RIpsecPolicyServ Class Reference

class RIpsecPolicyServ : public RSessionBase

RIpsecPolicyServ API is used by clients to: Users who load and unload policies KMD, that needs to find out if SA proposal can be accepted

Inherits from

Public Member Functions
RIpsecPolicyServ ()
~RIpsecPolicyServ ()
IMPORT_C void ActivatePolicy (const TPolicyHandle &, TRequestStatus &)
IMPORT_C void AvailableSelectors (const TDesC8 &, CArrayFixFlat < TIpsecSelectorInfo > *, TRequestStatus &)
IMPORT_C void CancelActivate ()
IMPORT_C void CancelLoad ()
IMPORT_C void CancelMatch ()
IMPORT_C void CancelUnload ()
IMPORT_C TInt Connect ()
IMPORT_C TInt GetDebugInfo ( TDes &, TUint )
IMPORT_C void LoadPolicy (const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &)
IMPORT_C void LoadPolicy (const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &, const TZoneInfoSetPckg &, TUint )
IMPORT_C void MatchSelector (const TDesC8 &, TDes8 &, TRequestStatus &)
IMPORT_C void UnloadPolicy (const TPolicyHandle &, TRequestStatus &)
IMPORT_C TVersion Version ()
Private Member Functions
void EnumerateSelectors (const TDesC8 &, TInt &)
Inherited Functions
RHandleBase::Attributes()const
RHandleBase::BTraceId()const
RHandleBase::Close()
RHandleBase::DoExtendedClose()
RHandleBase::Duplicate(const RThread &,TOwnerType)
RHandleBase::FullName()const
RHandleBase::FullName(TDes &)const
RHandleBase::Handle()const
RHandleBase::HandleInfo(THandleInfo *)
RHandleBase::Name()const
RHandleBase::NotifyDestruction(TRequestStatus &)
RHandleBase::Open(const TFindHandleBase &,TOwnerType)
RHandleBase::OpenByName(const TDesC &,TOwnerType,TInt)
RHandleBase::RHandleBase()
RHandleBase::RHandleBase(TInt)
RHandleBase::SetHandle(TInt)
RHandleBase::SetHandleNC(TInt)
RSessionBase::CreateSession(RServer2,const TVersion &)
RSessionBase::CreateSession(RServer2,const TVersion &,TInt)
RSessionBase::CreateSession(RServer2,const TVersion &,TInt,TIpcSessionType,const TSecurityPolicy *,TRequestStatus *)
RSessionBase::CreateSession(const TDesC &,const TVersion &)
RSessionBase::CreateSession(const TDesC &,const TVersion &,TInt)
RSessionBase::CreateSession(const TDesC &,const TVersion &,TInt,TIpcSessionType,const TSecurityPolicy *,TRequestStatus *)
RSessionBase::CreateSession(const TDesC &,const TVersion &,TInt,TRequestStatus *)
RSessionBase::Open(RMessagePtr2,TInt,TOwnerType)
RSessionBase::Open(RMessagePtr2,TInt,const TSecurityPolicy &,TOwnerType)
RSessionBase::Open(TInt,TOwnerType)
RSessionBase::Open(TInt,const TSecurityPolicy &,TOwnerType)
RSessionBase::Send(TInt)const
RSessionBase::Send(TInt,const TIpcArgs &)const
RSessionBase::SendReceive(TInt)const
RSessionBase::SendReceive(TInt,TRequestStatus &)const
RSessionBase::SendReceive(TInt,const TIpcArgs &)const
RSessionBase::SendReceive(TInt,const TIpcArgs &,TRequestStatus &)const
RSessionBase::SetReturnedHandle(TInt)
RSessionBase::SetReturnedHandle(TInt,RHandleBase &)
RSessionBase::SetReturnedHandle(TInt,const TSecurityPolicy &)
RSessionBase::ShareAuto()
RSessionBase::ShareProtected()
Inherited Enumerations
RHandleBase:TAttributes
RSessionBase:TAttachMode
Private Attributes
TAny * iReserverd
Inherited Attributes
RHandleBase::iHandle

