(
+   __in_opt const wchar_t* serverName,
+   __in UINT32 authnService,
+   __in_opt SEC_WINNT_AUTH_IDENTITY_W* authIdentity,
+   __in_opt const FWPM_SESSION0* session,
+   __out HANDLE* engineHandle
+   );
+
+DWORD
+WINAPI
+FwpmEngineClose0(__inout HANDLE engineHandle);
+
+DWORD
+WINAPI
+FwpmEngineGetOption0(
+   __in HANDLE engineHandle,
+   __in FWPM_ENGINE_OPTION option,
+   __deref_out FWP_VALUE0** value
+   );
+
+DWORD
+WINAPI
+FwpmEngineSetOption0(
+   __in HANDLE engineHandle,
+   __in FWPM_ENGINE_OPTION option,
+   __in const FWP_VALUE0* newValue
+   );
+
+DWORD
+WINAPI
+FwpmEngineGetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmEngineSetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+DWORD
+WINAPI
+FwpmSessionCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_SESSION_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmSessionEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_SESSION0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+DWORD
+WINAPI
+FwpmSessionDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for explicit transactions.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#define FWPM_TXN_READ_ONLY (0x00000001)
+
+DWORD
+WINAPI
+FwpmTransactionBegin0(
+   __in HANDLE engineHandle,
+   __in UINT32 flags
+   );
+
+DWORD
+WINAPI
+FwpmTransactionCommit0(__in HANDLE engineHandle);
+
+DWORD
+WINAPI
+FwpmTransactionAbort0(__in HANDLE engineHandle);
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing providers.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmProviderAdd0(
+   __in HANDLE engineHandle,
+   __in const FWPM_PROVIDER0* provider,
+   __in_opt PSECURITY_DESCRIPTOR sd
+   );
+
+DWORD
+WINAPI
+FwpmProviderDeleteByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key
+   );
+
+DWORD
+WINAPI
+FwpmProviderGetByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key,
+   __deref_out FWPM_PROVIDER0** provider
+   );
+
+DWORD
+WINAPI
+FwpmProviderCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_PROVIDER_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_PROVIDER0*** entries,   
+   __out UINT32* numEntriesReturned
+   );
+
+DWORD
+WINAPI
+FwpmProviderDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderGetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmProviderSetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+typedef void (CALLBACK *FWPM_PROVIDER_CHANGE_CALLBACK0)(
+                           __inout void* context,
+                           __in const FWPM_PROVIDER_CHANGE0* change
+                           );
+
+DWORD
+WINAPI
+FwpmProviderSubscribeChanges0(
+   __in HANDLE engineHandle,
+   __in const FWPM_PROVIDER_SUBSCRIPTION0* subscription,
+   __in FWPM_PROVIDER_CHANGE_CALLBACK0 callback,
+   __in_opt void* context,
+   __out HANDLE* changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderUnsubscribeChanges0(
+   __in HANDLE engineHandle,
+   __inout HANDLE changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderSubscriptionsGet0(
+   __in HANDLE engineHandle,   
+   __deref_out_ecount(*numEntries)
+       FWPM_PROVIDER_SUBSCRIPTION0*** entries,
+   __out UINT32* numEntries
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing provider contexts.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmProviderContextAdd0(
+   __in HANDLE engineHandle,
+   __in const FWPM_PROVIDER_CONTEXT0* providerContext,
+   __in_opt PSECURITY_DESCRIPTOR sd,
+   __out_opt UINT64* id
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+FwpmProviderContextAdd1(
+   __in HANDLE engineHandle,
+   __in const FWPM_PROVIDER_CONTEXT1* providerContext,
+   __in_opt PSECURITY_DESCRIPTOR sd,
+   __out_opt UINT64* id
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+FwpmProviderContextDeleteById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id
+   );
+
+DWORD
+WINAPI
+FwpmProviderContextDeleteByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key
+   );
+
+DWORD
+WINAPI
+FwpmProviderContextGetById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __deref_out FWPM_PROVIDER_CONTEXT0** providerContext
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+FwpmProviderContextGetById1(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __deref_out FWPM_PROVIDER_CONTEXT1** providerContext
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+FwpmProviderContextGetByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key,
+   __deref_out FWPM_PROVIDER_CONTEXT0** providerContext
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+FwpmProviderContextGetByKey1(
+   __in HANDLE engineHandle,
+   __in const GUID* key,
+   __deref_out FWPM_PROVIDER_CONTEXT1** providerContext
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+FwpmProviderContextCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderContextEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_PROVIDER_CONTEXT0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+FwpmProviderContextEnum1(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_PROVIDER_CONTEXT1*** entries,
+   __out UINT32* numEntriesReturned
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+FwpmProviderContextDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderContextGetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmProviderContextSetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+typedef void (CALLBACK *FWPM_PROVIDER_CONTEXT_CHANGE_CALLBACK0)(
+                           __inout void* context,
+                           __in const FWPM_PROVIDER_CONTEXT_CHANGE0* change
+                           );
+
+DWORD
+WINAPI
+FwpmProviderContextSubscribeChanges0(
+   __in HANDLE engineHandle,
+   __in const FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0* subscription,
+   __in FWPM_PROVIDER_CONTEXT_CHANGE_CALLBACK0 callback,
+   __in_opt void* context,
+   __out HANDLE* changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderContextUnsubscribeChanges0(
+   __in HANDLE engineHandle,
+   __inout HANDLE changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmProviderContextSubscriptionsGet0(
+   __in HANDLE engineHandle,   
+   __deref_out_ecount(*numEntries)
+       FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0*** entries,
+   __out UINT32* numEntries
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing sub-layers.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmSubLayerAdd0(
+   __in HANDLE engineHandle,
+   __in const FWPM_SUBLAYER0* subLayer,
+   __in_opt PSECURITY_DESCRIPTOR sd
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerDeleteByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerGetByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key,
+   __deref_out FWPM_SUBLAYER0** subLayer
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_SUBLAYER_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_SUBLAYER0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerGetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerSetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+typedef void (CALLBACK *FWPM_SUBLAYER_CHANGE_CALLBACK0)(
+                           __inout void* context,
+                           __in const FWPM_SUBLAYER_CHANGE0* change
+                           );
+
+DWORD
+WINAPI
+FwpmSubLayerSubscribeChanges0(
+   __in HANDLE engineHandle,
+   __in const FWPM_SUBLAYER_SUBSCRIPTION0* subscription,
+   __in FWPM_SUBLAYER_CHANGE_CALLBACK0 callback,
+   __in_opt void* context,
+   __out HANDLE* changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerUnsubscribeChanges0(
+   __in HANDLE engineHandle,
+   __inout HANDLE changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmSubLayerSubscriptionsGet0(
+   __in HANDLE engineHandle,   
+   __deref_out_ecount(*numEntries)
+       FWPM_SUBLAYER_SUBSCRIPTION0*** entries,
+   __out UINT32* numEntries
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing layers.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmLayerGetById0(
+   __in HANDLE engineHandle,
+   __in UINT16 id,
+   __deref_out FWPM_LAYER0** layer
+   );
+
+DWORD
+WINAPI
+FwpmLayerGetByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key,
+   __deref_out FWPM_LAYER0** layer
+   );
+
+DWORD
+WINAPI
+FwpmLayerCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_LAYER_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmLayerEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_LAYER0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+DWORD
+WINAPI
+FwpmLayerDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmLayerGetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmLayerSetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing callouts.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmCalloutAdd0(
+   __in HANDLE engineHandle,
+   __in const FWPM_CALLOUT0* callout,
+   __in_opt PSECURITY_DESCRIPTOR sd,
+   __out_opt UINT32* id
+   );
+
+DWORD
+WINAPI
+FwpmCalloutDeleteById0(
+   __in HANDLE engineHandle,
+   __in UINT32 id
+   );
+
+DWORD
+WINAPI
+FwpmCalloutDeleteByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key
+   );
+
+DWORD
+WINAPI
+FwpmCalloutGetById0(
+   __in HANDLE engineHandle,
+   __in UINT32 id,
+   __deref_out FWPM_CALLOUT0** callout
+   );
+
+DWORD
+WINAPI
+FwpmCalloutGetByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key,
+   __deref_out FWPM_CALLOUT0** callout
+   );
+
+DWORD
+WINAPI
+FwpmCalloutCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_CALLOUT_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmCalloutEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_CALLOUT0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+DWORD
+WINAPI
+FwpmCalloutDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmCalloutGetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmCalloutSetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+typedef void (CALLBACK *FWPM_CALLOUT_CHANGE_CALLBACK0)(
+                           __inout void* context,
+                           __in const FWPM_CALLOUT_CHANGE0* change
+                           );
+
+DWORD
+WINAPI
+FwpmCalloutSubscribeChanges0(
+   __in HANDLE engineHandle,
+   __in const FWPM_CALLOUT_SUBSCRIPTION0* subscription,
+   __in FWPM_CALLOUT_CHANGE_CALLBACK0 callback,
+   __in_opt void* context,
+   __out HANDLE* changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmCalloutUnsubscribeChanges0(
+   __in HANDLE engineHandle,
+   __inout HANDLE changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmCalloutSubscriptionsGet0(
+   __in HANDLE engineHandle,   
+   __deref_out_ecount(*numEntries)
+       FWPM_CALLOUT_SUBSCRIPTION0*** entries,
+   __out UINT32* numEntries
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing filters.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmFilterAdd0(
+   __in HANDLE engineHandle,
+   __in const FWPM_FILTER0* filter,
+   __in_opt PSECURITY_DESCRIPTOR sd,
+   __out_opt UINT64* id
+   );
+
+DWORD
+WINAPI
+FwpmFilterDeleteById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id
+   );
+
+DWORD
+WINAPI
+FwpmFilterDeleteByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key
+   );
+
+DWORD
+WINAPI
+FwpmFilterGetById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __deref_out FWPM_FILTER0** filter
+   );
+
+DWORD
+WINAPI
+FwpmFilterGetByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key,
+   __deref_out FWPM_FILTER0** filter
+   );
+
+DWORD
+WINAPI
+FwpmFilterCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_FILTER_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmFilterEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_FILTER0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+DWORD
+WINAPI
+FwpmFilterDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmFilterGetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmFilterSetSecurityInfoByKey0(
+   __in HANDLE engineHandle,
+   __in_opt const GUID* key,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+typedef void (CALLBACK *FWPM_FILTER_CHANGE_CALLBACK0)(
+                           __inout void* context,
+                           __in const FWPM_FILTER_CHANGE0* change
+                           );
+
+DWORD
+WINAPI
+FwpmFilterSubscribeChanges0(
+   __in HANDLE engineHandle,
+   __in const FWPM_FILTER_SUBSCRIPTION0* subscription,
+   __in FWPM_FILTER_CHANGE_CALLBACK0 callback,
+   __in_opt void* context,
+   __out HANDLE* changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmFilterUnsubscribeChanges0(
+   __in HANDLE engineHandle,
+   __inout HANDLE changeHandle
+   );
+
+DWORD
+WINAPI
+FwpmFilterSubscriptionsGet0(
+   __in HANDLE engineHandle,
+   __deref_out_ecount(*numEntries)
+       FWPM_FILTER_SUBSCRIPTION0*** entries,
+   __out UINT32* numEntries
+   );
+
+DWORD
+WINAPI
+FwpmGetAppIdFromFileName0(
+   __in PCWSTR fileName,
+   __deref_out FWP_BYTE_BLOB** appId
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Helper functions for configuring an IPsec tunnel.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+// Create a point-to-point tunnel.
+#define FWPM_TUNNEL_FLAG_POINT_TO_POINT (0x00000001)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+// Enable Virtual interface based IPsec tunnel mode.
+#define FWPM_TUNNEL_FLAG_ENABLE_VIRTUAL_IF_TUNNELING (0x00000002)
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+FwpmIPsecTunnelAdd0(
+   __in HANDLE engineHandle,
+   __in UINT32 flags,
+   __in_opt const FWPM_PROVIDER_CONTEXT0* mainModePolicy,
+   __in const FWPM_PROVIDER_CONTEXT0* tunnelPolicy,
+   __in UINT32 numFilterConditions,
+   __in const FWPM_FILTER_CONDITION0* filterConditions,
+   __in_opt PSECURITY_DESCRIPTOR sd
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+FwpmIPsecTunnelAdd1(
+   __in HANDLE engineHandle,
+   __in UINT32 flags,
+   __in_opt const FWPM_PROVIDER_CONTEXT1* mainModePolicy,
+   __in const FWPM_PROVIDER_CONTEXT1* tunnelPolicy,
+   __in UINT32 numFilterConditions,
+   __in const FWPM_FILTER_CONDITION0* filterConditions,
+   __in_opt const GUID* keyModKey,
+   __in_opt PSECURITY_DESCRIPTOR sd
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+FwpmIPsecTunnelDeleteByKey0(
+   __in HANDLE engineHandle,
+   __in const GUID* key
+   );
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing IPsec.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+IPsecGetStatistics0(
+   __in HANDLE engineHandle,
+   __out IPSEC_STATISTICS0* ipsecStatistics
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IPsecGetStatistics1(
+   __in HANDLE engineHandle,
+   __out IPSEC_STATISTICS1* ipsecStatistics
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IPsecSaContextCreate0(
+   __in HANDLE engineHandle,
+   __in const IPSEC_TRAFFIC0* outboundTraffic,
+   __out_opt UINT64* inboundFilterId,
+   __out UINT64* id
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IPsecSaContextCreate1(
+   __in HANDLE engineHandle,
+   __in const IPSEC_TRAFFIC1* outboundTraffic,
+   __in_opt const IPSEC_VIRTUAL_IF_TUNNEL_INFO0* virtualIfTunnelInfo,
+   __out_opt UINT64* inboundFilterId,
+   __out UINT64* id
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IPsecSaContextDeleteById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id
+   );
+
+DWORD
+WINAPI
+IPsecSaContextGetById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __deref_out IPSEC_SA_CONTEXT0** saContext
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IPsecSaContextGetById1(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __deref_out IPSEC_SA_CONTEXT1** saContext
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IPsecSaContextGetSpi0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in const IPSEC_GETSPI0* getSpi,
+   __out IPSEC_SA_SPI* inboundSpi
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IPsecSaContextGetSpi1(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in const IPSEC_GETSPI1* getSpi,
+   __out IPSEC_SA_SPI* inboundSpi
+   );
+
+DWORD
+WINAPI
+IPsecSaContextSetSpi0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in const IPSEC_GETSPI1* getSpi,
+   __in IPSEC_SA_SPI inboundSpi
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IPsecSaContextAddInbound0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in const IPSEC_SA_BUNDLE0* inboundBundle
+   );
+
+DWORD
+WINAPI
+IPsecSaContextAddOutbound0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in const IPSEC_SA_BUNDLE0* outboundBundle
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IPsecSaContextAddInbound1(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in const IPSEC_SA_BUNDLE1* inboundBundle
+   );
+
+DWORD
+WINAPI
+IPsecSaContextAddOutbound1(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in const IPSEC_SA_BUNDLE1* outboundBundle
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)   
+
+DWORD
+WINAPI
+IPsecSaContextExpire0(
+   __in HANDLE engineHandle,
+   __in UINT64 id
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+// Flags indicating the specific field in the IPSEC_SA_CONTEXT data type that is
+// being updated.
+//
+#define IPSEC_SA_DETAILS_UPDATE_TRAFFIC                (0x01ui64)
+#define IPSEC_SA_DETAILS_UPDATE_UDP_ENCAPSULATION      (0x02ui64)
+#define IPSEC_SA_BUNDLE_UPDATE_FLAGS                   (0x04ui64)
+#define IPSEC_SA_BUNDLE_UPDATE_NAP_CONTEXT             (0x08ui64)
+#define IPSEC_SA_BUNDLE_UPDATE_KEY_MODULE_STATE        (0x10ui64)
+#define IPSEC_SA_BUNDLE_UPDATE_PEER_V4_PRIVATE_ADDRESS (0x20ui64)
+#define IPSEC_SA_BUNDLE_UPDATE_MM_SA_ID                (0x40ui64)
+
+DWORD
+WINAPI
+IPsecSaContextUpdate0(
+   __in HANDLE engineHandle,
+   __in UINT64 flags,
+   __in const IPSEC_SA_CONTEXT1* newValues
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)   
+
+DWORD
+WINAPI
+IPsecSaContextCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const IPSEC_SA_CONTEXT_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+IPsecSaContextEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) IPSEC_SA_CONTEXT0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IPsecSaContextEnum1(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) IPSEC_SA_CONTEXT1*** entries,
+   __out UINT32* numEntriesReturned
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IPsecSaContextDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+IPsecSaCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const IPSEC_SA_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+IPsecSaEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) IPSEC_SA_DETAILS0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IPsecSaEnum1(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) IPSEC_SA_DETAILS1*** entries,
+   __out UINT32* numEntriesReturned
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IPsecSaDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+IPsecSaDbGetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+IPsecSaDbSetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing IPsec DoS Protection.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+IPsecDospGetStatistics0(
+   __in HANDLE engineHandle,
+   __out IPSEC_DOSP_STATISTICS0* idpStatistics
+   );
+
+DWORD
+WINAPI
+IPsecDospStateCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const IPSEC_DOSP_STATE_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+IPsecDospStateEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntries) IPSEC_DOSP_STATE0*** entries,
+   __out UINT32* numEntries
+   );
+
+DWORD
+WINAPI
+IPsecDospStateDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+IPsecDospGetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+IPsecDospSetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for managing IKE, Authip.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+IkeextGetStatistics0(
+   __in HANDLE engineHandle,
+   __out IKEEXT_STATISTICS0* ikeextStatistics
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IkeextGetStatistics1(
+   __in HANDLE engineHandle,
+   __out IKEEXT_STATISTICS1* ikeextStatistics
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IkeextSaDeleteById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id
+   );
+
+DWORD
+WINAPI
+IkeextSaGetById0(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __deref_out IKEEXT_SA_DETAILS0** sa
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IkeextSaGetById1(
+   __in HANDLE engineHandle,
+   __in UINT64 id,
+   __in_opt GUID* saLookupContext,
+   __deref_out IKEEXT_SA_DETAILS1** sa
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IkeextSaCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const IKEEXT_SA_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+IkeextSaEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) IKEEXT_SA_DETAILS0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+   
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+IkeextSaEnum1(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) IKEEXT_SA_DETAILS1*** entries,
+   __out UINT32* numEntriesReturned
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+IkeextSaDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+IkeextSaDbGetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+IkeextSaDbSetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for diagnostics.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmNetEventCreateEnumHandle0(
+   __in HANDLE engineHandle,
+   __in_opt const FWPM_NET_EVENT_ENUM_TEMPLATE0* enumTemplate,
+   __out HANDLE* enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmNetEventEnum0(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT0*** entries,
+   __out UINT32* numEntriesReturned
+   );
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+DWORD
+WINAPI
+FwpmNetEventEnum1(
+   __in HANDLE engineHandle,
+   __in HANDLE enumHandle,
+   __in UINT32 numEntriesRequested,
+   __deref_out_ecount(*numEntriesReturned) FWPM_NET_EVENT1*** entries,
+   __out UINT32* numEntriesReturned
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+DWORD
+WINAPI
+FwpmNetEventDestroyEnumHandle0(
+   __in HANDLE engineHandle,
+   __inout HANDLE enumHandle
+   );
+
+DWORD
+WINAPI
+FwpmNetEventsGetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __deref_out_opt PSID* sidOwner,
+   __deref_out_opt PSID* sidGroup,
+   __deref_out_opt PACL* dacl,
+   __deref_out_opt PACL* sacl,
+   __deref_out PSECURITY_DESCRIPTOR* securityDescriptor
+   );
+
+DWORD
+WINAPI
+FwpmNetEventsSetSecurityInfo0(
+   __in HANDLE engineHandle,
+   __in SECURITY_INFORMATION securityInfo,
+   __in_opt const SID* sidOwner,
+   __in_opt const SID* sidGroup,
+   __in_opt const ACL* dacl,
+   __in_opt const ACL* sacl
+   );
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+typedef void (CALLBACK *FWPM_NET_EVENT_CALLBACK0)(
+                           __inout void* context,
+                           __in const FWPM_NET_EVENT1* event
+                           );
+
+DWORD
+WINAPI
+FwpmNetEventSubscribe0(
+   __in HANDLE engineHandle,
+   __in const FWPM_NET_EVENT_SUBSCRIPTION0* subscription,
+   __in FWPM_NET_EVENT_CALLBACK0 callback,
+   __in_opt void* context,
+   __out HANDLE* eventsHandle
+   );
+
+DWORD
+WINAPI
+FwpmNetEventUnsubscribe0(
+   __in HANDLE engineHandle,
+   __inout HANDLE eventsHandle
+   );
+
+DWORD
+WINAPI
+FwpmNetEventSubscriptionsGet0(
+   __in HANDLE engineHandle,
+   __deref_out_ecount(*numEntries)
+       FWPM_NET_EVENT_SUBSCRIPTION0*** entries,
+   __out UINT32* numEntries
+   );
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Functions for tracking system ports.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+DWORD
+WINAPI
+FwpmSystemPortsGet0(
+   __in_opt HANDLE engineHandle,
+   __deref_out FWPM_SYSTEM_PORTS0** sysPorts
+   );
+
+typedef void (CALLBACK *FWPM_SYSTEM_PORTS_CALLBACK0)(
+                           __inout void* context,
+                           __in const FWPM_SYSTEM_PORTS0* sysPorts
+                           );
+
+DWORD
+WINAPI
+FwpmSystemPortsSubscribe0(
+   __in_opt HANDLE engineHandle,
+   __reserved void* reserved,
+   __in FWPM_SYSTEM_PORTS_CALLBACK0 callback,
+   __in_opt void* context,
+   __out HANDLE* sysPortsHandle
+   );
+
+DWORD
+WINAPI
+FwpmSystemPortsUnsubscribe0(
+   __in_opt HANDLE engineHandle,
+   __inout HANDLE sysPortsHandle
+   );
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+#ifdef __cplusplus
+}
+#endif
+#endif // FWPMX_H
+#endif // GUID_DEFS_ONLY
+//#endif // (NTDDI_VERSION >= NTDDI_WIN6)
+

