1 files changed, 156 insertions, 0 deletions

diff --git a/private/inc/ntddtcp.h b/private/inc/ntddtcp.h
new file mode 100644
index 000000000..2b5849609
--- /dev/null
+++ b/private/inc/ntddtcp.h
@@ -0,0 +1,156 @@
+
+/*++ BUILD Version: 0001    // Increment this if a change has global effects
+
+Copyright (c) 1991-1993  Microsoft Corporation
+
+Module Name:
+
+    ntddtcp.h
+
+Abstract:
+
+    This header file defines constants and types for accessing the NT
+    TCP driver.
+
+Author:
+
+    Mike Massa (mikemas)    August 13, 1993
+
+Revision History:
+
+--*/
+
+#ifndef _NTDDTCP_
+#define _NTDDTCP_
+
+//
+// Device Name - this string is the name of the device.  It is the name
+// that should be passed to NtCreateFile when accessing the device.
+//
+#define DD_TCP_DEVICE_NAME      L"\\Device\\Tcp"
+#define DD_UDP_DEVICE_NAME      L"\\Device\\Udp"
+#define DD_RAW_IP_DEVICE_NAME   L"\\Device\\RawIp"
+
+
+//
+// Security Filter Support
+//
+// Security filters provide a mechanism by which the transport protocol
+// traffic accepted on IP interfaces may be controlled. Security filtering
+// is globally enabled or disabled for all IP interfaces and transports.
+// If filtering is enabled, incoming traffic is filtered based on registered
+// {interface, protocol, transport value} tuples. The tuples specify
+// permissible traffic. All other values will be rejected. For UDP datagrams
+// and TCP connections, the transport value is the port number. For RawIP
+// datagrams, the transport value is the IP protocol number. An entry exists
+// in the filter database for all active interfaces and protocols in the
+// system.
+//
+// The following ioctls may be used to access the security filter
+// database. The ioctls may be issued on any TCP/IP device object. All of them
+// require Administrator privilege. These ioctls do not update the registry
+// parameters used to initialize security filtering when an interface is
+// installed.
+//
+// The TCP_QUERY_SECURITY_FILTER_STATUS ioctl returns the current status of
+// security filtering - enabled or disabled.
+//
+// The TCP_SET_SECURITY_FILTER_STATUS ioctl modifies the status of security
+// filtering. Changing the filtering status does not change the contents of
+// the filter database.
+//
+// The following ioctls manipulate the filter database. They operate the same
+// whether security filtering is enabled or disabled. If filtering is disabled,
+// any changes will take effect only when filtering is enabled.
+//
+// The TCP_ADD_SECURITY_FILTER ioctl registers an {Interface, Protocol, Value}
+// tuple. The TCP_DELETE_SECURITY_FILTER ioctl deregisters an
+// {Interface, Protocol, Value} tuple. The TCP_ENUMERATE_SECURITY_FILTER ioctl
+// returns the list of {Interface, Protocol, Value} filters currently
+// registered.
+//
+// Each of these ioctls takes an {Interface, Protocol, Value} tuple as an input
+// parameter. Zero is a wildcard value. If the Interface or Protocol elements
+// are zero, the operation applies to all interfaces or protocols, as
+// appropriate. The meaning of a zero Value element depends on the ioctl.
+// For an ADD, a zero Value causes all values to be permissible. For a DELETE,
+// a zero Value causes all all values to be rejected. In both cases, any
+// previously registered values are purged from the database. For an
+// ENUMERATE, a zero Value just causes all registered values to be enumerated,
+// as opposed to a specific value.
+//
+// For all ioctls, a return code of STATUS_INVALID_ADDRESS indicates that
+// the IP address submitted in the input buffer does not correspond to
+// an interface which exists in the system. A code of
+// STATUS_INVALID_PARAMETER possibly indicates that the Protocol number
+// submitted in the input buffer does not correspond to a transport protocol
+// available in the system.
+//
+
+//
+// Structures used in Security Filter IOCTLs.
+//
+
+//
+// Structure contained in the input buffer of
+// TCP_SET_SECURITY_FILTER_STATUS ioctls and the output buffer of
+// TCP_QUERY_SECURITY_FILTER_STATUS ioctls.
+//
+struct tcp_security_filter_status {
+    ULONG  FilteringEnabled;   // FALSE if filtering is (to be) disabled.
+};                             // Any other value indicates that filtering
+                               // is (to be) enabled.
+
+typedef struct tcp_security_filter_status
+                    TCP_SECURITY_FILTER_STATUS,
+                   *PTCP_SECURITY_FILTER_STATUS;
+
+
+//
+// The TCPSecurityFilterEntry structure, defined in tcpinfo.h, is contained in
+// the input buffer of TCP_[ADD|DELETE|ENUMERATE]_SECURITY_FILTER ioctls.
+//
+
+//
+// The TCPSecurityFilterEnum structure, defined in tcpinfo.h, is  contained
+// in the output buffer of TCP_ENUMERATE_SECURITY_FILTER ioctls. The output
+// buffer passed in the ioctl must be large enough to contain at least this
+// structure or the call will fail. The structure is followed immediately in
+// the buffer by an array of zero or more TCPSecurityFilterEntry structures.
+// The number of TCPSecurityFilterEntry structures is specified by the
+// tfe_entries_returned field of the TCPSecurityFilterEnum.
+//
+
+//
+// TCP/UDP/RawIP IOCTL code definitions
+//
+
+#define FSCTL_TCP_BASE     FILE_DEVICE_NETWORK
+
+#define _TCP_CTL_CODE(function, method, access) \
+            CTL_CODE(FSCTL_TCP_BASE, function, method, access)
+
+#define IOCTL_TCP_QUERY_INFORMATION_EX  \
+            _TCP_CTL_CODE(0, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+#define IOCTL_TCP_SET_INFORMATION_EX  \
+            _TCP_CTL_CODE(1, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+
+#define IOCTL_TCP_QUERY_SECURITY_FILTER_STATUS  \
+            _TCP_CTL_CODE(2, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+
+#define IOCTL_TCP_SET_SECURITY_FILTER_STATUS  \
+            _TCP_CTL_CODE(3, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+
+#define IOCTL_TCP_ADD_SECURITY_FILTER  \
+            _TCP_CTL_CODE(4, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+
+#define IOCTL_TCP_DELETE_SECURITY_FILTER  \
+            _TCP_CTL_CODE(5, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+
+#define IOCTL_TCP_ENUMERATE_SECURITY_FILTER  \
+            _TCP_CTL_CODE(6, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+
+
+#endif  // ifndef _NTDDTCP_
+