Symbian^3 Product Developer Library >

RIpsecPolicyServ Class Reference

class RIpsecPolicyServ : public RSessionBase

RIpsecPolicyServ API is used by clients to: Users who load and unload policies KMD, that needs to find out if SA proposal can be accepted

Inherits from

Public Member Functions
RIpsecPolicyServ()
~RIpsecPolicyServ()
IMPORT_C voidActivatePolicy(const TPolicyHandle &, TRequestStatus &)
IMPORT_C voidAvailableSelectors(const TDesC8 &, CArrayFixFlat< TIpsecSelectorInfo > *, TRequestStatus &)
IMPORT_C voidCancelActivate()
IMPORT_C voidCancelLoad()
IMPORT_C voidCancelMatch()
IMPORT_C voidCancelUnload()
IMPORT_C TIntConnect()
IMPORT_C TIntGetDebugInfo(TDes &, TUint)
IMPORT_C voidLoadPolicy(const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &)
IMPORT_C voidLoadPolicy(const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &, const TZoneInfoSetPckg &, TUint)
IMPORT_C voidMatchSelector(const TDesC8 &, TDes8 &, TRequestStatus &)
IMPORT_C voidUnloadPolicy(const TPolicyHandle &, TRequestStatus &)
IMPORT_C TVersionVersion()
Private Member Functions
voidEnumerateSelectors(const TDesC8 &, TInt &)
Inherited Functions
RHandleBase::Attributes()const
RHandleBase::BTraceId()const
RHandleBase::Close()
RHandleBase::DoExtendedClose()
RHandleBase::Duplicate(const RThread &,TOwnerType)
RHandleBase::FullName()const
RHandleBase::FullName(TDes &)const
RHandleBase::Handle()const
RHandleBase::HandleInfo(THandleInfo *)
RHandleBase::Name()const
RHandleBase::NotifyDestruction(TRequestStatus &)
RHandleBase::Open(const TFindHandleBase &,TOwnerType)
RHandleBase::OpenByName(const TDesC &,TOwnerType,TInt)
RHandleBase::RHandleBase()
RHandleBase::RHandleBase(TInt)
RHandleBase::SetHandle(TInt)
RHandleBase::SetHandleNC(TInt)
RSessionBase::CreateSession(RServer2,const TVersion &)
RSessionBase::CreateSession(RServer2,const TVersion &,TInt)
RSessionBase::CreateSession(RServer2,const TVersion &,TInt,TIpcSessionType,const TSecurityPolicy *,TRequestStatus *)
RSessionBase::CreateSession(const TDesC &,const TVersion &)
RSessionBase::CreateSession(const TDesC &,const TVersion &,TInt)
RSessionBase::CreateSession(const TDesC &,const TVersion &,TInt,TIpcSessionType,const TSecurityPolicy *,TRequestStatus *)
RSessionBase::CreateSession(const TDesC &,const TVersion &,TInt,TRequestStatus *)
RSessionBase::Open(RMessagePtr2,TInt,TOwnerType)
RSessionBase::Open(RMessagePtr2,TInt,const TSecurityPolicy &,TOwnerType)
RSessionBase::Open(TInt,TOwnerType)
RSessionBase::Open(TInt,const TSecurityPolicy &,TOwnerType)
RSessionBase::Send(TInt)const
RSessionBase::Send(TInt,const TIpcArgs &)const
RSessionBase::SendReceive(TInt)const
RSessionBase::SendReceive(TInt,TRequestStatus &)const
RSessionBase::SendReceive(TInt,const TIpcArgs &)const
RSessionBase::SendReceive(TInt,const TIpcArgs &,TRequestStatus &)const
RSessionBase::SetReturnedHandle(TInt)
RSessionBase::SetReturnedHandle(TInt,RHandleBase &)
RSessionBase::SetReturnedHandle(TInt,const TSecurityPolicy &)
RSessionBase::ShareAuto()
RSessionBase::ShareProtected()
Inherited Enumerations
RHandleBase:TAttributes
RSessionBase:TAttachMode
Private Attributes
TAny *iReserverd
Inherited Attributes
RHandleBase::iHandle