src/Mayaqua/fixed_fwptypes.h

@@ -0,0 +1,368 @@
+
+
+/* this ALWAYS GENERATED file contains the definitions for the interfaces */
+
+
+ /* File created by MIDL compiler version 7.00.0555 */
+/* Compiler settings for fwptypes.idl:
+    Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 7.00.0555 
+    protocol : dce , ms_ext, c_ext, robust
+    error checks: allocation ref bounds_check enum stub_data 
+    VC __declspec() decoration level: 
+         __declspec(uuid()), __declspec(selectany), __declspec(novtable)
+         DECLSPEC_UUID(), MIDL_INTERFACE()
+*/
+/* @@MIDL_FILE_HEADING(  ) */
+
+#pragma warning( disable: 4049 )  /* more than 64k source lines */
+
+
+/* verify that the <rpcndr.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCNDR_H_VERSION__
+#define __REQUIRED_RPCNDR_H_VERSION__ 500
+#endif
+
+/* verify that the <rpcsal.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCSAL_H_VERSION__
+#define __REQUIRED_RPCSAL_H_VERSION__ 100
+#endif
+
+#include "rpc.h"
+#include "rpcndr.h"
+
+#ifndef __RPCNDR_H_VERSION__
+#error this stub requires an updated version of <rpcndr.h>
+#endif // __RPCNDR_H_VERSION__
+
+
+#ifndef __fwptypes_h__
+#define __fwptypes_h__
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1020)
+#pragma once
+#endif
+
+/* Forward Declarations */ 
+
+/* header files for imported files */
+#include "wtypes.h"
+
+#ifdef __cplusplus
+extern "C"{
+#endif 
+
+
+/* interface __MIDL_itf_fwptypes_0000_0000 */
+/* [local] */ 
+
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(push)
+#endif
+#pragma warning(disable:4201)
+#endif
+#ifdef __midl
+typedef struct _LUID
+    {
+    DWORD LowPart;
+    LONG HighPart;
+    } 	LUID;
+
+typedef struct _LUID *PLUID;
+
+#endif
+typedef /* [v1_enum] */ 
+enum FWP_DIRECTION_
+    {	FWP_DIRECTION_OUTBOUND	= 0,
+	FWP_DIRECTION_INBOUND	= ( FWP_DIRECTION_OUTBOUND + 1 ) ,
+	FWP_DIRECTION_MAX	= ( FWP_DIRECTION_INBOUND + 1 ) 
+    } 	FWP_DIRECTION;
+
+typedef /* [v1_enum] */ 
+enum FWP_IP_VERSION_
+    {	FWP_IP_VERSION_V4	= 0,
+	FWP_IP_VERSION_V6	= ( FWP_IP_VERSION_V4 + 1 ) ,
+	FWP_IP_VERSION_NONE	= ( FWP_IP_VERSION_V6 + 1 ) ,
+	FWP_IP_VERSION_MAX	= ( FWP_IP_VERSION_NONE + 1 ) 
+    } 	FWP_IP_VERSION;
+
+typedef /* [v1_enum] */ 
+enum FWP_NE_FAMILY_
+    {	FWP_AF_INET	= FWP_IP_VERSION_V4,
+	FWP_AF_INET6	= FWP_IP_VERSION_V6,
+	FWP_AF_ETHER	= FWP_IP_VERSION_NONE,
+	FWP_AF_NONE	= ( FWP_AF_ETHER + 1 ) 
+    } 	FWP_AF;
+
+typedef /* [v1_enum] */ 
+enum FWP_ETHER_ENCAP_METHOD_
+    {	FWP_ETHER_ENCAP_METHOD_ETHER_V2	= 0,
+	FWP_ETHER_ENCAP_METHOD_SNAP	= 1,
+	FWP_ETHER_ENCAP_METHOD_SNAP_W_OUI_ZERO	= 3
+    } 	FWP_ETHER_ENCAP_METHOD;
+
+typedef /* [v1_enum] */ 
+enum FWP_DATA_TYPE_
+    {	FWP_EMPTY	= 0,
+	FWP_UINT8	= ( FWP_EMPTY + 1 ) ,
+	FWP_UINT16	= ( FWP_UINT8 + 1 ) ,
+	FWP_UINT32	= ( FWP_UINT16 + 1 ) ,
+	FWP_UINT64	= ( FWP_UINT32 + 1 ) ,
+	FWP_INT8	= ( FWP_UINT64 + 1 ) ,
+	FWP_INT16	= ( FWP_INT8 + 1 ) ,
+	FWP_INT32	= ( FWP_INT16 + 1 ) ,
+	FWP_INT64	= ( FWP_INT32 + 1 ) ,
+	FWP_FLOAT	= ( FWP_INT64 + 1 ) ,
+	FWP_DOUBLE	= ( FWP_FLOAT + 1 ) ,
+	FWP_BYTE_ARRAY16_TYPE	= ( FWP_DOUBLE + 1 ) ,
+	FWP_BYTE_BLOB_TYPE	= ( FWP_BYTE_ARRAY16_TYPE + 1 ) ,
+	FWP_SID	= ( FWP_BYTE_BLOB_TYPE + 1 ) ,
+	FWP_SECURITY_DESCRIPTOR_TYPE	= ( FWP_SID + 1 ) ,
+	FWP_TOKEN_INFORMATION_TYPE	= ( FWP_SECURITY_DESCRIPTOR_TYPE + 1 ) ,
+	FWP_TOKEN_ACCESS_INFORMATION_TYPE	= ( FWP_TOKEN_INFORMATION_TYPE + 1 ) ,
+	FWP_UNICODE_STRING_TYPE	= ( FWP_TOKEN_ACCESS_INFORMATION_TYPE + 1 ) ,
+	FWP_BYTE_ARRAY6_TYPE	= ( FWP_UNICODE_STRING_TYPE + 1 ) ,
+	FWP_SINGLE_DATA_TYPE_MAX	= 0xff,
+	FWP_V4_ADDR_MASK	= ( FWP_SINGLE_DATA_TYPE_MAX + 1 ) ,
+	FWP_V6_ADDR_MASK	= ( FWP_V4_ADDR_MASK + 1 ) ,
+	FWP_RANGE_TYPE	= ( FWP_V6_ADDR_MASK + 1 ) ,
+	FWP_DATA_TYPE_MAX	= ( FWP_RANGE_TYPE + 1 ) 
+    } 	FWP_DATA_TYPE;
+
+typedef struct FWP_BYTE_ARRAY6_
+    {
+    UINT8 byteArray6[ 6 ];
+    } 	FWP_BYTE_ARRAY6;
+
+#define FWP_BYTE_ARRAY6_SIZE 6
+typedef struct FWP_BYTE_ARRAY16_
+    {
+    UINT8 byteArray16[ 16 ];
+    } 	FWP_BYTE_ARRAY16;
+
+typedef struct FWP_BYTE_BLOB_
+    {
+    UINT32 size;
+    UINT8 *data;
+    } 	FWP_BYTE_BLOB;
+
+typedef struct FWP_TOKEN_INFORMATION_
+    {
+    ULONG sidCount;
+    PSID_AND_ATTRIBUTES sids;
+    ULONG restrictedSidCount;
+    PSID_AND_ATTRIBUTES restrictedSids;
+    } 	FWP_TOKEN_INFORMATION;
+
+typedef struct FWP_VALUE0_
+    {
+    FWP_DATA_TYPE type;
+    union 
+        {
+         /* Empty union arm */ 
+        UINT8 uint8;
+        UINT16 uint16;
+        UINT32 uint32;
+        UINT64 *uint64;
+        INT8 int8;
+        INT16 int16;
+        INT32 int32;
+        INT64 *int64;
+        float float32;
+        double *double64;
+        FWP_BYTE_ARRAY16 *byteArray16;
+        FWP_BYTE_BLOB *byteBlob;
+        SID *sid;
+        FWP_BYTE_BLOB *sd;
+        FWP_TOKEN_INFORMATION *tokenInformation;
+        FWP_BYTE_BLOB *tokenAccessInformation;
+        LPWSTR unicodeString;
+        FWP_BYTE_ARRAY6 *byteArray6;
+        } 	;
+    } 	FWP_VALUE0;
+
+typedef /* [v1_enum] */ 
+enum FWP_MATCH_TYPE_
+    {	FWP_MATCH_EQUAL	= 0,
+	FWP_MATCH_GREATER	= ( FWP_MATCH_EQUAL + 1 ) ,
+	FWP_MATCH_LESS	= ( FWP_MATCH_GREATER + 1 ) ,
+	FWP_MATCH_GREATER_OR_EQUAL	= ( FWP_MATCH_LESS + 1 ) ,
+	FWP_MATCH_LESS_OR_EQUAL	= ( FWP_MATCH_GREATER_OR_EQUAL + 1 ) ,
+	FWP_MATCH_RANGE	= ( FWP_MATCH_LESS_OR_EQUAL + 1 ) ,
+	FWP_MATCH_FLAGS_ALL_SET	= ( FWP_MATCH_RANGE + 1 ) ,
+	FWP_MATCH_FLAGS_ANY_SET	= ( FWP_MATCH_FLAGS_ALL_SET + 1 ) ,
+	FWP_MATCH_FLAGS_NONE_SET	= ( FWP_MATCH_FLAGS_ANY_SET + 1 ) ,
+	FWP_MATCH_EQUAL_CASE_INSENSITIVE	= ( FWP_MATCH_FLAGS_NONE_SET + 1 ) ,
+	FWP_MATCH_NOT_EQUAL	= ( FWP_MATCH_EQUAL_CASE_INSENSITIVE + 1 ) ,
+	FWP_MATCH_TYPE_MAX	= ( FWP_MATCH_NOT_EQUAL + 1 ) 
+    } 	FWP_MATCH_TYPE;
+
+typedef struct FWP_V4_ADDR_AND_MASK_
+    {
+    UINT32 addr;
+    UINT32 mask;
+    } 	FWP_V4_ADDR_AND_MASK;
+
+#define FWP_V6_ADDR_SIZE (16)
+typedef struct FWP_V6_ADDR_AND_MASK_
+    {
+    UINT8 addr[ 16 ];
+    UINT8 prefixLength;
+    } 	FWP_V6_ADDR_AND_MASK;
+
+typedef struct FWP_RANGE0_
+    {
+    FWP_VALUE0 valueLow;
+    FWP_VALUE0 valueHigh;
+    } 	FWP_RANGE0;
+
+#define FWP_ACTRL_MATCH_FILTER (0x00000001)
+
+typedef struct FWP_CONDITION_VALUE0_
+    {
+    FWP_DATA_TYPE type;
+    union 
+        {
+         /* Empty union arm */ 
+        UINT8 uint8;
+        UINT16 uint16;
+        UINT32 uint32;
+        UINT64 *uint64;
+        INT8 int8;
+        INT16 int16;
+        INT32 int32;
+        INT64 *int64;
+        float float32;
+        double *double64;
+        FWP_BYTE_ARRAY16 *byteArray16;
+        FWP_BYTE_BLOB *byteBlob;
+        SID *sid;
+        FWP_BYTE_BLOB *sd;
+        FWP_TOKEN_INFORMATION *tokenInformation;
+        FWP_BYTE_BLOB *tokenAccessInformation;
+        LPWSTR unicodeString;
+        FWP_BYTE_ARRAY6 *byteArray6;
+        FWP_V4_ADDR_AND_MASK *v4AddrMask;
+        FWP_V6_ADDR_AND_MASK *v6AddrMask;
+        FWP_RANGE0 *rangeValue;
+        } 	;
+    } 	FWP_CONDITION_VALUE0;
+
+typedef /* [v1_enum] */ 
+enum FWP_CLASSIFY_OPTION_TYPE_
+    {	FWP_CLASSIFY_OPTION_MULTICAST_STATE	= 0,
+	FWP_CLASSIFY_OPTION_LOOSE_SOURCE_MAPPING	= ( FWP_CLASSIFY_OPTION_MULTICAST_STATE + 1 ) ,
+	FWP_CLASSIFY_OPTION_UNICAST_LIFETIME	= ( FWP_CLASSIFY_OPTION_LOOSE_SOURCE_MAPPING + 1 ) ,
+	FWP_CLASSIFY_OPTION_MCAST_BCAST_LIFETIME	= ( FWP_CLASSIFY_OPTION_UNICAST_LIFETIME + 1 ) ,
+	FWP_CLASSIFY_OPTION_SECURE_SOCKET_SECURITY_FLAGS	= ( FWP_CLASSIFY_OPTION_MCAST_BCAST_LIFETIME + 1 ) ,
+	FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_MM_POLICY_KEY	= ( FWP_CLASSIFY_OPTION_SECURE_SOCKET_SECURITY_FLAGS + 1 ) ,
+	FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_QM_POLICY_KEY	= ( FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_MM_POLICY_KEY + 1 ) ,
+	FWP_CLASSIFY_OPTION_MAX	= ( FWP_CLASSIFY_OPTION_SECURE_SOCKET_AUTHIP_QM_POLICY_KEY + 1 ) 
+    } 	FWP_CLASSIFY_OPTION_TYPE;
+
+#define FWP_OPTION_VALUE_ALLOW_MULTICAST_STATE (0x00000000)
+#define FWP_OPTION_VALUE_DENY_MULTICAST_STATE  (0x00000001)
+#define FWP_OPTION_VALUE_ALLOW_GLOBAL_MULTICAST_STATE (0x00000002)
+#define FWP_OPTION_VALUE_DISABLE_LOOSE_SOURCE (0x00000000)
+#define FWP_OPTION_VALUE_ENABLE_LOOSE_SOURCE  (0x00000001)
+#define FWP_ACTION_FLAG_TERMINATING     (0x00001000)
+#define FWP_ACTION_FLAG_NON_TERMINATING (0x00002000)
+#define FWP_ACTION_FLAG_CALLOUT         (0x00004000)
+typedef UINT32 FWP_ACTION_TYPE;
+
+#define FWP_ACTION_BLOCK \
+   (0x00000001 | FWP_ACTION_FLAG_TERMINATING)
+#define FWP_ACTION_PERMIT \
+   (0x00000002 | FWP_ACTION_FLAG_TERMINATING)
+#define FWP_ACTION_CALLOUT_TERMINATING \
+   (0x00000003 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_TERMINATING)
+#define FWP_ACTION_CALLOUT_INSPECTION \
+   (0x00000004 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_NON_TERMINATING)
+#define FWP_ACTION_CALLOUT_UNKNOWN \
+   (0x00000005 | FWP_ACTION_FLAG_CALLOUT)
+#define FWP_ACTION_CONTINUE \
+   (0x00000006 | FWP_ACTION_FLAG_NON_TERMINATING)
+#define FWP_ACTION_NONE \
+   (0x00000007)
+#define FWP_ACTION_NONE_NO_MATCH \
+   (0x00000008)
+#define FWP_CONDITION_FLAG_IS_LOOPBACK              (0x00000001)
+#define FWP_CONDITION_FLAG_IS_IPSEC_SECURED         (0x00000002)
+#define FWP_CONDITION_FLAG_IS_REAUTHORIZE           (0x00000004)
+#define FWP_CONDITION_FLAG_IS_WILDCARD_BIND         (0x00000008)
+#define FWP_CONDITION_FLAG_IS_RAW_ENDPOINT          (0x00000010)
+#define FWP_CONDITION_FLAG_IS_FRAGMENT              (0x00000020)
+#define FWP_CONDITION_FLAG_IS_FRAGMENT_GROUP        (0x00000040)
+#define FWP_CONDITION_FLAG_IS_IPSEC_NATT_RECLASSIFY (0x00000080)
+#define FWP_CONDITION_FLAG_REQUIRES_ALE_CLASSIFY    (0x00000100)
+#define FWP_CONDITION_FLAG_IS_IMPLICIT_BIND         (0x00000200)
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+#define FWP_CONDITION_FLAG_IS_REASSEMBLED           (0x00000400)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWP_CONDITION_FLAG_IS_NAME_APP_SPECIFIED    (0x00004000)
+#define FWP_CONDITION_FLAG_IS_PROMISCUOUS           (0x00008000)
+#define FWP_CONDITION_FLAG_IS_AUTH_FW               (0x00010000)
+#define FWP_CONDITION_FLAG_IS_RECLASSIFY            (0x00020000)
+#define FWP_CONDITION_FLAG_IS_OUTBOUND_PASS_THRU    (0x00040000)
+#define FWP_CONDITION_FLAG_IS_INBOUND_PASS_THRU     (0x00080000)
+#define FWP_CONDITION_FLAG_IS_CONNECTION_REDIRECTED (0x00100000)
+#define FWP_CONDITION_REAUTHORIZE_REASON_POLICY_CHANGE             (0x00000001)
+#define FWP_CONDITION_REAUTHORIZE_REASON_NEW_ARRIVAL_INTERFACE     (0x00000002)
+#define FWP_CONDITION_REAUTHORIZE_REASON_NEW_NEXTHOP_INTERFACE     (0x00000004)
+#define FWP_CONDITION_REAUTHORIZE_REASON_PROFILE_CROSSING          (0x00000008)
+#define FWP_CONDITION_REAUTHORIZE_REASON_CLASSIFY_COMPLETION       (0x00000010)
+#define FWP_CONDITION_REAUTHORIZE_REASON_IPSEC_PROPERTIES_CHANGED  (0x00000020)
+#define FWP_CONDITION_REAUTHORIZE_REASON_MID_STREAM_INSPECTION     (0x00000040)
+#define FWP_CONDITION_REAUTHORIZE_REASON_SOCKET_PROPERTY_CHANGED   (0x00000080)
+#define FWP_CONDITION_REAUTHORIZE_REASON_NEW_INBOUND_MCAST_BCAST_PACKET   (0x00000100)
+#define FWP_CONDITION_SOCKET_PROPERTY_FLAG_IS_SYSTEM_PORT_RPC      (0x00000001)
+#define FWP_CONDITION_SOCKET_PROPERTY_FLAG_ALLOW_EDGE_TRAFFIC      (0x00000002)
+#define FWP_CONDITION_SOCKET_PROPERTY_FLAG_DENY_EDGE_TRAFFIC       (0x00000004)
+#endif
+#endif
+typedef /* [v1_enum] */ 
+enum FWP_FILTER_ENUM_TYPE_
+    {	FWP_FILTER_ENUM_FULLY_CONTAINED	= 0,
+	FWP_FILTER_ENUM_OVERLAPPING	= ( FWP_FILTER_ENUM_FULLY_CONTAINED + 1 ) ,
+	FWP_FILTER_ENUM_TYPE_MAX	= ( FWP_FILTER_ENUM_OVERLAPPING + 1 ) 
+    } 	FWP_FILTER_ENUM_TYPE;
+
+#define FWP_FILTER_ENUM_FLAG_BEST_TERMINATING_MATCH (0x00000001)
+#define FWP_FILTER_ENUM_FLAG_SORTED                 (0x00000002)
+#define FWP_FILTER_ENUM_FLAG_BOOTTIME_ONLY          (0x00000004)
+#define FWP_FILTER_ENUM_FLAG_INCLUDE_BOOTTIME       (0x00000008)
+#define FWP_FILTER_ENUM_FLAG_INCLUDE_DISABLED       (0x00000010)
+#define FWP_FILTER_ENUM_VALID_FLAGS \
+   (FWP_FILTER_ENUM_FLAG_BEST_TERMINATING_MATCH | \
+    FWP_FILTER_ENUM_FLAG_SORTED)
+#define FWP_CALLOUT_FLAG_CONDITIONAL_ON_FLOW        	(0x00000001)
+#define FWP_CALLOUT_FLAG_ALLOW_OFFLOAD          		(0x00000002)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWP_CALLOUT_FLAG_ENABLE_COMMIT_ADD_NOTIFY    (0x00000004)
+#define FWP_CALLOUT_FLAG_ALLOW_MID_STREAM_INSPECTION (0x00000008)
+#define FWP_CALLOUT_FLAG_ALLOW_RECLASSIFY            (0x00000010)
+#endif
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(pop)
+#else
+#pragma warning(default:4201)
+#endif
+#endif
+
+
+extern RPC_IF_HANDLE __MIDL_itf_fwptypes_0000_0000_v0_0_c_ifspec;
+extern RPC_IF_HANDLE __MIDL_itf_fwptypes_0000_0000_v0_0_s_ifspec;
+
+/* Additional Prototypes for ALL interfaces */
+
+/* end of Additional Prototypes */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
+

