Mercurial Mercurial > oss > MCL > sf > mw > vpnclient / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
vpnengine/vpnipsecpolparser/inc/sa_spec.h
author Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
Thu, 17 Dec 2009 09:14:51 +0200
changeset 0 33413c0669b9
permissions -rw-r--r--
Revision: 200949 Kit: 200951

/*
* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: Security parser algorithm manager.
*
*/



#ifndef __SA_SPEC_H
#define __SA_SPEC_H

#include <networking/pfkeyv2.h>

//
// This file collects minimal definitions that need to be exported
// from the Security Associations Database into Security Policy
// database
//
//
// Mapping of low level types in pfkeyv2.h into more semantic names
// (This is to avoid a need to look many places in case pfkeyv2 changes)
//
typedef uint32_t TLifetimeAllocations;
typedef uint64_t TLifetimeBytes;
typedef uint64_t TLifetimeSeconds;


//
// The default life time in seconds for larval SA's created by
// GETSPI (may also be used as a default for iLarvalLifetime in
// TSecurityAssocSpec).
//
const TInt KLifetime_LARVAL_DEFAULT = 30;	// seonds!

class TIdentity : public TPtr8
    {
    public:
        TIdentity(): TPtr8(0,0) {}
    };

// TLifetime, a help structure

class TLifetime
    {
    public:
        TLifetime(const struct sadb_lifetime &aLifetime);
        static void Freeze(TTime &aTime, const TTime &aNow);
        TLifetime();
        // For current, these will count items used so far. For Hard and
        // Soft these will contain the limit values for the current
        // counts.
        // study: present unspecified limit with 0 or max value?
        TLifetimeAllocations iAllocations;	// Connections limit
        TLifetimeBytes iBytes;				// Transmitted bytes limit
        //
        // For Current, these will record the creation and first use times.
        // For Hard and Soft, these will record the expiration times (e.g.
        // simple comparison with the current time can be used to test for
        // expiration, and for returning CURRENT values to application, use
        // the SecondsFrom method with current.
        //
        TTime iAddtime;						// Lifetime limit from creation
        TTime iUsetime;						// Lifetime limit from first use
    };


//
// A template to be used while creating new security
// associations (subclassed in Security Policy Database)
//

//
//	TSecurityAssocSpec
//
//	Specify what is required from the SA that can be used
//	for the outbound packet. If no matching SA is found, an
//	acquire message is generated, and these values specify
//	the requested values for the SA.
//
//	src, proxy
//		if no tunnel, proxy=INADDR_ANY, src=IP src
//		if tunnel, proxy=IP src, src=current host
//
class TSecurityAssocSpec
    {
    public:
        //
        // SA selection fields
        //
        TUint8 iType;				// SA type (AH or ESP)
        TUint8 iAalg;				// Authentication algorithm id
        TUint16 iAalgLen;			// Authentication algorithm key length
        TUint8 iEalg;				// Encryption algorithm id
        TUint16 iEalgLen;			// Encryption algorithm Key length
        TUint8 iReplayWindowLength;	// Replay Window length (equal or greater)
        TUint8 iPfs:1;				// SA must have same value of PFS
        TUint8 iMatchSrc:1;			// SA must have a matching src
        TUint8 iMatchProxy:1;		// SA must have a matching proxy
        TUint8 iMatchProtocol:1;	// SA must have a matching protocol
        TUint8 iMatchLocalPort:1;		// SA must have a matching src port
        TUint8 iMatchRemotePort:1;		// SA must have a matching dst port
        TUint8 iMatchLocal:1;		//resulting SA is limited to the specific local adress defined by the packet
        TUint8 iMatchRemote:1;		//resulting SA is limited to the specific remote adress defined by the packet
        
        //
        // Identity reference
        // (This is currently only used for ACQUIRE Message)
        //
        
        //!!!!!!!!!!!!!!!!!!!!!!!!!! Fields deleted!!!!
        
        //struct sadb_ident iIdentity;	// Preformatted for the PFKEY
        //TIdentity iIdentityData;		// NUL terminated Identity (NUL included
        // in the length!)
        //!!!!!!!!!!!!!!!!!!!!!!!!!!
        
        //
        // iLarvalLifetime specifies the maximum time to wait in
        // larval/egg state, when an ACQUIRE request originating
        // from this template is sent to the key management.
        //
        TUint iLarvalLifetime;		// Seconds (0 => use KLifetime_LARVAL_DEFAULT)
        //
        // These are only used in specifying the life time requirements
        // for the acquire message and are thus preformatted to be used
        // directly as a component of the TPfkeyMessage.
        
        struct sadb_lifetime iHard;	// Hard Lifetime requirement
        struct sadb_lifetime iSoft;	// Soft Lifetime requirement
    };

// endpoint name specification
class TEpSpec
    {
    public:
        TInetAddr iEpAddr;
        TBool iIsOptional;
    };


#endif
MCL/sf/mw/vpnclient