Constructor & Destructor Documentation

RIpsecPolicyServ()

IMPORT_CRIpsecPolicyServ()

~RIpsecPolicyServ()

IMPORT_C~RIpsecPolicyServ()

Member Functions Documentation

ActivatePolicy(const TPolicyHandle &, TRequestStatus &)

IMPORT_C voidActivatePolicy(const TPolicyHandle &aPolicyHandle,
TRequestStatus &aStatus
)

Activates the specified loaded policy. The activation causes the policy to be merged with other active policies and the loading of the combined policy to the IPSec Protocol Module (where it forms the SPD).

capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TPolicyHandle & aPolicyHandlea descriptor containing a handle to Policy
TRequestStatus & aStatusOn completion, will contain an error code, see the system-wide error codes.

AvailableSelectors(const TDesC8 &, CArrayFixFlat< TIpsecSelectorInfo > *, TRequestStatus &)

IMPORT_C voidAvailableSelectors(const TDesC8 &aGateway,
CArrayFixFlat< TIpsecSelectorInfo > *aSelectors,
TRequestStatus &aStatus
)

Given the information to be matched in gateway, the API checks whether there is a matching gateway in the active policy. This function is called in order to retrieve all the available selectors that are associated with the gateway.

Parameters

const TDesC8 & aGatewaythe gateway proposal to be matched is packaged in TInetAddrPckg.
CArrayFixFlat< TIpsecSelectorInfo > * aSelectors
TRequestStatus & aStatusOn completion, will contain an error code, see the Ipsec policy and system wide error codes.

CancelActivate()

IMPORT_C voidCancelActivate()

Cancels an ongoing activate police operation.

CancelLoad()

IMPORT_C voidCancelLoad()

Cancels an ongoing policy load operation.

CancelMatch()

IMPORT_C voidCancelMatch()

Cancels an ongoing match operation.

CancelUnload()

IMPORT_C voidCancelUnload()

Cancels an ongoing policy unload operation.

Connect()

IMPORT_C TIntConnect()

EnumerateSelectors(const TDesC8 &, TInt &)

voidEnumerateSelectors(const TDesC8 &aGateway,
TInt &aCount
)[private]

Parameters

const TDesC8 & aGateway
TInt & aCount

GetDebugInfo(TDes &, TUint)

IMPORT_C TIntGetDebugInfo(TDes &aDebugInfo,
TUintaInfoFlags =  KConflictingPolicyInfo
)

Returns information about the policy that caused policy activation to fail or info about parsing error.

Parameters

TDes & aDebugInfoa descriptor the error message returned to the user.
TUint aInfoFlags =  KConflictingPolicyInfo A combination of flags that determine the information to be returned

LoadPolicy(const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &)

IMPORT_C voidLoadPolicy(const TDesC8 &aPolicy,
TPolicyHandlePckg &aPolicyHandle,
TRequestStatus &aStatus
)

Loads the specified policy to the IPSec Policy Manager as such, without any modifications. The ActivatePolicy method must be called to merge the policy with other active policies and load the combined policy to the IPSec Protocol Module (where it forms the SPD).

capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TDesC8 & aPolicya descriptor containing the Policy
TPolicyHandlePckg & aPolicyHandlea TPckgBuf containing a TPolicyHandle
TRequestStatus & aStatusOn completion, will contain an error code, see the system-wide error codes.

LoadPolicy(const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &, const TZoneInfoSetPckg &, TUint)

IMPORT_C voidLoadPolicy(const TDesC8 &aPolicy,
TPolicyHandlePckg &aPolicyHandle,
TRequestStatus &aStatus,
const TZoneInfoSetPckg &aSelectorZones,
TUintaProcessingFlags =  KAddIkeBypassSelectors
)

Loads the policy as a zone-specific policy to the IPSec Policy Manager. The ActivatePolicy method must be called to merge the policy with other active policies and load the combined policy to the IPSec Protocol Module (where it forms the SPD).