src/Mayaqua/fixed_fwpvi.h

@@ -0,0 +1,565 @@
+/*
+   Copyright (c) Microsoft Corporation
+
+   SYNOPSIS
+
+     Declares version independent definitions for the FWP API.
+*/
+#include "sdkddkver.h"
+
+#if (NTDDI_VERSION >= NTDDI_WIN6)
+#ifndef FWPVI_H
+#define FWPVI_H
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Version independent definitions for Fwpmtypes.
+//
+///////////////////////////////////////////////////////////////////////////////
+#define FWPM_DISPLAY_DATA FWPM_DISPLAY_DATA0
+#define FWPM_SESSION FWPM_SESSION0
+#define FWPM_SESSION_ENUM_TEMPLATE FWPM_SESSION_ENUM_TEMPLATE0
+#define FWPM_PROVIDER FWPM_PROVIDER0
+#define FWPM_PROVIDER_ENUM_TEMPLATE FWPM_PROVIDER_ENUM_TEMPLATE0
+#define FWPM_PROVIDER_CHANGE FWPM_PROVIDER_CHANGE0
+#define FWPM_PROVIDER_SUBSCRIPTION FWPM_PROVIDER_SUBSCRIPTION0
+#define FWPM_CLASSIFY_OPTION FWPM_CLASSIFY_OPTION0
+#define FWPM_CLASSIFY_OPTIONS FWPM_CLASSIFY_OPTIONS0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_PROVIDER_CONTEXT FWPM_PROVIDER_CONTEXT1
+#else
+#define FWPM_PROVIDER_CONTEXT FWPM_PROVIDER_CONTEXT0
+#endif
+#define FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE FWPM_PROVIDER_CONTEXT_ENUM_TEMPLATE0
+#define FWPM_PROVIDER_CONTEXT_CHANGE FWPM_PROVIDER_CONTEXT_CHANGE0
+#define FWPM_PROVIDER_CONTEXT_SUBSCRIPTION FWPM_PROVIDER_CONTEXT_SUBSCRIPTION0
+#define FWPM_SUBLAYER FWPM_SUBLAYER0
+#define FWPM_SUBLAYER_ENUM_TEMPLATE FWPM_SUBLAYER_ENUM_TEMPLATE0
+#define FWPM_SUBLAYER_CHANGE FWPM_SUBLAYER_CHANGE0
+#define FWPM_SUBLAYER_SUBSCRIPTION FWPM_SUBLAYER_SUBSCRIPTION0
+#define FWPM_FIELD FWPM_FIELD0
+#define FWPM_LAYER FWPM_LAYER0
+#define FWPM_LAYER_ENUM_TEMPLATE FWPM_LAYER_ENUM_TEMPLATE0
+#define FWPM_CALLOUT FWPM_CALLOUT0
+#define FWPM_CALLOUT_ENUM_TEMPLATE FWPM_CALLOUT_ENUM_TEMPLATE0
+#define FWPM_CALLOUT_CHANGE FWPM_CALLOUT_CHANGE0
+#define FWPM_CALLOUT_SUBSCRIPTION FWPM_CALLOUT_SUBSCRIPTION0
+#define FWPM_ACTION FWPM_ACTION0
+#define FWPM_FILTER_CONDITION FWPM_FILTER_CONDITION0
+#define FWPM_FILTER FWPM_FILTER0
+#define FWPM_FILTER_ENUM_TEMPLATE FWPM_FILTER_ENUM_TEMPLATE0
+#define FWPM_FILTER_CHANGE FWPM_FILTER_CHANGE0
+#define FWPM_FILTER_SUBSCRIPTION FWPM_FILTER_SUBSCRIPTION0
+#define FWPM_LAYER_STATISTICS FWPM_LAYER_STATISTICS0
+#define FWPM_STATISTICS FWPM_STATISTICS0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_NET_EVENT_HEADER FWPM_NET_EVENT_HEADER1
+#define FWPM_NET_EVENT_IKEEXT_MM_FAILURE FWPM_NET_EVENT_IKEEXT_MM_FAILURE1
+#define FWPM_NET_EVENT_IKEEXT_EM_FAILURE FWPM_NET_EVENT_IKEEXT_EM_FAILURE1
+#else
+#define FWPM_NET_EVENT_HEADER FWPM_NET_EVENT_HEADER0
+#define FWPM_NET_EVENT_IKEEXT_MM_FAILURE FWPM_NET_EVENT_IKEEXT_MM_FAILURE0
+#define FWPM_NET_EVENT_IKEEXT_EM_FAILURE FWPM_NET_EVENT_IKEEXT_EM_FAILURE0
+#endif
+#define FWPM_NET_EVENT_IKEEXT_QM_FAILURE FWPM_NET_EVENT_IKEEXT_QM_FAILURE0
+#define FWPM_NET_EVENT_IPSEC_KERNEL_DROP FWPM_NET_EVENT_IPSEC_KERNEL_DROP0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_NET_EVENT_CLASSIFY_DROP FWPM_NET_EVENT_CLASSIFY_DROP1
+#define FWPM_NET_EVENT_IPSEC_DOSP_DROP FWPM_NET_EVENT_IPSEC_DOSP_DROP0
+#define FWPM_NET_EVENT FWPM_NET_EVENT1
+#else
+#define FWPM_NET_EVENT_CLASSIFY_DROP FWPM_NET_EVENT_CLASSIFY_DROP0
+#define FWPM_NET_EVENT FWPM_NET_EVENT0
+#endif
+#define FWPM_NET_EVENT_ENUM_TEMPLATE FWPM_NET_EVENT_ENUM_TEMPLATE0
+#define FWPM_NET_EVENT_SUBSCRIPTION FWPM_NET_EVENT_SUBSCRIPTION0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_SYSTEM_PORTS_BY_TYPE FWPM_SYSTEM_PORTS_BY_TYPE0
+#define FWPM_SYSTEM_PORTS FWPM_SYSTEM_PORTS0
+#endif
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Version independent definitions for Fwpstypes.
+//
+///////////////////////////////////////////////////////////////////////////////
+#define FWPS_FILTER_CONDITION FWPS_FILTER_CONDITION0
+#define FWPS_ACTION FWPS_ACTION0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPS_FILTER FWPS_FILTER1
+#else
+#define FWPS_FILTER FWPS_FILTER0
+#endif
+#define FWPS_INCOMING_VALUE FWPS_INCOMING_VALUE0
+#define FWPS_INCOMING_VALUES FWPS_INCOMING_VALUES0
+#define FWPS_DISCARD_METADATA FWPS_DISCARD_METADATA0
+#define FWPS_INBOUND_FRAGMENT_METADATA FWPS_INBOUND_FRAGMENT_METADATA0
+#define FWPS_CLASSIFY_OUT FWPS_CLASSIFY_OUT0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPS_ALE_ENDPOINT_PROPERTIES FWPS_ALE_ENDPOINT_PROPERTIES0
+#define FWPS_ALE_ENDPOINT_ENUM_TEMPLATE FWPS_ALE_ENDPOINT_ENUM_TEMPLATE0
+#endif
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Version independent definitions for Fwptypes.
+//
+///////////////////////////////////////////////////////////////////////////////
+#define FWP_VALUE  FWP_VALUE0
+#define FWP_RANGE  FWP_RANGE0
+#define FWP_CONDITION_VALUE  FWP_CONDITION_VALUE0
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Version independent definitions for Iketypes.
+//
+///////////////////////////////////////////////////////////////////////////////
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_PRESHARED_KEY_AUTHENTICATION IKEEXT_PRESHARED_KEY_AUTHENTICATION1
+#else
+#define IKEEXT_PRESHARED_KEY_AUTHENTICATION IKEEXT_PRESHARED_KEY_AUTHENTICATION0
+#endif
+#define IKEEXT_CERT_ROOT_CONFIG IKEEXT_CERT_ROOT_CONFIG0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_CERTIFICATE_AUTHENTICATION IKEEXT_CERTIFICATE_AUTHENTICATION1
+#else
+#define IKEEXT_CERTIFICATE_AUTHENTICATION IKEEXT_CERTIFICATE_AUTHENTICATION0
+#endif
+#define IKEEXT_IPV6_CGA_AUTHENTICATION IKEEXT_IPV6_CGA_AUTHENTICATION0
+#define IKEEXT_KERBEROS_AUTHENTICATION IKEEXT_KERBEROS_AUTHENTICATION0
+#define IKEEXT_NTLM_V2_AUTHENTICATION IKEEXT_NTLM_V2_AUTHENTICATION0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_EAP_AUTHENTICATION IKEEXT_EAP_AUTHENTICATION0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_AUTHENTICATION_METHOD IKEEXT_AUTHENTICATION_METHOD1
+#else
+#define IKEEXT_AUTHENTICATION_METHOD IKEEXT_AUTHENTICATION_METHOD0
+#endif
+#define IKEEXT_CIPHER_ALGORITHM IKEEXT_CIPHER_ALGORITHM0
+#define IKEEXT_INTEGRITY_ALGORITHM IKEEXT_INTEGRITY_ALGORITHM0
+#define IKEEXT_PROPOSAL IKEEXT_PROPOSAL0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_POLICY IKEEXT_POLICY1
+#else
+#define IKEEXT_POLICY IKEEXT_POLICY0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_EM_POLICY IKEEXT_EM_POLICY1
+#else
+#define IKEEXT_EM_POLICY IKEEXT_EM_POLICY0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1
+#else
+#define IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_KEYMODULE_STATISTICS IKEEXT_KEYMODULE_STATISTICS1
+#else
+#define IKEEXT_KEYMODULE_STATISTICS IKEEXT_KEYMODULE_STATISTICS0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1
+#else
+#define IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_COMMON_STATISTICS IKEEXT_COMMON_STATISTICS1
+#else
+#define IKEEXT_COMMON_STATISTICS IKEEXT_COMMON_STATISTICS0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_STATISTICS IKEEXT_STATISTICS1
+#else
+#define IKEEXT_STATISTICS IKEEXT_STATISTICS0
+#endif
+#define IKEEXT_TRAFFIC IKEEXT_TRAFFIC0
+#define IKEEXT_COOKIE_PAIR IKEEXT_COOKIE_PAIR0
+#define IKEEXT_NAME_CREDENTIAL IKEEXT_NAME_CREDENTIAL0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_CERTIFICATE_CREDENTIAL IKEEXT_CERTIFICATE_CREDENTIAL1
+#define IKEEXT_CREDENTIAL IKEEXT_CREDENTIAL1
+#define IKEEXT_CREDENTIAL_PAIR IKEEXT_CREDENTIAL_PAIR1
+#define IKEEXT_CREDENTIALS IKEEXT_CREDENTIALS1
+#else
+#define IKEEXT_CERTIFICATE_CREDENTIAL IKEEXT_CERTIFICATE_CREDENTIAL0
+#define IKEEXT_CREDENTIAL IKEEXT_CREDENTIAL0
+#define IKEEXT_CREDENTIAL_PAIR IKEEXT_CREDENTIAL_PAIR0
+#define IKEEXT_CREDENTIALS IKEEXT_CREDENTIALS0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_SA_DETAILS IKEEXT_SA_DETAILS1
+#else
+#define IKEEXT_SA_DETAILS IKEEXT_SA_DETAILS0
+#endif
+#define IKEEXT_SA_ENUM_TEMPLATE IKEEXT_SA_ENUM_TEMPLATE0
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Version independent definitions for Ipsectypes.
+//
+///////////////////////////////////////////////////////////////////////////////
+#define IPSEC_SA_LIFETIME IPSEC_SA_LIFETIME0
+#define IPSEC_AUTH_TRANSFORM_ID IPSEC_AUTH_TRANSFORM_ID0
+#define IPSEC_AUTH_TRANSFORM IPSEC_AUTH_TRANSFORM0
+#define IPSEC_CIPHER_TRANSFORM_ID IPSEC_CIPHER_TRANSFORM_ID0
+#define IPSEC_CIPHER_TRANSFORM IPSEC_CIPHER_TRANSFORM0
+#define IPSEC_AUTH_AND_CIPHER_TRANSFORM IPSEC_AUTH_AND_CIPHER_TRANSFORM0
+#define IPSEC_SA_TRANSFORM IPSEC_SA_TRANSFORM0
+#define IPSEC_PROPOSAL IPSEC_PROPOSAL0
+#define IPSEC_SA_IDLE_TIMEOUT IPSEC_SA_IDLE_TIMEOUT0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_TRANSPORT_POLICY IPSEC_TRANSPORT_POLICY1
+#define IPSEC_TUNNEL_ENDPOINTS IPSEC_TUNNEL_ENDPOINTS1
+#define IPSEC_TUNNEL_POLICY IPSEC_TUNNEL_POLICY1
+#else
+#define IPSEC_TRANSPORT_POLICY IPSEC_TRANSPORT_POLICY0
+#define IPSEC_TUNNEL_ENDPOINTS IPSEC_TUNNEL_ENDPOINTS0
+#define IPSEC_TUNNEL_POLICY IPSEC_TUNNEL_POLICY0
+#endif
+#define IPSEC_KEYING_POLICY IPSEC_KEYING_POLICY0
+#define IPSEC_AGGREGATE_SA_STATISTICS IPSEC_AGGREGATE_SA_STATISTICS0
+#define IPSEC_ESP_DROP_PACKET_STATISTICS IPSEC_ESP_DROP_PACKET_STATISTICS0
+#define IPSEC_AH_DROP_PACKET_STATISTICS IPSEC_AH_DROP_PACKET_STATISTICS0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_AGGREGATE_DROP_PACKET_STATISTICS IPSEC_AGGREGATE_DROP_PACKET_STATISTICS1
+#define IPSEC_TRAFFIC_STATISTICS IPSEC_TRAFFIC_STATISTICS1
+#define IPSEC_STATISTICS IPSEC_STATISTICS1
+#else
+#define IPSEC_AGGREGATE_DROP_PACKET_STATISTICS IPSEC_AGGREGATE_DROP_PACKET_STATISTICS0
+#define IPSEC_TRAFFIC_STATISTICS IPSEC_TRAFFIC_STATISTICS0
+#define IPSEC_STATISTICS IPSEC_STATISTICS0
+#endif
+#define IPSEC_SA_AUTH_INFORMATION IPSEC_SA_AUTH_INFORMATION0
+#define IPSEC_SA_CIPHER_INFORMATION IPSEC_SA_CIPHER_INFORMATION0
+#define IPSEC_SA_AUTH_AND_CIPHER_INFORMATION IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0
+#define IPSEC_SA IPSEC_SA0
+#define IPSEC_KEYMODULE_STATE IPSEC_KEYMODULE_STATE0
+#define IPSEC_TOKEN IPSEC_TOKEN0
+#define IPSEC_ID IPSEC_ID0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_TRAFFIC IPSEC_TRAFFIC1
+#define IPSEC_SA_BUNDLE IPSEC_SA_BUNDLE1
+#else
+#define IPSEC_TRAFFIC IPSEC_TRAFFIC0
+#define IPSEC_SA_BUNDLE IPSEC_SA_BUNDLE0
+#endif
+#define IPSEC_V4_UDP_ENCAPSULATION IPSEC_V4_UDP_ENCAPSULATION0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_GETSPI IPSEC_GETSPI1
+#define IPSEC_SA_DETAILS IPSEC_SA_DETAILS1
+#define IPSEC_SA_CONTEXT IPSEC_SA_CONTEXT1
+#else
+#define IPSEC_GETSPI IPSEC_GETSPI0
+#define IPSEC_SA_DETAILS IPSEC_SA_DETAILS0
+#define IPSEC_SA_CONTEXT IPSEC_SA_CONTEXT0
+#endif
+#define IPSEC_SA_CONTEXT_ENUM_TEMPLATE IPSEC_SA_CONTEXT_ENUM_TEMPLATE0
+#define IPSEC_SA_ENUM_TEMPLATE IPSEC_SA_ENUM_TEMPLATE0
+#define IPSEC_ADDRESS_INFO IPSEC_ADDRESS_INFO0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_VIRTUAL_IF_TUNNEL_INFO IPSEC_VIRTUAL_IF_TUNNEL_INFO0
+#define IPSEC_DOSP_OPTIONS IPSEC_DOSP_OPTIONS0
+#define IPSEC_DOSP_STATISTICS IPSEC_DOSP_STATISTICS0
+#define IPSEC_DOSP_STATE IPSEC_DOSP_STATE0
+#define IPSEC_DOSP_STATE_ENUM_TEMPLATE IPSEC_DOSP_STATE_ENUM_TEMPLATE0
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Version independent definitions for Fwpmu / Fwpmk
+//
+///////////////////////////////////////////////////////////////////////////////
+#define FWPM_SERVICE_STATE_CHANGE_CALLBACK FWPM_SERVICE_STATE_CHANGE_CALLBACK0
+#define FwpmFreeMemory FwpmFreeMemory0
+#define FwpmBfeStateGet FwpmBfeStateGet0
+#define FwpmBfeStateSubscribeChanges FwpmBfeStateSubscribeChanges0
+#define FwpmBfeStateUnsubscribeChanges FwpmBfeStateUnsubscribeChanges0
+#define FwpmEngineOpen FwpmEngineOpen0
+#define FwpmEngineClose FwpmEngineClose0
+#define FwpmEngineGetOption FwpmEngineGetOption0
+#define FwpmEngineSetOption FwpmEngineSetOption0
+#define FwpmEngineGetSecurityInfo FwpmEngineGetSecurityInfo0
+#define FwpmEngineSetSecurityInfo FwpmEngineSetSecurityInfo0
+#define FwpmSessionCreateEnumHandle FwpmSessionCreateEnumHandle0
+#define FwpmSessionEnum FwpmSessionEnum0
+#define FwpmSessionDestroyEnumHandle FwpmSessionDestroyEnumHandle0
+#define FwpmTransactionBegin FwpmTransactionBegin0
+#define FwpmTransactionCommit FwpmTransactionCommit0
+#define FwpmTransactionAbort FwpmTransactionAbort0
+#define FwpmProviderAdd FwpmProviderAdd0
+#define FwpmProviderDeleteByKey FwpmProviderDeleteByKey0
+#define FwpmProviderGetByKey FwpmProviderGetByKey0
+#define FwpmProviderCreateEnumHandle FwpmProviderCreateEnumHandle0
+#define FwpmProviderEnum FwpmProviderEnum0
+#define FwpmProviderDestroyEnumHandle FwpmProviderDestroyEnumHandle0
+#define FwpmProviderGetSecurityInfoByKey FwpmProviderGetSecurityInfoByKey0
+#define FwpmProviderSetSecurityInfoByKey FwpmProviderSetSecurityInfoByKey0
+#define FWPM_PROVIDER_CHANGE_CALLBACK FWPM_PROVIDER_CHANGE_CALLBACK0
+#define FwpmProviderSubscribeChanges FwpmProviderSubscribeChanges0
+#define FwpmProviderUnsubscribeChanges FwpmProviderUnsubscribeChanges0
+#define FwpmProviderSubscriptionsGet FwpmProviderSubscriptionsGet0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpmProviderContextAdd FwpmProviderContextAdd1
+#define FwpmProviderContextGetById FwpmProviderContextGetById1
+#define FwpmProviderContextGetByKey FwpmProviderContextGetByKey1
+#define FwpmProviderContextEnum FwpmProviderContextEnum1
+#else
+#define FwpmProviderContextAdd FwpmProviderContextAdd0
+#define FwpmProviderContextGetById FwpmProviderContextGetById0