Constructor & Destructor Documentation

RIpsecPolicyServ()

IMPORT_C RIpsecPolicyServ ( )

~RIpsecPolicyServ()

IMPORT_C ~RIpsecPolicyServ ( )

Member Functions Documentation

ActivatePolicy(const TPolicyHandle &, TRequestStatus &)

IMPORT_C void ActivatePolicy ( const TPolicyHandle & aPolicyHandle,
TRequestStatus & aStatus
)

Activates the specified loaded policy. The activation causes the policy to be merged with other active policies and the loading of the combined policy to the IPSec Protocol Module (where it forms the SPD).

capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TPolicyHandle & aPolicyHandle a descriptor containing a handle to Policy
TRequestStatus & aStatus On completion, will contain an error code, see the system-wide error codes.

AvailableSelectors(const TDesC8 &, CArrayFixFlat< TIpsecSelectorInfo > *, TRequestStatus &)

IMPORT_C void AvailableSelectors ( const TDesC8 & aGateway,
CArrayFixFlat < TIpsecSelectorInfo > * aSelectors,
TRequestStatus & aStatus
)

Given the information to be matched in gateway, the API checks whether there is a matching gateway in the active policy. This function is called in order to retrieve all the available selectors that are associated with the gateway.

Parameters

const TDesC8 & aGateway the gateway proposal to be matched is packaged in TInetAddrPckg.
CArrayFixFlat < TIpsecSelectorInfo > * aSelectors
TRequestStatus & aStatus On completion, will contain an error code, see the Ipsec policy and system wide error codes.

CancelActivate()

IMPORT_C void CancelActivate ( )

Cancels an ongoing activate police operation.

CancelLoad()

IMPORT_C void CancelLoad ( )

Cancels an ongoing policy load operation.

CancelMatch()

IMPORT_C void CancelMatch ( )

Cancels an ongoing match operation.

CancelUnload()

IMPORT_C void CancelUnload ( )

Cancels an ongoing policy unload operation.

Connect()

IMPORT_C TInt Connect ( )

EnumerateSelectors(const TDesC8 &, TInt &)

void EnumerateSelectors ( const TDesC8 & aGateway,
TInt & aCount
) [private]

Parameters

const TDesC8 & aGateway
TInt & aCount

GetDebugInfo(TDes &, TUint)

IMPORT_C TInt GetDebugInfo ( TDes & aDebugInfo,
TUint aInfoFlags =  KConflictingPolicyInfo
)

Returns information about the policy that caused policy activation to fail or info about parsing error.

Parameters

TDes & aDebugInfo a descriptor the error message returned to the user.
TUint aInfoFlags =  KConflictingPolicyInfo A combination of flags that determine the information to be returned

LoadPolicy(const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &)

IMPORT_C void LoadPolicy ( const TDesC8 & aPolicy,
TPolicyHandlePckg & aPolicyHandle,
TRequestStatus & aStatus
)

Loads the specified policy to the IPSec Policy Manager as such, without any modifications. The ActivatePolicy method must be called to merge the policy with other active policies and load the combined policy to the IPSec Protocol Module (where it forms the SPD).

capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TDesC8 & aPolicy a descriptor containing the Policy
TPolicyHandlePckg & aPolicyHandle a TPckgBuf containing a TPolicyHandle
TRequestStatus & aStatus On completion, will contain an error code, see the system-wide error codes.

LoadPolicy(const TDesC8 &, TPolicyHandlePckg &, TRequestStatus &, const TZoneInfoSetPckg &, TUint)

IMPORT_C void LoadPolicy ( const TDesC8 & aPolicy,
TPolicyHandlePckg & aPolicyHandle,
TRequestStatus & aStatus,
const TZoneInfoSetPckg & aSelectorZones,
TUint aProcessingFlags =  KAddIkeBypassSelectors
)

Loads the policy as a zone-specific policy to the IPSec Policy Manager. The ActivatePolicy method must be called to merge the policy with other active policies and load the combined policy to the IPSec Protocol Module (where it forms the SPD).

