1 // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).

     2 // All rights reserved.

     3 // This component and the accompanying materials are made available

     4 // under the terms of "Eclipse Public License v1.0"

     5 // which accompanies this distribution, and is available

     6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".

     7 //

     8 // Initial Contributors:

     9 // Nokia Corporation - initial contribution.

    10 //

    11 // Contributors:

    12 //

    13 // Description:

    14 // ipsec.h - IPv6/IPv4 IPSEC security policy protocol family

    15 //

    16 

    17 

    18 

    19 /**

    20  @internalComponent

    21 */

    22 #ifndef __IPSEC_H__

    23 #define __IPSEC_H__

    24 

    25 #include <es_prot.h>

    26 #include <es_mbuf.h>

    27 

    28 const TUint KProtocolInetHook	= 0x103;	// a temp assignment

    29 

    30 const TUint KAfIpsec			= 0x0801;	// a temp assignment

    31 

    32 /**

    33 * @capability ECapabilityNetworkControl		Required for opening 'pfkey' sockets.

    34 * @ref RSocket::Open()

    35 */

    36 const TUint KProtocolKey		= 0x101;	// a temp assignment

    37 

    38 /**

    39 * @capability ECapabilityNetworkControl		Required for opening 'secpol' sockets.

    40 * @ref RSocket::Open()

    41 */

    42 const TUint KProtocolSecpol		= KProtocolInetHook;	// SECPOL needs to use hook id!

    43 

    44 enum TIpsecPanic

    45 	{

    46 	EIpsecPanic_NoData,

    47 	EIpsecPanic_DeleteSA		// Attempt to delete non-existent SA

    48 	};

    49 

    50 void Panic(TIpsecPanic);

    51 

    52 

    53 class MAssociationManager;

    54 class IPSEC

    55 	{

    56 public:

    57 	static CProtocolBase *NewSecpolL();

    58 	static CProtocolBase *NewPfkeyL();

    59 	static void IdentifySecpol(TServerProtocolDesc &aEntry);

    60 	static void IdentifyPfkey(TServerProtocolDesc &aEntry);

    61 	static MAssociationManager *FindAssociationManager(const CProtocolBase *aProtocol, TUint aId);

    62 	};

    63 

    64 class CProviderIpsecBase : public CServProviderBase

    65 	/**

    66 	* The common base class for SECPOL and PFKEY socket provider.

    67 	*

    68 	* This class provides the default implementations for the

    69 	* required functions, which are not used for anything in

    70 	* SECPOL and PFKEY SAP.

    71 	*/

    72 	{

    73 public:

    74 	CProviderIpsecBase();

    75 	~CProviderIpsecBase();

    76 

    77 	// Virtual provider base class stuff, that must be present

    78 	// (most of these don't make any sense with the IPSEC/Policy Socket)

    79 	void LocalName(TSockAddr& anAddr) const;

    80 	TInt SetLocalName(TSockAddr& anAddr);

    81 	void RemName(TSockAddr& anAddr) const;

    82 	TInt SetRemName(TSockAddr& anAddr);

    83 	TInt GetOption(TUint level,TUint name,TDes8& anOption)const;

    84 	void Ioctl(TUint level,TUint name,TDes8* anOption);

    85 	void CancelIoctl(TUint aLevel,TUint aName);

    86 	TInt SetOption(TUint level,TUint name,const TDesC8 &anOption);

    87 	void ActiveOpen();

    88 	void ActiveOpen(const TDesC8& aConnectionData);

    89 	TInt PassiveOpen(TUint aQueSize);

    90 	TInt PassiveOpen(TUint aQueSize,const TDesC8& aConnectionData);

    91 	void Shutdown(TCloseType option);

    92 	void Shutdown(TCloseType option,const TDesC8& aDisconnectionData);

    93 	void AutoBind();

    94 

    95 	void GetData(TDes8& aDesc,TUint options,TSockAddr* anAddr);

    96 	void Deliver(RMBufChain& aPacket);

    97 

    98 	TInt SecurityCheck(MProvdSecurityChecker *aChecker);

    99 

   100 public:

   101 	// ...for the associated protocol class.

   102 	TDblQueLink iSAPlink;			//< SAP collection under the protocol

   103 	TUint iListening;				//< Non-Zero, when queuing packets is allowed.

   104 protected:

   105 	// Provide the receive queue for the SAP

   106 	RMBufPktQ iRecvQ;				//< Messages waiting for delivery to application.

   107 

   108 	/**

   109 	* Receive queue limit.

   110 	* The queue limit is used to control how much buffered data is allowed

   111 	* to be in the iRecvQ, before "congestion" control hits. The value counts

   112 	* bytes in iRecvQ in following way:

   113 	*

   114 	* @li	if iQueueLimit < 0, then incoming packet is dropped (= "congestion")

   115 	* @li	if iQueueLimit >= 0, then incoming packet is added into iRecvQ, and

   116 	*		the length of the packet is subtracted from the iQueueLimit. When

   117 	*		GetData removes the packet from the queue, the length is added back

   118 	*		to iQueueLimit.

   119 	*

   120 	* Thus, if left as initial value (= 0), only one packet at time can be

   121 	* queued. If initialized to 8000, then at most 8000 bytes and 1 packet

   122 	* can be queued at any point.

   123 	*

   124 	* Currently only enforced for the Policy Socket. PFKEY messages are

   125 	* too important to drop, and PFKEY clients MUST read the the

   126 	* socket.

   127 	*/

   128 	TInt iQueueLimit;

   129 	};

   130 

   131 #endif