+#define FwpmProviderContextGetByKey FwpmProviderContextGetByKey0
+#define FwpmProviderContextEnum FwpmProviderContextEnum0
+#endif
+#define FwpmProviderContextDeleteById FwpmProviderContextDeleteById0
+#define FwpmProviderContextDeleteByKey FwpmProviderContextDeleteByKey0
+#define FwpmProviderContextCreateEnumHandle FwpmProviderContextCreateEnumHandle0
+#define FwpmProviderContextDestroyEnumHandle FwpmProviderContextDestroyEnumHandle0
+#define FwpmProviderContextGetSecurityInfoByKey FwpmProviderContextGetSecurityInfoByKey0
+#define FwpmProviderContextSetSecurityInfoByKey FwpmProviderContextSetSecurityInfoByKey0
+#define FWPM_PROVIDER_CONTEXT_CHANGE_CALLBACK FWPM_PROVIDER_CONTEXT_CHANGE_CALLBACK0
+#define FwpmProviderContextSubscribeChanges FwpmProviderContextSubscribeChanges0
+#define FwpmProviderContextUnsubscribeChanges FwpmProviderContextUnsubscribeChanges0
+#define FwpmProviderContextSubscriptionsGet FwpmProviderContextSubscriptionsGet0
+#define FwpmSubLayerAdd FwpmSubLayerAdd0
+#define FwpmSubLayerDeleteByKey FwpmSubLayerDeleteByKey0
+#define FwpmSubLayerGetByKey FwpmSubLayerGetByKey0
+#define FwpmSubLayerCreateEnumHandle FwpmSubLayerCreateEnumHandle0
+#define FwpmSubLayerEnum FwpmSubLayerEnum0
+#define FwpmSubLayerDestroyEnumHandle FwpmSubLayerDestroyEnumHandle0
+#define FwpmSubLayerGetSecurityInfoByKey FwpmSubLayerGetSecurityInfoByKey0
+#define FwpmSubLayerSetSecurityInfoByKey FwpmSubLayerSetSecurityInfoByKey0
+#define FWPM_SUBLAYER_CHANGE_CALLBACK FWPM_SUBLAYER_CHANGE_CALLBACK0
+#define FwpmSubLayerSubscribeChanges FwpmSubLayerSubscribeChanges0
+#define FwpmSubLayerUnsubscribeChanges FwpmSubLayerUnsubscribeChanges0
+#define FwpmSubLayerSubscriptionsGet FwpmSubLayerSubscriptionsGet0
+#define FwpmLayerGetById FwpmLayerGetById0
+#define FwpmLayerGetByKey FwpmLayerGetByKey0
+#define FwpmLayerCreateEnumHandle FwpmLayerCreateEnumHandle0
+#define FwpmLayerEnum FwpmLayerEnum0
+#define FwpmLayerDestroyEnumHandle FwpmLayerDestroyEnumHandle0
+#define FwpmLayerGetSecurityInfoByKey FwpmLayerGetSecurityInfoByKey0
+#define FwpmLayerSetSecurityInfoByKey FwpmLayerSetSecurityInfoByKey0
+#define FwpmCalloutAdd FwpmCalloutAdd0
+#define FwpmCalloutDeleteById FwpmCalloutDeleteById0
+#define FwpmCalloutDeleteByKey FwpmCalloutDeleteByKey0
+#define FwpmCalloutGetById FwpmCalloutGetById0
+#define FwpmCalloutGetByKey FwpmCalloutGetByKey0
+#define FwpmCalloutCreateEnumHandle FwpmCalloutCreateEnumHandle0
+#define FwpmCalloutEnum FwpmCalloutEnum0
+#define FwpmCalloutDestroyEnumHandle FwpmCalloutDestroyEnumHandle0
+#define FwpmCalloutGetSecurityInfoByKey FwpmCalloutGetSecurityInfoByKey0
+#define FwpmCalloutSetSecurityInfoByKey FwpmCalloutSetSecurityInfoByKey0
+#define FWPM_CALLOUT_CHANGE_CALLBACK FWPM_CALLOUT_CHANGE_CALLBACK0
+#define FwpmCalloutSubscribeChanges FwpmCalloutSubscribeChanges0
+#define FwpmCalloutUnsubscribeChanges FwpmCalloutUnsubscribeChanges0
+#define FwpmCalloutSubscriptionsGet FwpmCalloutSubscriptionsGet0
+#define FwpmFilterAdd FwpmFilterAdd0
+#define FwpmFilterDeleteById FwpmFilterDeleteById0
+#define FwpmFilterDeleteByKey FwpmFilterDeleteByKey0
+#define FwpmFilterGetById FwpmFilterGetById0
+#define FwpmFilterGetByKey FwpmFilterGetByKey0
+#define FwpmFilterCreateEnumHandle FwpmFilterCreateEnumHandle0
+#define FwpmFilterEnum FwpmFilterEnum0
+#define FwpmFilterDestroyEnumHandle FwpmFilterDestroyEnumHandle0
+#define FwpmFilterGetSecurityInfoByKey FwpmFilterGetSecurityInfoByKey0
+#define FwpmFilterSetSecurityInfoByKey FwpmFilterSetSecurityInfoByKey0
+#define FWPM_FILTER_CHANGE_CALLBACK FWPM_FILTER_CHANGE_CALLBACK0
+#define FwpmFilterSubscribeChanges FwpmFilterSubscribeChanges0
+#define FwpmFilterUnsubscribeChanges FwpmFilterUnsubscribeChanges0
+#define FwpmFilterSubscriptionsGet FwpmFilterSubscriptionsGet0
+#define FwpmGetAppIdFromFileName FwpmGetAppIdFromFileName0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpmIPsecTunnelAdd FwpmIPsecTunnelAdd1
+#else
+#define FwpmIPsecTunnelAdd FwpmIPsecTunnelAdd0
+#endif
+#define FwpmIPsecTunnelDeleteByKey FwpmIPsecTunnelDeleteByKey0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPsecGetStatistics IPsecGetStatistics1
+#define IPsecSaContextCreate IPsecSaContextCreate1
+#else
+#define IPsecGetStatistics IPsecGetStatistics0
+#define IPsecSaContextCreate IPsecSaContextCreate0
+#endif
+#define IPsecSaContextDeleteById IPsecSaContextDeleteById0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPsecSaContextGetById IPsecSaContextGetById1
+#define IPsecSaContextGetSpi IPsecSaContextGetSpi1
+#define IPsecSaContextSetSpi IPsecSaContextSetSpi0
+#define IPsecSaContextAddInbound IPsecSaContextAddInbound1
+#define IPsecSaContextAddOutbound IPsecSaContextAddOutbound1
+#else
+#define IPsecSaContextGetById IPsecSaContextGetById0
+#define IPsecSaContextGetSpi IPsecSaContextGetSpi0
+#define IPsecSaContextAddInbound IPsecSaContextAddInbound0
+#define IPsecSaContextAddOutbound IPsecSaContextAddOutbound0
+#endif
+#define IPsecSaContextExpire IPsecSaContextExpire0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPsecSaContextUpdate IPsecSaContextUpdate0
+#endif
+#define IPsecSaContextCreateEnumHandle IPsecSaContextCreateEnumHandle0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPsecSaContextEnum IPsecSaContextEnum1
+#else
+#define IPsecSaContextEnum IPsecSaContextEnum0
+#endif
+#define IPsecSaContextDestroyEnumHandle IPsecSaContextDestroyEnumHandle0
+#define IPsecSaCreateEnumHandle IPsecSaCreateEnumHandle0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPsecSaEnum IPsecSaEnum1
+#else
+#define IPsecSaEnum IPsecSaEnum0
+#endif
+#define IPsecSaDestroyEnumHandle IPsecSaDestroyEnumHandle0
+#define IPsecSaDbGetSecurityInfo IPsecSaDbGetSecurityInfo0
+#define IPsecSaDbSetSecurityInfo IPsecSaDbSetSecurityInfo0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPsecDospGetStatistics IPsecDospGetStatistics0
+#define IPsecDospStateCreateEnumHandle IPsecDospStateCreateEnumHandle0
+#define IPsecDospStateEnum IPsecDospStateEnum0
+#define IPsecDospStateDestroyEnumHandle IPsecDospStateDestroyEnumHandle0
+#define IPsecDospGetSecurityInfo IPsecDospGetSecurityInfo0
+#define IPsecDospSetSecurityInfo IPsecDospSetSecurityInfo0
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IkeextGetStatistics IkeextGetStatistics1
+#else
+#define IkeextGetStatistics IkeextGetStatistics0
+#endif
+#define IkeextSaDeleteById IkeextSaDeleteById0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IkeextSaGetById IkeextSaGetById1
+#else
+#define IkeextSaGetById IkeextSaGetById0
+#endif
+#define IkeextSaCreateEnumHandle IkeextSaCreateEnumHandle0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IkeextSaEnum IkeextSaEnum1
+#else
+#define IkeextSaEnum IkeextSaEnum0
+#endif
+#define IkeextSaDestroyEnumHandle IkeextSaDestroyEnumHandle0
+#define IkeextSaDbGetSecurityInfo IkeextSaDbGetSecurityInfo0
+#define IkeextSaDbSetSecurityInfo IkeextSaDbSetSecurityInfo0
+#define FwpmNetEventCreateEnumHandle FwpmNetEventCreateEnumHandle0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpmNetEventEnum FwpmNetEventEnum1
+#else
+#define FwpmNetEventEnum FwpmNetEventEnum0
+#endif
+#define FwpmNetEventDestroyEnumHandle FwpmNetEventDestroyEnumHandle0
+#define FwpmNetEventsGetSecurityInfo FwpmNetEventsGetSecurityInfo0
+#define FwpmNetEventsSetSecurityInfo FwpmNetEventsSetSecurityInfo0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPM_NET_EVENT_CALLBACK FWPM_NET_EVENT_CALLBACK0
+#define FwpmNetEventSubscribe FwpmNetEventSubscribe0
+#define FwpmNetEventUnsubscribe FwpmNetEventUnsubscribe0
+#define FwpmNetEventSubscriptionsGet FwpmNetEventSubscriptionsGet0
+#define FwpmSystemPortsGet FwpmSystemPortsGet0
+#define FWPM_SYSTEM_PORTS_CALLBACK FWPM_SYSTEM_PORTS_CALLBACK0
+#define FwpmSystemPortsSubscribe FwpmSystemPortsSubscribe0
+#define FwpmSystemPortsUnsubscribe FwpmSystemPortsUnsubscribe0
+#endif
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// Version independent definitions for Fwpsu / Fwpsk
+//
+///////////////////////////////////////////////////////////////////////////////
+#define FWPS_INCOMING_METADATA_VALUES FWPS_INCOMING_METADATA_VALUES0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPS_CALLOUT_CLASSIFY_FN FWPS_CALLOUT_CLASSIFY_FN1
+#else
+#define FWPS_CALLOUT_CLASSIFY_FN FWPS_CALLOUT_CLASSIFY_FN0
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPS_CALLOUT_NOTIFY_FN FWPS_CALLOUT_NOTIFY_FN1
+#else
+#define FWPS_CALLOUT_NOTIFY_FN FWPS_CALLOUT_NOTIFY_FN0
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPS_CALLOUT_FLOW_DELETE_NOTIFY_FN FWPS_CALLOUT_FLOW_DELETE_NOTIFY_FN0
+#define FWPS_CALLOUT_BOOTTIME_CALLOUT_DELETE_NOTIFY_FN FWPS_CALLOUT_BOOTTIME_CALLOUT_DELETE_NOTIFY_FN0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPS_CALLOUT FWPS_CALLOUT1
+#else
+#define FWPS_CALLOUT FWPS_CALLOUT0
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpsCalloutRegister FwpsCalloutRegister1
+#else
+#define FwpsCalloutRegister FwpsCalloutRegister0
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpsCalloutUnregisterById FwpsCalloutUnregisterById0
+#define FwpsCalloutUnregisterByKey FwpsCalloutUnregisterByKey0
+#define FwpsFlowAssociateContext FwpsFlowAssociateContext0
+#define FwpsFlowRemoveContext FwpsFlowRemoveContext0
+#define FWPS_PACKET_LIST_INBOUND_IPSEC_INFORMATION FWPS_PACKET_LIST_INBOUND_IPSEC_INFORMATION0
+#define FWPS_PACKET_LIST_OUTBOUND_IPSEC_INFORMATION FWPS_PACKET_LIST_OUTBOUND_IPSEC_INFORMATION0
+#define FWPS_PACKET_LIST_IPSEC_INFORMATION FWPS_PACKET_LIST_IPSEC_INFORMATION0
+#define FWPS_PACKET_LIST_FWP_INFORMATION FWPS_PACKET_LIST_FWP_INFORMATION0
+#define FWPS_PACKET_LIST_INFORMATION FWPS_PACKET_LIST_INFORMATION0
+#define FwpsGetPacketListSecurityInformation FwpsGetPacketListSecurityInformation0
+#define FwpsPendOperation FwpsPendOperation0
+#define FwpsCompleteOperation FwpsCompleteOperation0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpsAcquireClassifyHandle FwpsAcquireClassifyHandle0
+#define FwpsReleaseClassifyHandle FwpsReleaseClassifyHandle0
+#define FwpsPendClassify FwpsPendClassify0
+#define FwpsCompleteClassify FwpsCompleteClassify0
+#define FwpsAcquireWritableLayerDataPointer FwpsAcquireWritableLayerDataPointer0
+#define FwpsApplyModifiedLayerData FwpsApplyModifiedLayerData0
+#define FWPS_CONNECT_REQUEST FWPS_CONNECT_REQUEST0
+#define FWPS_BIND_REQUEST FWPS_BIND_REQUEST0
+#define FWPS_NET_BUFFER_LIST_EVENT_TYPE FWPS_NET_BUFFER_LIST_EVENT_TYPE0
+#define FWPS_NET_BUFFER_LIST_NOTIFY_FN FWPS_NET_BUFFER_LIST_NOTIFY_FN0
+#define FwpsNetBufferListGetTagForContext FwpsNetBufferListGetTagForContext0
+#define FwpsNetBufferListAssociateContext FwpsNetBufferListAssociateContext0
+#define FwpsNetBufferListRetrieveContext FwpsNetBufferListRetrieveContext0
+#define FwpsNetBufferListRemoveContext FwpsNetBufferListRemoveContext0
+#define FwpsOpenToken FwpsOpenToken0
+#define FwpsAleEndpointGetById FwpsAleEndpointGetById0
+#define FwpsAleEndpointCreateEnumHandle FwpsAleEndpointCreateEnumHandle0
+#define FwpsAleEndpointEnum FwpsAleEndpointEnum0
+#define FwpsAleEndpointDestroyEnumHandle FwpsAleEndpointDestroyEnumHandle0
+#define FwpsAleEndpointGetSecurityInfo FwpsAleEndpointGetSecurityInfo0
+#define FwpsAleEndpointSetSecurityInfo FwpsAleEndpointSetSecurityInfo0
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpsClassifyOptionSet FwpsClassifyOptionSet0
+#define FwpsInjectionHandleCreate FwpsInjectionHandleCreate0
+#define FwpsInjectionHandleDestroy FwpsInjectionHandleDestroy0
+#define FWPS_INJECT_COMPLETE FWPS_INJECT_COMPLETE0
+#define FwpsAllocateNetBufferAndNetBufferList FwpsAllocateNetBufferAndNetBufferList0
+#define FwpsFreeNetBufferList FwpsFreeNetBufferList0
+#define FwpsAllocateCloneNetBufferList FwpsAllocateCloneNetBufferList0
+#define FwpsFreeCloneNetBufferList FwpsFreeCloneNetBufferList0
+#define FwpsReassembleForwardFragmentGroup FwpsReassembleForwardFragmentGroup0
+#define FwpsInjectNetworkSendAsync FwpsInjectNetworkSendAsync0
+#define FwpsInjectForwardAsync FwpsInjectForwardAsync0
+#define FwpsConstructIpHeaderForTransportPacket FwpsConstructIpHeaderForTransportPacket0
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define FWPS_TRANSPORT_SEND_PARAMS FWPS_TRANSPORT_SEND_PARAMS1
+#define FwpsInjectTransportSendAsync FwpsInjectTransportSendAsync1
+#else
+#define FWPS_TRANSPORT_SEND_PARAMS FWPS_TRANSPORT_SEND_PARAMS0
+#define FwpsInjectTransportSendAsync FwpsInjectTransportSendAsync0
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#define FwpsInjectTransportReceiveAsync FwpsInjectTransportReceiveAsync0
+#define FwpsInjectNetworkReceiveAsync FwpsInjectNetworkReceiveAsync0
+#define FwpsReferenceNetBufferList FwpsReferenceNetBufferList0
+#define FwpsDereferenceNetBufferList FwpsDereferenceNetBufferList0
+#define FwpsQueryPacketInjectionState FwpsQueryPacketInjectionState0
+#define FWPS_STREAM_DATA_OFFSET FWPS_STREAM_DATA_OFFSET0
+#define FWPS_STREAM_DATA FWPS_STREAM_DATA0
+#define FWPS_STREAM_CALLOUT_IO_PACKET FWPS_STREAM_CALLOUT_IO_PACKET0
+#define FwpsStreamInjectAsync FwpsStreamInjectAsync0
+#define FwpsStreamContinue FwpsStreamContinue0
+#define FwpsCopyStreamDataToBuffer FwpsCopyStreamDataToBuffer0
+#define FwpsCloneStreamData FwpsCloneStreamData0
+#define FwpsDiscardClonedStreamData FwpsDiscardClonedStreamData0
+
+#endif // FWPVI_H
+#endif // (NTDDI_VERSION >= NTDDI_WIN6)
+
+