The specified selector zone ID is added to each policy selector before the policy is merged with other loaded policies. Any existing zone IDs in the policy are overwritten. The use of the selector zone IDs in policy loading allows the loading of multiple policies even with otherwise overlapping selector address spaces. The zone ID is added also to plain port and protocol selectors that originally do not define destination addresses.

In addition, the method allows the caller to specify a tunnel end-point zone ID that is added to each tunnel end-point definition in the policy before the policy is merged with other loaded policies. Any existing tunnel end-point zone IDs in the policy are overwritten.

The use of zone IDs in the tunnel end point addresses allows the proper routing of the tunneled IP packets even in the presence of several interfaces in the system whose routing table would otherwise match a certain tunnel end-point address.

Finally, the method allows the user to specify additional processing instructions to be applied during the policy loading process. The following processing instructions are supported:
  • KAddIkeBypassSelectors

  • KAddDhcpBypassSelectors

Both of these instructions are typically used in the context of VPN IPSec policies. If the KAddIkeBypassSelectors flag is defined, the IPSec Policy Manager adds IKE bypass selectors for each tunnel end-point defined in the policy before it is merged with other loaded policies. The IKE bypass selectors are needed to allow the Key Management Module (KMD) to negotiate IPSec SAs with VPN gateways during the VPN tunnel establishment phase. If the KAddDhcpBypassSelectors flag is defined, the IPSec Policy Manager adds DHCP bypass selectors to the policy before it is merged with other loaded policies. The bypass selectors are associated with the tunnel-end point zone that corresponds to the real IAP and network. The DHCP bypass selectors can be used to avoid blocking DHCP traffic to the real interface (e.g. a WLAN interface) associated with a VPN interface when a VPN IAP associated with a LAN-type IAP is activated and the related IPSec policy is loaded. The DHCP traffic must succeed so that the LAN-type interface can gets IP address and other related parameters through DHCP.
capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TDesC8 & aPolicy a descriptor containing the Policy
TPolicyHandlePckg & aPolicyHandle a TPckgBuf containing a TPolicyHandle
TRequestStatus & aStatus On completion, will contain an error code, see the system-wide error codes.
const TZoneInfoSetPckg & aSelectorZones
TUint aProcessingFlags =  KAddIkeBypassSelectors additional processing instructions (flags)

MatchSelector(const TDesC8 &, TDes8 &, TRequestStatus &)

IMPORT_C void MatchSelector ( const TDesC8 & aSelector,
TDes8 & aMatchingSaSpec,
TRequestStatus & aStatus
)

Check ISAKMP Phase2 Porposal Given the information to be matched in selector, checks whether there is a matching selector in the active policy. This function is called multiple times in order to retrieve all the SA specifications that are associated with a selector.

Parameters

const TDesC8 & aSelector the traffic selector proposal to be matched
TDes8 & aMatchingSaSpec If the selector matches, this contains the SA spec upon return
TRequestStatus & aStatus On completion, will contain an error code, see the Ipsec policy and system wide error codes.

UnloadPolicy(const TPolicyHandle &, TRequestStatus &)

IMPORT_C void UnloadPolicy ( const TPolicyHandle & aPolicyHandle,
TRequestStatus & aStatus
)
  • Deactivate and unload the specified policy. The method causes the remaining policies to be re-merged and loaded to the IPSec Protocol module.

capability
NetworkControl Only privileged apps can affect IPSec policies

Parameters

const TPolicyHandle & aPolicyHandle a descriptor containing a handle to Policy
TRequestStatus & aStatus On completion, will contain an error code, see the Ipsec policy and system wide error codes.

Version()

IMPORT_C TVersion Version ( ) const

Member Data Documentation

TAny * iReserverd

TAny * iReserverd [private]