Struct:ttPolicyContent
#include trsecapi.h typedef struct tsPolicyContent{ /* used for bundles, the outer policy content */ struct tsPolicyContent TM_FAR * pctOuterContentPtr; #ifdef TM_USE_STRONG_ESL ttUser32Bit pctPortMask; #endif /* TM_USE_STRONG_ESL */ /* for router, it may have multiple ip, need to specify, * anyway, we don't care the port number here */ struct sockaddr_storage pctLocIpAddr; struct sockaddr_storage pctRemtIpAddr; #ifndef TM_USE_MULTIPLE_PROPOSALS ttUserPacketPtr pctQueuePtr; ttUserPacketPtr pctLastQueuePtr; #endif /* !TM_USE_MULTIPLE_PROPOSALS */ /* AH|ESP, tunnel|transport, policy|packet determination */ ttUser32Bit pctRuleFlags; /* along with pctQueuePtr, indicates how many bytes data are waiting * for an IKE negotiation results */ ttUser32Bit pctLifeSeconds; #ifdef TM_USE_IPSEC_64BIT_KB_LIFETIMES ttUser64Bit pctLifeKbytes; #else /* TM_USE_IPSEC_64BIT_KB_LIFETIMES */ ttUser32Bit pctLifeKbytes; #endif /* TM_USE_IPSEC_64BIT_KB_LIFETIMES */ ttUser32Bit pctContentIndex; ttUser16Bit pctEncryptKeyBits; #ifndef TM_USE_MULTIPLE_PROPOSALS ttUser16Bit pctQueueBytes; /* How many entities own this policy content entry */ #endif /* !TM_USE_MULTIPLE_PROPOSALS */ ttUser16Bit pctOwnerCount; /* esp may also have authentication algorithm*/ ttUser8Bit pctAuthAlg; ttUser8Bit pctEncryptAlg; #ifdef TM_USE_IPSEC_IPCOMP ttUser8Bit pctIpcompAlg; #endif /* TM_USE_IPSEC_IPCOMP */ #ifdef TM_USE_MULTIPLE_PROPOSALS struct tsPolicyContent TM_FAR * pctPrevPtr; ttUser8Bit pctProposalNumber; ttUser8Bit pctTransformNumber; /* pctTransformCount is valid only for the first transform in a proposal */ ttUser8Bit pctTransformCount; #endif /* TM_USE_MULTIPLE_PROPOSALS */ ttUser8Bit pctP2PfsDhGroup; } ttPolicyContent; typedef ttPolicyContent TM_FAR * ttPolicyContentPtr; typedef ttPolicyContentPtr TM_FAR * ttPolicyContentPtrPtr;
Structure Description
ttPolicyContentInString is for user's reference, so the IP information is the string format IPv4 or IPv6 address. While ttPolicyContent is designed for internal use, thus all the IP addresses are in sockaddr_storage format We have a pointer which points to the outer policy content if there is any. The two 8-bit padding is not used at all, just for alignment usage.
Members
- pctOuterContentPtr
- Points to the outer policy content, if there is any. The inner policy content and all outer policy contents must work together to protect the traffic. They are bundled policy contents. If there is no outer policy content, this pointer is NULL.
- pctPortMask
- Physical port mask.
- pctLocIpAddr
- Tunnel address at the local side. We use local and remote rather than source and destination, because the policy content will also applies to inbound traffic. Must be a sockaddr_storage structure to indicate either IPv4 or IPv6 address. If this policy content is for transport mode, this member variable is not used.
- pctRemtIpAddr
- Tunnel address at the remote side. See pctLocIpAddr above.
- pctQueuePtr
- Pointer to the first queued packet which is waiting for the establishment of security association according to this policy content. Other queued packets are linked using pktChainNextPtr.
- pctLastQueuePtr
- Pointer to the last item of the queued packet list, i.e. the newest coming packet.
- pctRuleFlags
- Same as pctRuleFlags of ttPolicyContentInString. It may not be any of the DNS flags anyway.
- pctLifeSeconds
- Lifetime value in seconds of the IPsec SA for this policy content.
- pctLifeKbytes
- Lifetime value in kilo-bytes of the IPsec SA for this policy content.
- pctContentIndex
- The index number of this content.
- pctQueueBytes
- Indicates how much data is waiting for IKE to negotiate IPsec SA according to this policy content. The maximum number is TM_IKE_PACKET_MAX_QUEUE_BYTES
- pctOwnerCount
- Policy Content owner count.
- pctAuthAlg
- Same as pctAuthAlg of ttPolicyContentInString. We use eight bit here. It is enough for up to 256 authentication algorithms.
- pctEncryptAlg
- Same as pctEncryptAlg of ttPolicyContentInString.
- pctIpcompAlg
- IP Compression algorithm. Treck does not support IP Compression natively, however it does have the ability to negotiate the IP Compression algorithm in IKE.
- pctPrevPtr
- A pointer to the previous policy content in the case of multiple proposals.
- pctProposalNumber
- Proposal number.
- pctTransformNumber
- Transform number.
- pctTransformCount
- Transform count.
- pctP2PfsDhGroup
- Diffie-Hellman Group to use during Phase 2 Perfect Forward Secrecy (PFS).