src/Mayaqua/fixed_iketypes.h

@@ -0,0 +1,690 @@
+
+
+/* this ALWAYS GENERATED file contains the definitions for the interfaces */
+
+
+ /* File created by MIDL compiler version 7.00.0555 */
+/* Compiler settings for iketypes.idl:
+    Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 7.00.0555 
+    protocol : dce , ms_ext, c_ext, robust
+    error checks: allocation ref bounds_check enum stub_data 
+    VC __declspec() decoration level: 
+         __declspec(uuid()), __declspec(selectany), __declspec(novtable)
+         DECLSPEC_UUID(), MIDL_INTERFACE()
+*/
+/* @@MIDL_FILE_HEADING(  ) */
+
+#pragma warning( disable: 4049 )  /* more than 64k source lines */
+
+
+/* verify that the <rpcndr.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCNDR_H_VERSION__
+#define __REQUIRED_RPCNDR_H_VERSION__ 500
+#endif
+
+/* verify that the <rpcsal.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCSAL_H_VERSION__
+#define __REQUIRED_RPCSAL_H_VERSION__ 100
+#endif
+
+#include "rpc.h"
+#include "rpcndr.h"
+
+#ifndef __RPCNDR_H_VERSION__
+#error this stub requires an updated version of <rpcndr.h>
+#endif // __RPCNDR_H_VERSION__
+
+
+#ifndef __iketypes_h__
+#define __iketypes_h__
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1020)
+#pragma once
+#endif
+
+/* Forward Declarations */ 
+
+/* header files for imported files */
+#include "fixed_fwptypes.h"
+
+#ifdef __cplusplus
+extern "C"{
+#endif 
+
+
+/* interface __MIDL_itf_iketypes_0000_0000 */
+/* [local] */ 
+
+#pragma once
+#pragma once
+#pragma once
+#pragma once
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(push)
+#endif
+#pragma warning(disable:4201)
+#endif
+typedef struct IPSEC_V4_UDP_ENCAPSULATION0_ IPSEC_V4_UDP_ENCAPSULATION0;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_KEY_MODULE_TYPE_
+    {	IKEEXT_KEY_MODULE_IKE	= 0,
+	IKEEXT_KEY_MODULE_AUTHIP	= ( IKEEXT_KEY_MODULE_IKE + 1 ) ,
+	IKEEXT_KEY_MODULE_IKEV2	= ( IKEEXT_KEY_MODULE_AUTHIP + 1 ) ,
+	IKEEXT_KEY_MODULE_MAX	= ( IKEEXT_KEY_MODULE_IKEV2 + 1 ) 
+    } 	IKEEXT_KEY_MODULE_TYPE;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_AUTHENTICATION_METHOD_TYPE_
+    {	IKEEXT_PRESHARED_KEY	= 0,
+	IKEEXT_CERTIFICATE	= ( IKEEXT_PRESHARED_KEY + 1 ) ,
+	IKEEXT_KERBEROS	= ( IKEEXT_CERTIFICATE + 1 ) ,
+	IKEEXT_ANONYMOUS	= ( IKEEXT_KERBEROS + 1 ) ,
+	IKEEXT_SSL	= ( IKEEXT_ANONYMOUS + 1 ) ,
+	IKEEXT_NTLM_V2	= ( IKEEXT_SSL + 1 ) ,
+	IKEEXT_IPV6_CGA	= ( IKEEXT_NTLM_V2 + 1 ) ,
+	IKEEXT_CERTIFICATE_ECDSA_P256	= ( IKEEXT_IPV6_CGA + 1 ) ,
+	IKEEXT_CERTIFICATE_ECDSA_P384	= ( IKEEXT_CERTIFICATE_ECDSA_P256 + 1 ) ,
+	IKEEXT_SSL_ECDSA_P256	= ( IKEEXT_CERTIFICATE_ECDSA_P384 + 1 ) ,
+	IKEEXT_SSL_ECDSA_P384	= ( IKEEXT_SSL_ECDSA_P256 + 1 ) ,
+	IKEEXT_EAP	= ( IKEEXT_SSL_ECDSA_P384 + 1 ) ,
+	IKEEXT_AUTHENTICATION_METHOD_TYPE_MAX	= ( IKEEXT_EAP + 1 ) 
+    } 	IKEEXT_AUTHENTICATION_METHOD_TYPE;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE_
+    {	IKEEXT_IMPERSONATION_NONE	= 0,
+	IKEEXT_IMPERSONATION_SOCKET_PRINCIPAL	= ( IKEEXT_IMPERSONATION_NONE + 1 ) ,
+	IKEEXT_IMPERSONATION_MAX	= ( IKEEXT_IMPERSONATION_SOCKET_PRINCIPAL + 1 ) 
+    } 	IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE;
+
+typedef struct IKEEXT_PRESHARED_KEY_AUTHENTICATION0__
+    {
+    FWP_BYTE_BLOB presharedKey;
+    } 	IKEEXT_PRESHARED_KEY_AUTHENTICATION0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_PSK_FLAG_LOCAL_AUTH_ONLY  (0x00000001)
+#define IKEEXT_PSK_FLAG_REMOTE_AUTH_ONLY  (0x00000002)
+typedef struct IKEEXT_PRESHARED_KEY_AUTHENTICATION1__
+    {
+    FWP_BYTE_BLOB presharedKey;
+    UINT32 flags;
+    } 	IKEEXT_PRESHARED_KEY_AUTHENTICATION1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_CERT_FLAG_ENABLE_ACCOUNT_MAPPING  (0x00000001)
+#define IKEEXT_CERT_FLAG_DISABLE_REQUEST_PAYLOAD (0x00000002)
+#define IKEEXT_CERT_FLAG_USE_NAP_CERTIFICATE     (0x00000004)
+#define IKEEXT_CERT_FLAG_INTERMEDIATE_CA         (0x00000008)
+#define IKEEXT_CERT_FLAG_IGNORE_INIT_CERT_MAP_FAILURE (0x00000010)
+#define IKEEXT_CERT_FLAG_PREFER_NAP_CERTIFICATE_OUTBOUND (0x00000020)
+typedef struct IKEEXT_CERT_ROOT_CONFIG0_
+    {
+    FWP_BYTE_BLOB certData;
+    UINT32 flags;
+    } 	IKEEXT_CERT_ROOT_CONFIG0;
+
+#define IKEEXT_CERT_AUTH_FLAG_SSL_ONE_WAY              (0x00000001)
+#define IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK        (0x00000002)
+#define IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG       (0x00000004)
+#define IKEEXT_CERT_AUTH_DISABLE_SSL_CERT_VALIDATION (0x00000008)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_CERT_AUTH_ALLOW_HTTP_CERT_LOOKUP  (0x00000010)
+#define IKEEXT_CERT_AUTH_URL_CONTAINS_BUNDLE  (0x00000020)
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef /* [v1_enum] */ 
+enum IKEEXT_CERT_CONFIG_TYPE_
+    {	IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST	= 0,
+	IKEEXT_CERT_CONFIG_ENTERPRISE_STORE	= ( IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST + 1 ) ,
+	IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE	= ( IKEEXT_CERT_CONFIG_ENTERPRISE_STORE + 1 ) ,
+	IKEEXT_CERT_CONFIG_UNSPECIFIED	= ( IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE + 1 ) ,
+	IKEEXT_CERT_CONFIG_TYPE_MAX	= ( IKEEXT_CERT_CONFIG_UNSPECIFIED + 1 ) 
+    } 	IKEEXT_CERT_CONFIG_TYPE;
+
+typedef struct IKEEXT_CERTIFICATE_AUTHENTICATION0_
+    {
+    IKEEXT_CERT_CONFIG_TYPE inboundConfigType;
+    union 
+        {
+        struct 
+            {
+            UINT32 inboundRootArraySize;
+            IKEEXT_CERT_ROOT_CONFIG0 *inboundRootArray;
+            } 	;
+        IKEEXT_CERT_ROOT_CONFIG0 *inboundEnterpriseStoreConfig;
+        IKEEXT_CERT_ROOT_CONFIG0 *inboundTrustedRootStoreConfig;
+        } 	;
+    IKEEXT_CERT_CONFIG_TYPE outboundConfigType;
+    union 
+        {
+        struct 
+            {
+            UINT32 outboundRootArraySize;
+            IKEEXT_CERT_ROOT_CONFIG0 *outboundRootArray;
+            } 	;
+        IKEEXT_CERT_ROOT_CONFIG0 *outboundEnterpriseStoreConfig;
+        IKEEXT_CERT_ROOT_CONFIG0 *outboundTrustedRootStoreConfig;
+        } 	;
+    UINT32 flags;
+    } 	IKEEXT_CERTIFICATE_AUTHENTICATION0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_CERTIFICATE_AUTHENTICATION1_
+    {
+    IKEEXT_CERT_CONFIG_TYPE inboundConfigType;
+    union 
+        {
+        struct 
+            {
+            UINT32 inboundRootArraySize;
+            IKEEXT_CERT_ROOT_CONFIG0 *inboundRootArray;
+            } 	;
+        IKEEXT_CERT_ROOT_CONFIG0 *inboundEnterpriseStoreConfig;
+        IKEEXT_CERT_ROOT_CONFIG0 *inboundTrustedRootStoreConfig;
+         /* Empty union arm */ 
+        } 	;
+    IKEEXT_CERT_CONFIG_TYPE outboundConfigType;
+    union 
+        {
+        struct 
+            {
+            UINT32 outboundRootArraySize;
+            IKEEXT_CERT_ROOT_CONFIG0 *outboundRootArray;
+            } 	;
+        IKEEXT_CERT_ROOT_CONFIG0 *outboundEnterpriseStoreConfig;
+        IKEEXT_CERT_ROOT_CONFIG0 *outboundTrustedRootStoreConfig;
+         /* Empty union arm */ 
+        } 	;
+    UINT32 flags;
+    FWP_BYTE_BLOB localCertLocationUrl;
+    } 	IKEEXT_CERTIFICATE_AUTHENTICATION1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_IPV6_CGA_AUTHENTICATION0_
+    {
+    wchar_t *keyContainerName;
+    wchar_t *cspName;
+    UINT32 cspType;
+    FWP_BYTE_ARRAY16 cgaModifier;
+    BYTE cgaCollisionCount;
+    } 	IKEEXT_IPV6_CGA_AUTHENTICATION0;
+
+#define IKEEXT_KERB_AUTH_DISABLE_INITIATOR_TOKEN_GENERATION (0x00000001)
+#define IKEEXT_KERB_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS (0x00000002)
+typedef struct IKEEXT_KERBEROS_AUTHENTICATION0__
+    {
+    UINT32 flags;
+    } 	IKEEXT_KERBEROS_AUTHENTICATION0;
+
+#define IKEEXT_NTLM_V2_AUTH_DONT_ACCEPT_EXPLICIT_CREDENTIALS (0x00000001)
+typedef struct IKEEXT_NTLM_V2_AUTHENTICATION0__
+    {
+    UINT32 flags;
+    } 	IKEEXT_NTLM_V2_AUTHENTICATION0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_EAP_FLAG_LOCAL_AUTH_ONLY  (0x00000001)
+#define IKEEXT_EAP_FLAG_REMOTE_AUTH_ONLY  (0x00000002)
+typedef struct IKEEXT_EAP_AUTHENTICATION0__
+    {
+    UINT32 flags;
+    } 	IKEEXT_EAP_AUTHENTICATION0;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_AUTHENTICATION_METHOD0_
+    {
+    IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
+    union 
+        {
+        IKEEXT_PRESHARED_KEY_AUTHENTICATION0 presharedKeyAuthentication;
+        IKEEXT_CERTIFICATE_AUTHENTICATION0 certificateAuthentication;
+        IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication;
+        IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication;
+         /* Empty union arm */ 
+        IKEEXT_CERTIFICATE_AUTHENTICATION0 sslAuthentication;
+        IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication;
+        } 	;
+    } 	IKEEXT_AUTHENTICATION_METHOD0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_AUTHENTICATION_METHOD1_
+    {
+    IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
+    union 
+        {
+        IKEEXT_PRESHARED_KEY_AUTHENTICATION1 presharedKeyAuthentication;
+        IKEEXT_CERTIFICATE_AUTHENTICATION1 certificateAuthentication;
+        IKEEXT_KERBEROS_AUTHENTICATION0 kerberosAuthentication;
+        IKEEXT_NTLM_V2_AUTHENTICATION0 ntlmV2Authentication;
+         /* Empty union arm */ 
+        IKEEXT_CERTIFICATE_AUTHENTICATION1 sslAuthentication;
+        IKEEXT_IPV6_CGA_AUTHENTICATION0 cgaAuthentication;
+        IKEEXT_EAP_AUTHENTICATION0 eapAuthentication;
+        } 	;
+    } 	IKEEXT_AUTHENTICATION_METHOD1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef /* [v1_enum] */ 
+enum IKEEXT_CIPHER_TYPE_
+    {	IKEEXT_CIPHER_DES	= 0,
+	IKEEXT_CIPHER_3DES	= ( IKEEXT_CIPHER_DES + 1 ) ,
+	IKEEXT_CIPHER_AES_128	= ( IKEEXT_CIPHER_3DES + 1 ) ,
+	IKEEXT_CIPHER_AES_192	= ( IKEEXT_CIPHER_AES_128 + 1 ) ,
+	IKEEXT_CIPHER_AES_256	= ( IKEEXT_CIPHER_AES_192 + 1 ) ,
+	IKEEXT_CIPHER_TYPE_MAX	= ( IKEEXT_CIPHER_AES_256 + 1 ) 
+    } 	IKEEXT_CIPHER_TYPE;
+
+typedef struct IKEEXT_CIPHER_ALGORITHM0_
+    {
+    IKEEXT_CIPHER_TYPE algoIdentifier;
+    UINT32 keyLen;
+    UINT32 rounds;
+    } 	IKEEXT_CIPHER_ALGORITHM0;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_INTEGRITY_TYPE_
+    {	IKEEXT_INTEGRITY_MD5	= 0,
+	IKEEXT_INTEGRITY_SHA1	= ( IKEEXT_INTEGRITY_MD5 + 1 ) ,
+	IKEEXT_INTEGRITY_SHA_256	= ( IKEEXT_INTEGRITY_SHA1 + 1 ) ,
+	IKEEXT_INTEGRITY_SHA_384	= ( IKEEXT_INTEGRITY_SHA_256 + 1 ) ,
+	IKEEXT_INTEGRITY_TYPE_MAX	= ( IKEEXT_INTEGRITY_SHA_384 + 1 ) 
+    } 	IKEEXT_INTEGRITY_TYPE;
+
+typedef struct IKEEXT_INTEGRITY_ALGORITHM0_
+    {
+    IKEEXT_INTEGRITY_TYPE algoIdentifier;
+    } 	IKEEXT_INTEGRITY_ALGORITHM0;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_DH_GROUP_
+    {	IKEEXT_DH_GROUP_NONE	= 0,
+	IKEEXT_DH_GROUP_1	= ( IKEEXT_DH_GROUP_NONE + 1 ) ,
+	IKEEXT_DH_GROUP_2	= ( IKEEXT_DH_GROUP_1 + 1 ) ,
+	IKEEXT_DH_GROUP_2048	= ( IKEEXT_DH_GROUP_2 + 1 ) ,
+	IKEEXT_DH_ECP_256	= ( IKEEXT_DH_GROUP_2048 + 1 ) ,
+	IKEEXT_DH_ECP_384	= ( IKEEXT_DH_ECP_256 + 1 ) ,
+	IKEEXT_DH_GROUP_MAX	= ( IKEEXT_DH_ECP_384 + 1 ) 
+    } 	IKEEXT_DH_GROUP;
+
+typedef struct IKEEXT_PROPOSAL0_
+    {
+    IKEEXT_CIPHER_ALGORITHM0 cipherAlgorithm;
+    IKEEXT_INTEGRITY_ALGORITHM0 integrityAlgorithm;
+    UINT32 maxLifetimeSeconds;
+    IKEEXT_DH_GROUP dhGroup;
+    UINT32 quickModeLimit;
+    } 	IKEEXT_PROPOSAL0;
+
+#define IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS (0x00000001)
+#define IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY (0x00000002)
+#define IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY (0x00000004)
+#define IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH (0x00000008)
+typedef struct IKEEXT_POLICY0_
+    {
+    UINT32 softExpirationTime;
+    UINT32 numAuthenticationMethods;
+    IKEEXT_AUTHENTICATION_METHOD0 *authenticationMethods;
+    IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
+    UINT32 numIkeProposals;
+    IKEEXT_PROPOSAL0 *ikeProposals;
+    UINT32 flags;
+    UINT32 maxDynamicFilters;
+    } 	IKEEXT_POLICY0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_POLICY1_
+    {
+    UINT32 softExpirationTime;
+    UINT32 numAuthenticationMethods;
+    IKEEXT_AUTHENTICATION_METHOD1 *authenticationMethods;
+    IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
+    UINT32 numIkeProposals;
+    IKEEXT_PROPOSAL0 *ikeProposals;
+    UINT32 flags;
+    UINT32 maxDynamicFilters;
+    UINT32 retransmitDurationSecs;
+    } 	IKEEXT_POLICY1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_EM_POLICY0_
+    {
+    UINT32 numAuthenticationMethods;
+    IKEEXT_AUTHENTICATION_METHOD0 *authenticationMethods;
+    IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
+    } 	IKEEXT_EM_POLICY0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_EM_POLICY1_
+    {
+    UINT32 numAuthenticationMethods;
+    IKEEXT_AUTHENTICATION_METHOD1 *authenticationMethods;
+    IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
+    } 	IKEEXT_EM_POLICY1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#define IKEEXT_ERROR_CODE_COUNT  \
+(ERROR_IPSEC_IKE_NEG_STATUS_END - ERROR_IPSEC_IKE_NEG_STATUS_BEGIN)
+typedef struct IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0_
+    {
+    UINT32 currentActiveMainModes;
+    UINT32 totalMainModesStarted;
+    UINT32 totalSuccessfulMainModes;
+    UINT32 totalFailedMainModes;
+    UINT32 totalResponderMainModes;
+    UINT32 currentNewResponderMainModes;
+    UINT32 currentActiveQuickModes;
+    UINT32 totalQuickModesStarted;
+    UINT32 totalSuccessfulQuickModes;
+    UINT32 totalFailedQuickModes;
+    UINT32 totalAcquires;
+    UINT32 totalReinitAcquires;
+    UINT32 currentActiveExtendedModes;
+    UINT32 totalExtendedModesStarted;
+    UINT32 totalSuccessfulExtendedModes;
+    UINT32 totalFailedExtendedModes;
+    UINT32 totalImpersonationExtendedModes;
+    UINT32 totalImpersonationMainModes;
+    } 	IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1_
+    {
+    UINT32 currentActiveMainModes;
+    UINT32 totalMainModesStarted;
+    UINT32 totalSuccessfulMainModes;
+    UINT32 totalFailedMainModes;
+    UINT32 totalResponderMainModes;
+    UINT32 currentNewResponderMainModes;
+    UINT32 currentActiveQuickModes;
+    UINT32 totalQuickModesStarted;
+    UINT32 totalSuccessfulQuickModes;
+    UINT32 totalFailedQuickModes;
+    UINT32 totalAcquires;
+    UINT32 totalReinitAcquires;
+    UINT32 currentActiveExtendedModes;
+    UINT32 totalExtendedModesStarted;
+    UINT32 totalSuccessfulExtendedModes;
+    UINT32 totalFailedExtendedModes;
+    UINT32 totalImpersonationExtendedModes;
+    UINT32 totalImpersonationMainModes;
+    } 	IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_KEYMODULE_STATISTICS0_
+    {
+    IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 v4Statistics;
+    IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS0 v6Statistics;
+    UINT32 errorFrequencyTable[ 97 ];
+    UINT32 mainModeNegotiationTime;
+    UINT32 quickModeNegotiationTime;
+    UINT32 extendedModeNegotiationTime;
+    } 	IKEEXT_KEYMODULE_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_KEYMODULE_STATISTICS1_
+    {
+    IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 v4Statistics;
+    IKEEXT_IP_VERSION_SPECIFIC_KEYMODULE_STATISTICS1 v6Statistics;
+    UINT32 errorFrequencyTable[ 97 ];
+    UINT32 mainModeNegotiationTime;
+    UINT32 quickModeNegotiationTime;
+    UINT32 extendedModeNegotiationTime;
+    } 	IKEEXT_KEYMODULE_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0_
+    {
+    UINT32 totalSocketReceiveFailures;
+    UINT32 totalSocketSendFailures;
+    } 	IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1_
+    {
+    UINT32 totalSocketReceiveFailures;
+    UINT32 totalSocketSendFailures;
+    } 	IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_COMMON_STATISTICS0_
+    {
+    IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v4Statistics;
+    IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS0 v6Statistics;
+    UINT32 totalPacketsReceived;
+    UINT32 totalInvalidPacketsReceived;
+    UINT32 currentQueuedWorkitems;
+    } 	IKEEXT_COMMON_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_COMMON_STATISTICS1_
+    {
+    IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v4Statistics;
+    IKEEXT_IP_VERSION_SPECIFIC_COMMON_STATISTICS1 v6Statistics;
+    UINT32 totalPacketsReceived;
+    UINT32 totalInvalidPacketsReceived;
+    UINT32 currentQueuedWorkitems;
+    } 	IKEEXT_COMMON_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_STATISTICS0_
+    {
+    IKEEXT_KEYMODULE_STATISTICS0 ikeStatistics;
+    IKEEXT_KEYMODULE_STATISTICS0 authipStatistics;
+    IKEEXT_COMMON_STATISTICS0 commonStatistics;
+    } 	IKEEXT_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_STATISTICS1_
+    {
+    IKEEXT_KEYMODULE_STATISTICS1 ikeStatistics;
+    IKEEXT_KEYMODULE_STATISTICS1 authipStatistics;
+    IKEEXT_KEYMODULE_STATISTICS1 ikeV2Statistics;
+    IKEEXT_COMMON_STATISTICS1 commonStatistics;
+    } 	IKEEXT_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_TRAFFIC0_
+    {
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 localV4Address;
+        UINT8 localV6Address[ 16 ];
+        } 	;
+    union 
+        {
+        UINT32 remoteV4Address;
+        UINT8 remoteV6Address[ 16 ];
+        } 	;
+    UINT64 authIpFilterId;
+    } 	IKEEXT_TRAFFIC0;
+
+typedef UINT64 IKEEXT_COOKIE;
+
+typedef struct IKEEXT_COOKIE_PAIR0_
+    {
+    IKEEXT_COOKIE initiator;
+    IKEEXT_COOKIE responder;
+    } 	IKEEXT_COOKIE_PAIR0;
+
+#define IKEEXT_CERT_CREDENTIAL_FLAG_NAP_CERT     (0x00000001)
+typedef struct IKEEXT_CERTIFICATE_CREDENTIAL0_
+    {
+    FWP_BYTE_BLOB subjectName;
+    FWP_BYTE_BLOB certHash;
+    UINT32 flags;
+    } 	IKEEXT_CERTIFICATE_CREDENTIAL0;
+
+typedef struct IKEEXT_NAME_CREDENTIAL0_
+    {
+    wchar_t *principalName;
+    } 	IKEEXT_NAME_CREDENTIAL0;
+
+typedef struct IKEEXT_CREDENTIAL0_
+    {
+    IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
+    IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType;
+    union 
+        {
+        IKEEXT_PRESHARED_KEY_AUTHENTICATION0 *presharedKey;
+        IKEEXT_CERTIFICATE_CREDENTIAL0 *certificate;
+        IKEEXT_NAME_CREDENTIAL0 *name;
+         /* Empty union arm */ 
+        } 	;
+    } 	IKEEXT_CREDENTIAL0;
+
+typedef struct IKEEXT_CREDENTIAL_PAIR0_
+    {
+    IKEEXT_CREDENTIAL0 localCredentials;
+    IKEEXT_CREDENTIAL0 peerCredentials;
+    } 	IKEEXT_CREDENTIAL_PAIR0;
+
+typedef struct IKEEXT_CREDENTIALS0_
+    {
+    UINT32 numCredentials;
+    IKEEXT_CREDENTIAL_PAIR0 *credentials;
+    } 	IKEEXT_CREDENTIALS0;
+
+typedef struct IKEEXT_SA_DETAILS0_
+    {
+    UINT64 saId;
+    IKEEXT_KEY_MODULE_TYPE keyModuleType;
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        IPSEC_V4_UDP_ENCAPSULATION0 *v4UdpEncapsulation;
+         /* Empty union arm */ 
+        } 	;
+    IKEEXT_TRAFFIC0 ikeTraffic;
+    IKEEXT_PROPOSAL0 ikeProposal;
+    IKEEXT_COOKIE_PAIR0 cookiePair;
+    IKEEXT_CREDENTIALS0 ikeCredentials;
+    GUID ikePolicyKey;
+    UINT64 virtualIfTunnelId;
+    } 	IKEEXT_SA_DETAILS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_CERTIFICATE_CREDENTIAL1_
+    {
+    FWP_BYTE_BLOB subjectName;
+    FWP_BYTE_BLOB certHash;
+    UINT32 flags;
+    FWP_BYTE_BLOB certificate;
+    } 	IKEEXT_CERTIFICATE_CREDENTIAL1;
+
+typedef struct IKEEXT_CREDENTIAL1_
+    {
+    IKEEXT_AUTHENTICATION_METHOD_TYPE authenticationMethodType;
+    IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE impersonationType;
+    union 
+        {
+        IKEEXT_PRESHARED_KEY_AUTHENTICATION1 *presharedKey;
+        IKEEXT_CERTIFICATE_CREDENTIAL1 *certificate;
+        IKEEXT_NAME_CREDENTIAL0 *name;
+         /* Empty union arm */ 
+        } 	;
+    } 	IKEEXT_CREDENTIAL1;
+
+typedef struct IKEEXT_CREDENTIAL_PAIR1_
+    {
+    IKEEXT_CREDENTIAL1 localCredentials;
+    IKEEXT_CREDENTIAL1 peerCredentials;
+    } 	IKEEXT_CREDENTIAL_PAIR1;
+
+typedef struct IKEEXT_CREDENTIALS1_
+    {
+    UINT32 numCredentials;
+    IKEEXT_CREDENTIAL_PAIR1 *credentials;
+    } 	IKEEXT_CREDENTIALS1;
+
+typedef struct IKEEXT_SA_DETAILS1_
+    {
+    UINT64 saId;
+    IKEEXT_KEY_MODULE_TYPE keyModuleType;
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        IPSEC_V4_UDP_ENCAPSULATION0 *v4UdpEncapsulation;
+         /* Empty union arm */ 
+        } 	;
+    IKEEXT_TRAFFIC0 ikeTraffic;
+    IKEEXT_PROPOSAL0 ikeProposal;
+    IKEEXT_COOKIE_PAIR0 cookiePair;
+    IKEEXT_CREDENTIALS1 ikeCredentials;
+    GUID ikePolicyKey;
+    UINT64 virtualIfTunnelId;
+    FWP_BYTE_BLOB correlationKey;
+    } 	IKEEXT_SA_DETAILS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IKEEXT_SA_ENUM_TEMPLATE0_
+    {
+    FWP_CONDITION_VALUE0 localSubNet;
+    FWP_CONDITION_VALUE0 remoteSubNet;
+    FWP_BYTE_BLOB localMainModeCertHash;
+    } 	IKEEXT_SA_ENUM_TEMPLATE0;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_MM_SA_STATE_
+    {	IKEEXT_MM_SA_STATE_NONE	= 0,
+	IKEEXT_MM_SA_STATE_SA_SENT	= ( IKEEXT_MM_SA_STATE_NONE + 1 ) ,
+	IKEEXT_MM_SA_STATE_SSPI_SENT	= ( IKEEXT_MM_SA_STATE_SA_SENT + 1 ) ,
+	IKEEXT_MM_SA_STATE_FINAL	= ( IKEEXT_MM_SA_STATE_SSPI_SENT + 1 ) ,
+	IKEEXT_MM_SA_STATE_FINAL_SENT	= ( IKEEXT_MM_SA_STATE_FINAL + 1 ) ,
+	IKEEXT_MM_SA_STATE_COMPLETE	= ( IKEEXT_MM_SA_STATE_FINAL_SENT + 1 ) ,
+	IKEEXT_MM_SA_STATE_MAX	= ( IKEEXT_MM_SA_STATE_COMPLETE + 1 ) 
+    } 	IKEEXT_MM_SA_STATE;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_QM_SA_STATE_
+    {	IKEEXT_QM_SA_STATE_NONE	= 0,
+	IKEEXT_QM_SA_STATE_INITIAL	= ( IKEEXT_QM_SA_STATE_NONE + 1 ) ,
+	IKEEXT_QM_SA_STATE_FINAL	= ( IKEEXT_QM_SA_STATE_INITIAL + 1 ) ,
+	IKEEXT_QM_SA_STATE_COMPLETE	= ( IKEEXT_QM_SA_STATE_FINAL + 1 ) ,
+	IKEEXT_QM_SA_STATE_MAX	= ( IKEEXT_QM_SA_STATE_COMPLETE + 1 ) 
+    } 	IKEEXT_QM_SA_STATE;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_EM_SA_STATE_
+    {	IKEEXT_EM_SA_STATE_NONE	= 0,
+	IKEEXT_EM_SA_STATE_SENT_ATTS	= ( IKEEXT_EM_SA_STATE_NONE + 1 ) ,
+	IKEEXT_EM_SA_STATE_SSPI_SENT	= ( IKEEXT_EM_SA_STATE_SENT_ATTS + 1 ) ,
+	IKEEXT_EM_SA_STATE_AUTH_COMPLETE	= ( IKEEXT_EM_SA_STATE_SSPI_SENT + 1 ) ,
+	IKEEXT_EM_SA_STATE_FINAL	= ( IKEEXT_EM_SA_STATE_AUTH_COMPLETE + 1 ) ,
+	IKEEXT_EM_SA_STATE_COMPLETE	= ( IKEEXT_EM_SA_STATE_FINAL + 1 ) ,
+	IKEEXT_EM_SA_STATE_MAX	= ( IKEEXT_EM_SA_STATE_COMPLETE + 1 ) 
+    } 	IKEEXT_EM_SA_STATE;
+
+typedef /* [v1_enum] */ 
+enum IKEEXT_SA_ROLE_
+    {	IKEEXT_SA_ROLE_INITIATOR	= 0,
+	IKEEXT_SA_ROLE_RESPONDER	= ( IKEEXT_SA_ROLE_INITIATOR + 1 ) ,
+	IKEEXT_SA_ROLE_MAX	= ( IKEEXT_SA_ROLE_RESPONDER + 1 ) 
+    } 	IKEEXT_SA_ROLE;
+
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(pop)
+#else
+#pragma warning(default:4201)
+#endif
+#endif
+
+
+extern RPC_IF_HANDLE __MIDL_itf_iketypes_0000_0000_v0_0_c_ifspec;
+extern RPC_IF_HANDLE __MIDL_itf_iketypes_0000_0000_v0_0_s_ifspec;
+
+/* Additional Prototypes for ALL interfaces */
+
+/* end of Additional Prototypes */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
+