The specified selector zone ID is added to each policy selector before the policy is merged with other loaded policies. Any existing zone IDs in the policy are overwritten. The use of the selector zone IDs in policy loading allows the loading of multiple policies even with otherwise overlapping selector address spaces. The zone ID is added also to plain port and protocol selectors that originally do not define destination addresses.

In addition, the method allows the caller to specify a tunnel end-point zone ID that is added to each tunnel end-point definition in the policy before the policy is merged with other loaded policies. Any existing tunnel end-point zone IDs in the policy are overwritten.

The use of zone IDs in the tunnel end point addresses allows the proper routing of the tunneled IP packets even in the presence of several interfaces in the system whose routing table would otherwise match a certain tunnel end-point address.

Finally, the method allows the user to specify additional processing instructions to be applied during the policy loading process. The following processing instructions are supported:

  • KAddIkeBypassSelectors

  • KAddDhcpBypassSelectors

Both of these instructions are typically used in the context of VPN IPSec policies. If the KAddIkeBypassSelectors flag is defined, the IPSec Policy Manager adds IKE bypass selectors for each tunnel end-point defined in the policy before it is merged with other loaded policies. The IKE bypass selectors are needed to allow the Key Management Module (KMD) to negotiate IPSec SAs with VPN gateways during the VPN tunnel establishment phase. If the KAddDhcpBypassSelectors flag is defined, the IPSec Policy Manager adds DHCP bypass selectors to the policy before it is merged with other loaded policies. The bypass selectors are associated with the tunnel-end point zone that corresponds to the real IAP and network. The DHCP bypass selectors can be used to avoid blocking DHCP traffic to the real interface (e.g. a WLAN interface) associated with a VPN interface when a VPN IAP associated with a LAN-type IAP is activated and the related IPSec policy is loaded. The DHCP traffic must succeed so that the LAN-type interface can gets IP address and other related parameters through DHCP.
capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TDesC8 & aPolicya descriptor containing the Policy
TPolicyHandlePckg & aPolicyHandlea TPckgBuf containing a TPolicyHandle
TRequestStatus & aStatusOn completion, will contain an error code, see the system-wide error codes.
const TZoneInfoSetPckg & aSelectorZones
TUint aProcessingFlags =  KAddIkeBypassSelectors additional processing instructions (flags)

MatchSelector(const TDesC8 &, TDes8 &, TRequestStatus &)

IMPORT_C voidMatchSelector(const TDesC8 &aSelector,
TDes8 &aMatchingSaSpec,
TRequestStatus &aStatus
)

Check ISAKMP Phase2 Porposal Given the information to be matched in selector, checks whether there is a matching selector in the active policy. This function is called multiple times in order to retrieve all the SA specifications that are associated with a selector.

Parameters

const TDesC8 & aSelectorthe traffic selector proposal to be matched
TDes8 & aMatchingSaSpecIf the selector matches, this contains the SA spec upon return
TRequestStatus & aStatusOn completion, will contain an error code, see the Ipsec policy and system wide error codes.

UnloadPolicy(const TPolicyHandle &, TRequestStatus &)

IMPORT_C voidUnloadPolicy(const TPolicyHandle &aPolicyHandle,
TRequestStatus &aStatus
)

  • Deactivate and unload the specified policy. The method causes the remaining policies to be re-merged and loaded to the IPSec Protocol module.

capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TPolicyHandle & aPolicyHandlea descriptor containing a handle to Policy
TRequestStatus & aStatusOn completion, will contain an error code, see the Ipsec policy and system wide error codes.

Version()

IMPORT_C TVersionVersion()const

Member Data Documentation

TAny * iReserverd

TAny *iReserverd[private]

Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License v1.0.