src/Mayaqua/fixed_ipsectypes.h

@@ -0,0 +1,813 @@
+
+
+/* this ALWAYS GENERATED file contains the definitions for the interfaces */
+
+
+ /* File created by MIDL compiler version 7.00.0555 */
+/* Compiler settings for ipsectypes.idl:
+    Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 7.00.0555 
+    protocol : dce , ms_ext, c_ext, robust
+    error checks: allocation ref bounds_check enum stub_data 
+    VC __declspec() decoration level: 
+         __declspec(uuid()), __declspec(selectany), __declspec(novtable)
+         DECLSPEC_UUID(), MIDL_INTERFACE()
+*/
+/* @@MIDL_FILE_HEADING(  ) */
+
+#pragma warning( disable: 4049 )  /* more than 64k source lines */
+
+
+/* verify that the <rpcndr.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCNDR_H_VERSION__
+#define __REQUIRED_RPCNDR_H_VERSION__ 500
+#endif
+
+/* verify that the <rpcsal.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCSAL_H_VERSION__
+#define __REQUIRED_RPCSAL_H_VERSION__ 100
+#endif
+
+#include "rpc.h"
+#include "rpcndr.h"
+
+#ifndef __RPCNDR_H_VERSION__
+#error this stub requires an updated version of <rpcndr.h>
+#endif // __RPCNDR_H_VERSION__
+
+
+#ifndef __ipsectypes_h__
+#define __ipsectypes_h__
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1020)
+#pragma once
+#endif
+
+/* Forward Declarations */ 
+
+/* header files for imported files */
+#include "fixed_fwptypes.h"
+#include "fixed_iketypes.h"
+
+#ifdef __cplusplus
+extern "C"{
+#endif 
+
+
+/* interface __MIDL_itf_ipsectypes_0000_0000 */
+/* [local] */ 
+
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(push)
+#endif
+#pragma warning(disable:4201)
+#endif
+typedef struct FWPM_FILTER0_ FWPM_FILTER0;
+
+typedef struct IPSEC_SA_LIFETIME0_
+    {
+    UINT32 lifetimeSeconds;
+    UINT32 lifetimeKilobytes;
+    UINT32 lifetimePackets;
+    } 	IPSEC_SA_LIFETIME0;
+
+typedef /* [v1_enum] */ 
+enum IPSEC_TRANSFORM_TYPE_
+    {	IPSEC_TRANSFORM_AH	= 1,
+	IPSEC_TRANSFORM_ESP_AUTH	= ( IPSEC_TRANSFORM_AH + 1 ) ,
+	IPSEC_TRANSFORM_ESP_CIPHER	= ( IPSEC_TRANSFORM_ESP_AUTH + 1 ) ,
+	IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER	= ( IPSEC_TRANSFORM_ESP_CIPHER + 1 ) ,
+	IPSEC_TRANSFORM_ESP_AUTH_FW	= ( IPSEC_TRANSFORM_ESP_AUTH_AND_CIPHER + 1 ) ,
+	IPSEC_TRANSFORM_TYPE_MAX	= ( IPSEC_TRANSFORM_ESP_AUTH_FW + 1 ) 
+    } 	IPSEC_TRANSFORM_TYPE;
+
+typedef /* [v1_enum] */ 
+enum IPSEC_AUTH_TYPE_
+    {	IPSEC_AUTH_MD5	= 0,
+	IPSEC_AUTH_SHA_1	= ( IPSEC_AUTH_MD5 + 1 ) ,
+	IPSEC_AUTH_SHA_256	= ( IPSEC_AUTH_SHA_1 + 1 ) ,
+	IPSEC_AUTH_AES_128	= ( IPSEC_AUTH_SHA_256 + 1 ) ,
+	IPSEC_AUTH_AES_192	= ( IPSEC_AUTH_AES_128 + 1 ) ,
+	IPSEC_AUTH_AES_256	= ( IPSEC_AUTH_AES_192 + 1 ) ,
+	IPSEC_AUTH_MAX	= ( IPSEC_AUTH_AES_256 + 1 ) 
+    } 	IPSEC_AUTH_TYPE;
+
+typedef UINT8 IPSEC_AUTH_CONFIG;
+
+#define IPSEC_AUTH_CONFIG_HMAC_MD5_96         (0)
+#define IPSEC_AUTH_CONFIG_HMAC_SHA_1_96       (1)
+#define IPSEC_AUTH_CONFIG_HMAC_SHA_256_128    (2)
+#define IPSEC_AUTH_CONFIG_GCM_AES_128         (3)
+#define IPSEC_AUTH_CONFIG_GCM_AES_192         (4)
+#define IPSEC_AUTH_CONFIG_GCM_AES_256         (5)
+#define IPSEC_AUTH_CONFIG_MAX                 (6)
+typedef struct IPSEC_AUTH_TRANSFORM_ID0_
+    {
+    IPSEC_AUTH_TYPE authType;
+    IPSEC_AUTH_CONFIG authConfig;
+    } 	IPSEC_AUTH_TRANSFORM_ID0;
+
+typedef GUID IPSEC_CRYPTO_MODULE_ID;
+
+typedef struct IPSEC_AUTH_TRANSFORM0_
+    {
+    IPSEC_AUTH_TRANSFORM_ID0 authTransformId;
+    IPSEC_CRYPTO_MODULE_ID *cryptoModuleId;
+    } 	IPSEC_AUTH_TRANSFORM0;
+
+typedef /* [v1_enum] */ 
+enum IPSEC_CIPHER_TYPE_
+    {	IPSEC_CIPHER_TYPE_DES	= 1,
+	IPSEC_CIPHER_TYPE_3DES	= ( IPSEC_CIPHER_TYPE_DES + 1 ) ,
+	IPSEC_CIPHER_TYPE_AES_128	= ( IPSEC_CIPHER_TYPE_3DES + 1 ) ,
+	IPSEC_CIPHER_TYPE_AES_192	= ( IPSEC_CIPHER_TYPE_AES_128 + 1 ) ,
+	IPSEC_CIPHER_TYPE_AES_256	= ( IPSEC_CIPHER_TYPE_AES_192 + 1 ) ,
+	IPSEC_CIPHER_TYPE_MAX	= ( IPSEC_CIPHER_TYPE_AES_256 + 1 ) 
+    } 	IPSEC_CIPHER_TYPE;
+
+typedef UINT8 IPSEC_CIPHER_CONFIG;
+
+#define IPSEC_CIPHER_CONFIG_CBC_DES      (1)
+#define IPSEC_CIPHER_CONFIG_CBC_3DES     (2)
+#define IPSEC_CIPHER_CONFIG_CBC_AES_128  (3)
+#define IPSEC_CIPHER_CONFIG_CBC_AES_192  (4)
+#define IPSEC_CIPHER_CONFIG_CBC_AES_256  (5)
+#define IPSEC_CIPHER_CONFIG_GCM_AES_128  (6)
+#define IPSEC_CIPHER_CONFIG_GCM_AES_192  (7)
+#define IPSEC_CIPHER_CONFIG_GCM_AES_256  (8)
+#define IPSEC_CIPHER_CONFIG_MAX          (9)
+typedef struct IPSEC_CIPHER_TRANSFORM_ID0_
+    {
+    IPSEC_CIPHER_TYPE cipherType;
+    IPSEC_CIPHER_CONFIG cipherConfig;
+    } 	IPSEC_CIPHER_TRANSFORM_ID0;
+
+typedef struct IPSEC_CIPHER_TRANSFORM0_
+    {
+    IPSEC_CIPHER_TRANSFORM_ID0 cipherTransformId;
+    IPSEC_CRYPTO_MODULE_ID *cryptoModuleId;
+    } 	IPSEC_CIPHER_TRANSFORM0;
+
+typedef struct IPSEC_AUTH_AND_CIPHER_TRANSFORM0_
+    {
+    IPSEC_AUTH_TRANSFORM0 authTransform;
+    IPSEC_CIPHER_TRANSFORM0 cipherTransform;
+    } 	IPSEC_AUTH_AND_CIPHER_TRANSFORM0;
+
+typedef struct IPSEC_SA_TRANSFORM0_
+    {
+    IPSEC_TRANSFORM_TYPE ipsecTransformType;
+    union 
+        {
+        IPSEC_AUTH_TRANSFORM0 *ahTransform;
+        IPSEC_AUTH_TRANSFORM0 *espAuthTransform;
+        IPSEC_CIPHER_TRANSFORM0 *espCipherTransform;
+        IPSEC_AUTH_AND_CIPHER_TRANSFORM0 *espAuthAndCipherTransform;
+        IPSEC_AUTH_TRANSFORM0 *espAuthFwTransform;
+        } 	;
+    } 	IPSEC_SA_TRANSFORM0;
+
+#define espAuthTranform espAuthTransform
+typedef /* [v1_enum] */ 
+enum IPSEC_PFS_GROUP_
+    {	IPSEC_PFS_NONE	= 0,
+	IPSEC_PFS_1	= ( IPSEC_PFS_NONE + 1 ) ,
+	IPSEC_PFS_2	= ( IPSEC_PFS_1 + 1 ) ,
+	IPSEC_PFS_2048	= ( IPSEC_PFS_2 + 1 ) ,
+	IPSEC_PFS_ECP_256	= ( IPSEC_PFS_2048 + 1 ) ,
+	IPSEC_PFS_ECP_384	= ( IPSEC_PFS_ECP_256 + 1 ) ,
+	IPSEC_PFS_MM	= ( IPSEC_PFS_ECP_384 + 1 ) ,
+	IPSEC_PFS_MAX	= ( IPSEC_PFS_MM + 1 ) 
+    } 	IPSEC_PFS_GROUP;
+
+typedef struct IPSEC_PROPOSAL0_
+    {
+    IPSEC_SA_LIFETIME0 lifetime;
+    UINT32 numSaTransforms;
+    IPSEC_SA_TRANSFORM0 *saTransforms;
+    IPSEC_PFS_GROUP pfsGroup;
+    } 	IPSEC_PROPOSAL0;
+
+typedef struct IPSEC_SA_IDLE_TIMEOUT0_
+    {
+    UINT32 idleTimeoutSeconds;
+    UINT32 idleTimeoutSecondsFailOver;
+    } 	IPSEC_SA_IDLE_TIMEOUT0;
+
+#define IPSEC_POLICY_FLAG_ND_SECURE     (0x00000002)
+#define IPSEC_POLICY_FLAG_ND_BOUNDARY   (0x00000004)
+#define IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL   (0x00000008)
+#define IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_PEER_BEHIND_NAT   (0x00000010)
+#define IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_GENERAL_NAT_TRAVERSAL   (0x00000020)
+#define IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME   (0x00000040)
+#define IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME   (0x00000080)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_POLICY_FLAG_ENABLE_V6_IN_V4_TUNNELING  (0x00000100)
+#define IPSEC_POLICY_FLAG_ENABLE_SERVER_ADDR_ASSIGNMENT  (0x00000200)
+#define IPSEC_POLICY_FLAG_TUNNEL_ALLOW_OUTBOUND_CLEAR_CONNECTION  (0x00000400)
+#define IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ALREADY_SECURE_CONNECTION (0x00000800)
+#define IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ICMPV6 (0x00001000)
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TRANSPORT_POLICY0_
+    {
+    UINT32 numIpsecProposals;
+    IPSEC_PROPOSAL0 *ipsecProposals;
+    UINT32 flags;
+    UINT32 ndAllowClearTimeoutSeconds;
+    IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
+    IKEEXT_EM_POLICY0 *emPolicy;
+    } 	IPSEC_TRANSPORT_POLICY0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TRANSPORT_POLICY1_
+    {
+    UINT32 numIpsecProposals;
+    IPSEC_PROPOSAL0 *ipsecProposals;
+    UINT32 flags;
+    UINT32 ndAllowClearTimeoutSeconds;
+    IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
+    IKEEXT_EM_POLICY1 *emPolicy;
+    } 	IPSEC_TRANSPORT_POLICY1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TUNNEL_ENDPOINTS0_
+    {
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 localV4Address;
+        UINT8 localV6Address[ 16 ];
+        } 	;
+    union 
+        {
+        UINT32 remoteV4Address;
+        UINT8 remoteV6Address[ 16 ];
+        } 	;
+    } 	IPSEC_TUNNEL_ENDPOINTS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TUNNEL_ENDPOINTS1_
+    {
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 localV4Address;
+        UINT8 localV6Address[ 16 ];
+        } 	;
+    union 
+        {
+        UINT32 remoteV4Address;
+        UINT8 remoteV6Address[ 16 ];
+        } 	;
+    UINT64 localIfLuid;
+    } 	IPSEC_TUNNEL_ENDPOINTS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TUNNEL_POLICY0_
+    {
+    UINT32 flags;
+    UINT32 numIpsecProposals;
+    IPSEC_PROPOSAL0 *ipsecProposals;
+    IPSEC_TUNNEL_ENDPOINTS0 tunnelEndpoints;
+    IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
+    IKEEXT_EM_POLICY0 *emPolicy;
+    } 	IPSEC_TUNNEL_POLICY0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TUNNEL_POLICY1_
+    {
+    UINT32 flags;
+    UINT32 numIpsecProposals;
+    IPSEC_PROPOSAL0 *ipsecProposals;
+    IPSEC_TUNNEL_ENDPOINTS1 tunnelEndpoints;
+    IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
+    IKEEXT_EM_POLICY1 *emPolicy;
+    } 	IPSEC_TUNNEL_POLICY1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_KEYING_POLICY0_
+    {
+    UINT32 numKeyMods;
+    GUID *keyModKeys;
+    } 	IPSEC_KEYING_POLICY0;
+
+typedef struct IPSEC_AGGREGATE_SA_STATISTICS0_
+    {
+    UINT32 activeSas;
+    UINT32 pendingSaNegotiations;
+    UINT32 totalSasAdded;
+    UINT32 totalSasDeleted;
+    UINT32 successfulRekeys;
+    UINT32 activeTunnels;
+    UINT32 offloadedSas;
+    } 	IPSEC_AGGREGATE_SA_STATISTICS0;
+
+typedef struct IPSEC_ESP_DROP_PACKET_STATISTICS0_
+    {
+    UINT32 invalidSpisOnInbound;
+    UINT32 decryptionFailuresOnInbound;
+    UINT32 authenticationFailuresOnInbound;
+    UINT32 replayCheckFailuresOnInbound;
+    UINT32 saNotInitializedOnInbound;
+    } 	IPSEC_ESP_DROP_PACKET_STATISTICS0;
+
+typedef struct IPSEC_AH_DROP_PACKET_STATISTICS0_
+    {
+    UINT32 invalidSpisOnInbound;
+    UINT32 authenticationFailuresOnInbound;
+    UINT32 replayCheckFailuresOnInbound;
+    UINT32 saNotInitializedOnInbound;
+    } 	IPSEC_AH_DROP_PACKET_STATISTICS0;
+
+typedef struct IPSEC_AGGREGATE_DROP_PACKET_STATISTICS0_
+    {
+    UINT32 invalidSpisOnInbound;
+    UINT32 decryptionFailuresOnInbound;
+    UINT32 authenticationFailuresOnInbound;
+    UINT32 udpEspValidationFailuresOnInbound;
+    UINT32 replayCheckFailuresOnInbound;
+    UINT32 invalidClearTextInbound;
+    UINT32 saNotInitializedOnInbound;
+    UINT32 receiveOverIncorrectSaInbound;
+    UINT32 secureReceivesNotMatchingFilters;
+    } 	IPSEC_AGGREGATE_DROP_PACKET_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_AGGREGATE_DROP_PACKET_STATISTICS1_
+    {
+    UINT32 invalidSpisOnInbound;
+    UINT32 decryptionFailuresOnInbound;
+    UINT32 authenticationFailuresOnInbound;
+    UINT32 udpEspValidationFailuresOnInbound;
+    UINT32 replayCheckFailuresOnInbound;
+    UINT32 invalidClearTextInbound;
+    UINT32 saNotInitializedOnInbound;
+    UINT32 receiveOverIncorrectSaInbound;
+    UINT32 secureReceivesNotMatchingFilters;
+    UINT32 totalDropPacketsInbound;
+    } 	IPSEC_AGGREGATE_DROP_PACKET_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TRAFFIC_STATISTICS0_
+    {
+    UINT64 encryptedByteCount;
+    UINT64 authenticatedAHByteCount;
+    UINT64 authenticatedESPByteCount;
+    UINT64 transportByteCount;
+    UINT64 tunnelByteCount;
+    UINT64 offloadByteCount;
+    } 	IPSEC_TRAFFIC_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TRAFFIC_STATISTICS1_
+    {
+    UINT64 encryptedByteCount;
+    UINT64 authenticatedAHByteCount;
+    UINT64 authenticatedESPByteCount;
+    UINT64 transportByteCount;
+    UINT64 tunnelByteCount;
+    UINT64 offloadByteCount;
+    UINT64 totalSuccessfulPackets;
+    } 	IPSEC_TRAFFIC_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_STATISTICS0_
+    {
+    IPSEC_AGGREGATE_SA_STATISTICS0 aggregateSaStatistics;
+    IPSEC_ESP_DROP_PACKET_STATISTICS0 espDropPacketStatistics;
+    IPSEC_AH_DROP_PACKET_STATISTICS0 ahDropPacketStatistics;
+    IPSEC_AGGREGATE_DROP_PACKET_STATISTICS0 aggregateDropPacketStatistics;
+    IPSEC_TRAFFIC_STATISTICS0 inboundTrafficStatistics;
+    IPSEC_TRAFFIC_STATISTICS0 outboundTrafficStatistics;
+    } 	IPSEC_STATISTICS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_STATISTICS1_
+    {
+    IPSEC_AGGREGATE_SA_STATISTICS0 aggregateSaStatistics;
+    IPSEC_ESP_DROP_PACKET_STATISTICS0 espDropPacketStatistics;
+    IPSEC_AH_DROP_PACKET_STATISTICS0 ahDropPacketStatistics;
+    IPSEC_AGGREGATE_DROP_PACKET_STATISTICS1 aggregateDropPacketStatistics;
+    IPSEC_TRAFFIC_STATISTICS1 inboundTrafficStatistics;
+    IPSEC_TRAFFIC_STATISTICS1 outboundTrafficStatistics;
+    } 	IPSEC_STATISTICS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef UINT32 IPSEC_SA_SPI;
+
+typedef struct IPSEC_SA_AUTH_INFORMATION0_
+    {
+    IPSEC_AUTH_TRANSFORM0 authTransform;
+    FWP_BYTE_BLOB authKey;
+    } 	IPSEC_SA_AUTH_INFORMATION0;
+
+typedef struct IPSEC_SA_CIPHER_INFORMATION0_
+    {
+    IPSEC_CIPHER_TRANSFORM0 cipherTransform;
+    FWP_BYTE_BLOB cipherKey;
+    } 	IPSEC_SA_CIPHER_INFORMATION0;
+
+typedef struct IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0_
+    {
+    IPSEC_SA_CIPHER_INFORMATION0 saCipherInformation;
+    IPSEC_SA_AUTH_INFORMATION0 saAuthInformation;
+    } 	IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0;
+
+typedef struct IPSEC_SA0_
+    {
+    IPSEC_SA_SPI spi;
+    IPSEC_TRANSFORM_TYPE saTransformType;
+    union 
+        {
+        IPSEC_SA_AUTH_INFORMATION0 *ahInformation;
+        IPSEC_SA_AUTH_INFORMATION0 *espAuthInformation;
+        IPSEC_SA_CIPHER_INFORMATION0 *espCipherInformation;
+        IPSEC_SA_AUTH_AND_CIPHER_INFORMATION0 *espAuthAndCipherInformation;
+        IPSEC_SA_AUTH_INFORMATION0 *espAuthFwInformation;
+        } 	;
+    } 	IPSEC_SA0;
+
+typedef struct IPSEC_KEYMODULE_STATE0_
+    {
+    GUID keyModuleKey;
+    FWP_BYTE_BLOB stateBlob;
+    } 	IPSEC_KEYMODULE_STATE0;
+
+typedef UINT64 IPSEC_TOKEN_HANDLE;
+
+typedef /* [v1_enum] */ 
+enum IPSEC_TOKEN_TYPE_
+    {	IPSEC_TOKEN_TYPE_MACHINE	= 0,
+	IPSEC_TOKEN_TYPE_IMPERSONATION	= ( IPSEC_TOKEN_TYPE_MACHINE + 1 ) ,
+	IPSEC_TOKEN_TYPE_MAX	= ( IPSEC_TOKEN_TYPE_IMPERSONATION + 1 ) 
+    } 	IPSEC_TOKEN_TYPE;
+
+typedef /* [v1_enum] */ 
+enum IPSEC_TOKEN_PRINCIPAL_
+    {	IPSEC_TOKEN_PRINCIPAL_LOCAL	= 0,
+	IPSEC_TOKEN_PRINCIPAL_PEER	= ( IPSEC_TOKEN_PRINCIPAL_LOCAL + 1 ) ,
+	IPSEC_TOKEN_PRINCIPAL_MAX	= ( IPSEC_TOKEN_PRINCIPAL_PEER + 1 ) 
+    } 	IPSEC_TOKEN_PRINCIPAL;
+
+typedef /* [v1_enum] */ 
+enum IPSEC_TOKEN_MODE_
+    {	IPSEC_TOKEN_MODE_MAIN	= 0,
+	IPSEC_TOKEN_MODE_EXTENDED	= ( IPSEC_TOKEN_MODE_MAIN + 1 ) ,
+	IPSEC_TOKEN_MODE_MAX	= ( IPSEC_TOKEN_MODE_EXTENDED + 1 ) 
+    } 	IPSEC_TOKEN_MODE;
+
+typedef struct IPSEC_TOKEN0_
+    {
+    IPSEC_TOKEN_TYPE type;
+    IPSEC_TOKEN_PRINCIPAL principal;
+    IPSEC_TOKEN_MODE mode;
+    IPSEC_TOKEN_HANDLE token;
+    } 	IPSEC_TOKEN0;
+
+typedef struct IPSEC_ID0_
+    {
+    wchar_t *mmTargetName;
+    wchar_t *emTargetName;
+    UINT32 numTokens;
+    IPSEC_TOKEN0 *tokens;
+    UINT64 explicitCredentials;
+    UINT64 logonId;
+    } 	IPSEC_ID0;
+
+#define IPSEC_SA_BUNDLE_FLAG_ND_SECURE (0x00000001)
+#define IPSEC_SA_BUNDLE_FLAG_ND_BOUNDARY (0x00000002)
+#define IPSEC_SA_BUNDLE_FLAG_ND_PEER_NAT_BOUNDARY (0x00000004)
+#define IPSEC_SA_BUNDLE_FLAG_GUARANTEE_ENCRYPTION (0x00000008)
+#define IPSEC_SA_BUNDLE_FLAG_NLB (0x00000010)
+#define IPSEC_SA_BUNDLE_FLAG_NO_MACHINE_LUID_VERIFY (0x00000020)
+#define IPSEC_SA_BUNDLE_FLAG_NO_IMPERSONATION_LUID_VERIFY (0x00000040)
+#define IPSEC_SA_BUNDLE_FLAG_NO_EXPLICIT_CRED_MATCH (0x00000080)
+#define IPSEC_SA_BUNDLE_FLAG_ALLOW_NULL_TARGET_NAME_MATCH (0x00000200)
+#define IPSEC_SA_BUNDLE_FLAG_CLEAR_DF_ON_TUNNEL   (0x00000400)
+#define IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND (0x00000800)
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
+#define IPSEC_SA_BUNDLE_FLAG_ND_PEER_BOUNDARY (0x00001000)
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_SA_BUNDLE_FLAG_SUPPRESS_DUPLICATE_DELETION (0x00002000)
+#define IPSEC_SA_BUNDLE_FLAG_PEER_SUPPORTS_GUARANTEE_ENCRYPTION (0x00004000)
+#define IPSEC_SA_BUNDLE_FLAG_FORCE_INBOUND_CONNECTIONS (0x00008000)
+#define IPSEC_SA_BUNDLE_FLAG_FORCE_OUTBOUND_CONNECTIONS (0x00010000)
+#define IPSEC_SA_BUNDLE_FLAG_FORWARD_PATH_INITIATOR (0x00020000)
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_SA_BUNDLE0_
+    {
+    UINT32 flags;
+    IPSEC_SA_LIFETIME0 lifetime;
+    UINT32 idleTimeoutSeconds;
+    UINT32 ndAllowClearTimeoutSeconds;
+    IPSEC_ID0 *ipsecId;
+    UINT32 napContext;
+    UINT32 qmSaId;
+    UINT32 numSAs;
+    IPSEC_SA0 *saList;
+    IPSEC_KEYMODULE_STATE0 *keyModuleState;
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 peerV4PrivateAddress;
+         /* Empty union arm */ 
+        } 	;
+    UINT64 mmSaId;
+    IPSEC_PFS_GROUP pfsGroup;
+    } 	IPSEC_SA_BUNDLE0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_SA_BUNDLE1_
+    {
+    UINT32 flags;
+    IPSEC_SA_LIFETIME0 lifetime;
+    UINT32 idleTimeoutSeconds;
+    UINT32 ndAllowClearTimeoutSeconds;
+    IPSEC_ID0 *ipsecId;
+    UINT32 napContext;
+    UINT32 qmSaId;
+    UINT32 numSAs;
+    IPSEC_SA0 *saList;
+    IPSEC_KEYMODULE_STATE0 *keyModuleState;
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 peerV4PrivateAddress;
+         /* Empty union arm */ 
+        } 	;
+    UINT64 mmSaId;
+    IPSEC_PFS_GROUP pfsGroup;
+    GUID saLookupContext;
+    UINT64 qmFilterId;
+    } 	IPSEC_SA_BUNDLE1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef /* [v1_enum] */ 
+enum IPSEC_TRAFFIC_TYPE_
+    {	IPSEC_TRAFFIC_TYPE_TRANSPORT	= 0,
+	IPSEC_TRAFFIC_TYPE_TUNNEL	= ( IPSEC_TRAFFIC_TYPE_TRANSPORT + 1 ) ,
+	IPSEC_TRAFFIC_TYPE_MAX	= ( IPSEC_TRAFFIC_TYPE_TUNNEL + 1 ) 
+    } 	IPSEC_TRAFFIC_TYPE;
+
+typedef struct IPSEC_TRAFFIC0_
+    {
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 localV4Address;
+        UINT8 localV6Address[ 16 ];
+        } 	;
+    union 
+        {
+        UINT32 remoteV4Address;
+        UINT8 remoteV6Address[ 16 ];
+        } 	;
+    IPSEC_TRAFFIC_TYPE trafficType;
+    union 
+        {
+        UINT64 ipsecFilterId;
+        UINT64 tunnelPolicyId;
+        } 	;
+    UINT16 remotePort;
+    } 	IPSEC_TRAFFIC0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_TRAFFIC1_
+    {
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        UINT32 localV4Address;
+        UINT8 localV6Address[ 16 ];
+        } 	;
+    union 
+        {
+        UINT32 remoteV4Address;
+        UINT8 remoteV6Address[ 16 ];
+        } 	;
+    IPSEC_TRAFFIC_TYPE trafficType;
+    union 
+        {
+        UINT64 ipsecFilterId;
+        UINT64 tunnelPolicyId;
+        } 	;
+    UINT16 remotePort;
+    UINT16 localPort;
+    UINT8 ipProtocol;
+    UINT64 localIfLuid;
+    UINT32 realIfProfileId;
+    } 	IPSEC_TRAFFIC1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_V4_UDP_ENCAPSULATION0_
+    {
+    UINT16 localUdpEncapPort;
+    UINT16 remoteUdpEncapPort;
+    } 	IPSEC_V4_UDP_ENCAPSULATION0;
+
+typedef struct IPSEC_GETSPI0_
+    {
+    IPSEC_TRAFFIC0 inboundIpsecTraffic;
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        IPSEC_V4_UDP_ENCAPSULATION0 *inboundUdpEncapsulation;
+         /* Empty union arm */ 
+        } 	;
+    IPSEC_CRYPTO_MODULE_ID *rngCryptoModuleID;
+    } 	IPSEC_GETSPI0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_GETSPI1_
+    {
+    IPSEC_TRAFFIC1 inboundIpsecTraffic;
+    FWP_IP_VERSION ipVersion;
+    union 
+        {
+        IPSEC_V4_UDP_ENCAPSULATION0 *inboundUdpEncapsulation;
+         /* Empty union arm */ 
+        } 	;
+    IPSEC_CRYPTO_MODULE_ID *rngCryptoModuleID;
+    } 	IPSEC_GETSPI1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_VIRTUAL_IF_TUNNEL_INFO0_
+    {
+    UINT64 virtualIfTunnelId;
+    UINT64 trafficSelectorId;
+    } 	IPSEC_VIRTUAL_IF_TUNNEL_INFO0;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_SA_DETAILS0_
+    {
+    FWP_IP_VERSION ipVersion;
+    FWP_DIRECTION saDirection;
+    IPSEC_TRAFFIC0 traffic;
+    IPSEC_SA_BUNDLE0 saBundle;
+    union 
+        {
+        IPSEC_V4_UDP_ENCAPSULATION0 *udpEncapsulation;
+         /* Empty union arm */ 
+        } 	;
+    FWPM_FILTER0 *transportFilter;
+    } 	IPSEC_SA_DETAILS0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_SA_DETAILS1_
+    {
+    FWP_IP_VERSION ipVersion;
+    FWP_DIRECTION saDirection;
+    IPSEC_TRAFFIC1 traffic;
+    IPSEC_SA_BUNDLE1 saBundle;
+    union 
+        {
+        IPSEC_V4_UDP_ENCAPSULATION0 *udpEncapsulation;
+         /* Empty union arm */ 
+        } 	;
+    FWPM_FILTER0 *transportFilter;
+    IPSEC_VIRTUAL_IF_TUNNEL_INFO0 virtualIfTunnelInfo;
+    } 	IPSEC_SA_DETAILS1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_SA_CONTEXT0_
+    {
+    UINT64 saContextId;
+    IPSEC_SA_DETAILS0 *inboundSa;
+    IPSEC_SA_DETAILS0 *outboundSa;
+    } 	IPSEC_SA_CONTEXT0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_SA_CONTEXT1_
+    {
+    UINT64 saContextId;
+    IPSEC_SA_DETAILS1 *inboundSa;
+    IPSEC_SA_DETAILS1 *outboundSa;
+    } 	IPSEC_SA_CONTEXT1;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct IPSEC_SA_CONTEXT_ENUM_TEMPLATE0_
+    {
+    FWP_CONDITION_VALUE0 localSubNet;
+    FWP_CONDITION_VALUE0 remoteSubNet;
+    } 	IPSEC_SA_CONTEXT_ENUM_TEMPLATE0;
+
+typedef struct IPSEC_SA_ENUM_TEMPLATE0_
+    {
+    FWP_DIRECTION saDirection;
+    } 	IPSEC_SA_ENUM_TEMPLATE0;
+
+typedef /* [v1_enum] */ 
+enum IPSEC_FAILURE_POINT_
+    {	IPSEC_FAILURE_NONE	= 0,
+	IPSEC_FAILURE_ME	= ( IPSEC_FAILURE_NONE + 1 ) ,
+	IPSEC_FAILURE_PEER	= ( IPSEC_FAILURE_ME + 1 ) ,
+	IPSEC_FAILURE_POINT_MAX	= ( IPSEC_FAILURE_PEER + 1 ) 
+    } 	IPSEC_FAILURE_POINT;
+
+typedef struct IPSEC_ADDRESS_INFO0_
+    {
+    UINT32 numV4Addresses;
+    UINT32 *v4Addresses;
+    UINT32 numV6Addresses;
+    FWP_BYTE_ARRAY16 *v6Addresses;
+    } 	IPSEC_ADDRESS_INFO0;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define IPSEC_DOSP_FLAG_ENABLE_IKEV1  (0x00000001)
+#define IPSEC_DOSP_FLAG_ENABLE_IKEV2  (0x00000002)
+#define IPSEC_DOSP_FLAG_DISABLE_AUTHIP  (0x00000004)
+#define IPSEC_DOSP_FLAG_DISABLE_DEFAULT_BLOCK  (0x00000008)
+#define IPSEC_DOSP_FLAG_FILTER_BLOCK  (0x00000010)
+#define IPSEC_DOSP_FLAG_FILTER_EXEMPT  (0x00000020)
+#define IPSEC_DOSP_DSCP_DISABLE_VALUE  (0xff)
+#define IPSEC_DOSP_RATE_LIMIT_DISABLE_VALUE  (0)
+typedef struct IPSEC_DOSP_OPTIONS0_
+    {
+    UINT32 stateIdleTimeoutSeconds;
+    UINT32 perIPRateLimitQueueIdleTimeoutSeconds;
+    UINT8 ipV6IPsecUnauthDscp;
+    UINT32 ipV6IPsecUnauthRateLimitBytesPerSec;
+    UINT32 ipV6IPsecUnauthPerIPRateLimitBytesPerSec;
+    UINT8 ipV6IPsecAuthDscp;
+    UINT32 ipV6IPsecAuthRateLimitBytesPerSec;
+    UINT8 icmpV6Dscp;
+    UINT32 icmpV6RateLimitBytesPerSec;
+    UINT8 ipV6FilterExemptDscp;
+    UINT32 ipV6FilterExemptRateLimitBytesPerSec;
+    UINT8 defBlockExemptDscp;
+    UINT32 defBlockExemptRateLimitBytesPerSec;
+    UINT32 maxStateEntries;
+    UINT32 maxPerIPRateLimitQueues;
+    UINT32 flags;
+    UINT32 numPublicIFLuids;
+    UINT64 *publicIFLuids;
+    UINT32 numInternalIFLuids;
+    UINT64 *internalIFLuids;
+    FWP_V6_ADDR_AND_MASK publicV6AddrMask;
+    FWP_V6_ADDR_AND_MASK internalV6AddrMask;
+    } 	IPSEC_DOSP_OPTIONS0;
+
+typedef struct IPSEC_DOSP_STATISTICS0_
+    {
+    UINT64 totalStateEntriesCreated;
+    UINT64 currentStateEntries;
+    UINT64 totalInboundAllowedIPv6IPsecUnauthPkts;
+    UINT64 totalInboundRatelimitDiscardedIPv6IPsecUnauthPkts;
+    UINT64 totalInboundPerIPRatelimitDiscardedIPv6IPsecUnauthPkts;
+    UINT64 totalInboundOtherDiscardedIPv6IPsecUnauthPkts;
+    UINT64 totalInboundAllowedIPv6IPsecAuthPkts;
+    UINT64 totalInboundRatelimitDiscardedIPv6IPsecAuthPkts;
+    UINT64 totalInboundOtherDiscardedIPv6IPsecAuthPkts;
+    UINT64 totalInboundAllowedICMPv6Pkts;
+    UINT64 totalInboundRatelimitDiscardedICMPv6Pkts;
+    UINT64 totalInboundAllowedIPv6FilterExemptPkts;
+    UINT64 totalInboundRatelimitDiscardedIPv6FilterExemptPkts;
+    UINT64 totalInboundDiscardedIPv6FilterBlockPkts;
+    UINT64 totalInboundAllowedDefBlockExemptPkts;
+    UINT64 totalInboundRatelimitDiscardedDefBlockExemptPkts;
+    UINT64 totalInboundDiscardedDefBlockPkts;
+    UINT64 currentInboundIPv6IPsecUnauthPerIPRateLimitQueues;
+    } 	IPSEC_DOSP_STATISTICS0;
+
+typedef struct IPSEC_DOSP_STATE0_
+    {
+    UINT8 publicHostV6Addr[ 16 ];
+    UINT8 internalHostV6Addr[ 16 ];
+    UINT64 totalInboundIPv6IPsecAuthPackets;
+    UINT64 totalOutboundIPv6IPsecAuthPackets;
+    UINT32 durationSecs;
+    } 	IPSEC_DOSP_STATE0;
+
+typedef struct IPSEC_DOSP_STATE_ENUM_TEMPLATE0_
+    {
+    FWP_V6_ADDR_AND_MASK publicV6AddrMask;
+    FWP_V6_ADDR_AND_MASK internalV6AddrMask;
+    } 	IPSEC_DOSP_STATE_ENUM_TEMPLATE0;
+
+#endif // (NTDDI_VERSION >= NTDDI_WIN7)
+#if _MSC_VER >=  800
+#if _MSC_VER >= 1200
+#pragma warning(pop)
+#else
+#pragma warning(default:4201)
+#endif
+#endif
+
+
+extern RPC_IF_HANDLE __MIDL_itf_ipsectypes_0000_0000_v0_0_c_ifspec;
+extern RPC_IF_HANDLE __MIDL_itf_ipsectypes_0000_0000_v0_0_s_ifspec;
+
+/* Additional Prototypes for ALL interfaces */
+
+/* end of Additional Prototypes */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
+

src/PenCore/PenCore.rc

@@ -212,7 +212,7 @@ BEGIN
         LEFTMARGIN, 7
         RIGHTMARGIN, 295
         TOPMARGIN, 5
-        BOTTOMMARGIN, 336
+        BOTTOMMARGIN, 382
     END
 
     D_ABOUT, DIALOG
@@ -220,7 +220,6 @@ BEGIN
         LEFTMARGIN, 7
         RIGHTMARGIN, 326
         BOTTOMMARGIN, 304
-        HORZGUIDE, 315
     END
 
     D_REMOTE, DIALOG
@@ -1688,42 +1687,46 @@ BEGIN
     PUSHBUTTON      "@IDCANCEL",IDCANCEL,218,139,52,14
 END
 
-D_CM_CONFIG DIALOGEX 0, 0, 303, 341
+D_CM_CONFIG DIALOGEX 0, 0, 303, 387
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "@D_CM_CONFIG"
 FONT 9, "MS Shell Dlg", 400, 0, 0x80
 BEGIN
-    ICON            ICO_MACHINE,IDC_STATIC,7,5,20,18
+    ICON            ICO_MACHINE,IDC_STATIC,7,5,20,20
     LTEXT           "@STATIC1",IDC_STATIC,32,5,263,17
     GROUPBOX        "@STATIC2",IDC_STATIC,7,34,288,81
-    ICON            ICO_VPN,IDC_STATIC,14,46,20,18
+    ICON            ICO_VPN,IDC_STATIC,14,46,20,20
     LTEXT           "@STATIC3",IDC_STATIC,41,47,246,15
     CONTROL         "@R_ALLOW_REMOTE_CONFIG",R_ALLOW_REMOTE_CONFIG,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,41,69,232,11
     LTEXT           "@S_WARNING",S_WARNING,41,80,246,33
     GROUPBOX        "@STATIC7",IDC_STATIC,7,120,288,139
-    ICON            ICO_INTERNET,IDC_STATIC,14,132,20,18
+    ICON            ICO_INTERNET,IDC_STATIC,14,132,20,20
     LTEXT           "@STATIC4",IDC_STATIC,41,133,246,25
     CONTROL         "@R_USE_KEEP_CONNECT",R_USE_KEEP_CONNECT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,41,160,232,11
     RTEXT           "@S_HOSTNAME",S_HOSTNAME,16,177,63,9
-    EDITTEXT        E_HOSTNAME,82,175,139,11,ES_AUTOHSCROLL
+    EDITTEXT        E_HOSTNAME,82,175,139,12,ES_AUTOHSCROLL
     RTEXT           "@S_PORT",S_PORT,16,194,63,9
-    EDITTEXT        E_PORT,82,192,36,11,ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        E_PORT,82,192,36,12,ES_AUTOHSCROLL | ES_NUMBER
     RTEXT           "@S_INTERVAL",S_INTERVAL,131,194,63,10
-    EDITTEXT        E_INTERVAL,197,192,36,11,ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        E_INTERVAL,197,192,36,12,ES_AUTOHSCROLL | ES_NUMBER
     LTEXT           "@S_INTERVAL2",S_INTERVAL2,239,194,47,9
     RTEXT           "@S_PROTOCOL",S_PROTOCOL,16,211,63,9
     CONTROL         "@R_TCP",R_TCP,"Button",BS_AUTORADIOBUTTON,85,211,74,9
     CONTROL         "@R_UDP",R_UDP,"Button",BS_AUTORADIOBUTTON,171,211,75,9
     LTEXT           "@S_INFO",S_INFO,41,227,246,31
-    ICON            ICO_INFORMATION,S_INFO2,14,222,20,18
-    DEFPUSHBUTTON   "@IDOK",IDOK,162,320,64,15
-    PUSHBUTTON      "@IDCANCEL",IDCANCEL,231,320,64,15
-    GROUPBOX        "@STATIC5",IDC_STATIC,7,266,288,47
-    CONTROL         "@R_ALPHA",R_ALPHA,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,41,284,105,11
-    EDITTEXT        E_ALPHA_VALUE,150,283,27,11,ES_AUTOHSCROLL | ES_NUMBER
-    LTEXT           "%",IDC_STATIC,185,285,8,10
-    LTEXT           "@STATIC6",IDC_STATIC,43,299,243,8
-    ICON            ICO_SETUP,S_INFO3,14,281,20,18
+    GROUPBOX        "@STATIC12",IDC_STATIC,7,261,288,47
+    ICON            ICO_LICENSE,S_INFO5,14,274,18,18
+    CONTROL         "@R_TUNNELCRACK",R_TUNNELCRACK,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,41,273,105,11
+    LTEXT           "@STATIC11",IDC_STATIC,41,286,243,20
+    ICON            ICO_INFORMATION,S_INFO2,14,222,20,20
+    DEFPUSHBUTTON   "@IDOK",IDOK,162,367,64,15
+    PUSHBUTTON      "@IDCANCEL",IDCANCEL,231,367,64,15
+    GROUPBOX        "@STATIC5",IDC_STATIC,7,314,288,47
+    CONTROL         "@R_ALPHA",R_ALPHA,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,41,332,105,11
+    EDITTEXT        E_ALPHA_VALUE,150,331,27,12,ES_AUTOHSCROLL | ES_NUMBER
+    LTEXT           "%",IDC_STATIC,185,333,8,10
+    LTEXT           "@STATIC6",IDC_STATIC,43,347,243,8
+    ICON            ICO_SETUP,S_INFO3,14,329,18,18
 END
 
 D_ABOUT DIALOGEX 0, 0, 333, 309

src/PenCore/resource.h

@@ -426,6 +426,8 @@
 #define E_NEW_PASSWORD1                 1107
 #define S_INFO5                         1107
 #define E_NEW_PASSWORD2                 1108
+#define R_ALPHA2                        1108
+#define R_TUNNELCRACK                   1108
 #define L_SETTING                       1109
 #define B_NEW_SETTING                   1110
 #define B_EDIT_SETTING                  1111

src/bin/hamcore/strtable_cn.stb

@@ -2454,6 +2454,9 @@ STATIC5						其它配置(&O)
 R_ALPHA						用户界面透明(&A)
 STATIC6						※注意:透明设置将在连接管理器重启后生效。
 STATIC7						保持互联网连接功能(&K)
+R_TUNNELCRACK				启用 Tu&nnelCrack 保护
+STATIC11					当任何 VPN 连接处于活动状态时，禁止本地物理网络通信。建议在使用不受信任的恶意公共 Wi-Fi 时使用。
+STATIC12					高级安全
 
 
 PREFIX						D_ABOUT

src/bin/hamcore/strtable_en.stb

@@ -2434,6 +2434,9 @@ STATIC5					&Other Configurations:
 R_ALPHA					Transparency of UI:
 STATIC6					Note: The transparency setting will be applied after the connection manager is restarted.
 STATIC7					&Keep Alive Internet Connection Function:
+R_TUNNELCRACK			Enable Tu&nnelCrack protection
+STATIC11				Prohibit local physical network communication while a VPN connection is active. Recommended when using untrusted public Wi-Fi.
+STATIC12				Advanced security
 
 
 PREFIX					D_ABOUT

src/bin/hamcore/strtable_ja.stb

@@ -2441,6 +2441,9 @@ STATIC5					その他の設定(&S)
 R_ALPHA					ウインドウを半透明にする(&A)
 STATIC6					※ 半透明の設定は接続マネージャを再起動するまで適用されません。
 STATIC7					インターネット接続の維持機能(&N)
+R_TUNNELCRACK			Tu&nnelCrack 保護を有効化
+STATIC11				VPN 接続中は、物理的なローカルネットワーク通信を禁止します。信用できない可能性のある公衆無線 Wi-Fi を利用する際などに推奨されます。
+STATIC12				高度なセキュリティ
 
 
 PREFIX					D_ABOUT

src/vpnweb/vpnweb.h

@@ -4,7 +4,7 @@
 
 
  /* File created by MIDL compiler version 7.00.0500 */
-/* at Fri Jun 30 10:47:21 2023
+/* at Thu Aug 31 10:30:18 2023
  */
 /* Compiler settings for .\vpnweb.idl:
     Oicf, W1, Zp8, env=Win32 (32b run)

src/vpnweb/vpnweb_i.c

@@ -6,7 +6,7 @@
 
 
  /* File created by MIDL compiler version 7.00.0500 */
-/* at Fri Jun 30 10:47:21 2023
+/* at Thu Aug 31 10:30:18 2023
  */
 /* Compiler settings for .\vpnweb.idl:
     Oicf, W1, Zp8, env=Win32 (32b run)

src/vpnweb/vpnweb_p.c

@@ -4,7 +4,7 @@
 
 
  /* File created by MIDL compiler version 7.00.0500 */
-/* at Fri Jun 30 10:47:21 2023
+/* at Thu Aug 31 10:30:18 2023
  */
 /* Compiler settings for .\vpnweb.idl:
     Oicf, W1, Zp8, env=Win32 (32b run)