Struct:ttPolicyContent

Jump to: navigation, search
#include trsecapi.h
 
typedef struct tsPolicyContent{
/* used for bundles, the outer policy content */
    struct tsPolicyContent TM_FAR * pctOuterContentPtr; 
#ifdef TM_USE_STRONG_ESL
    ttUser32Bit                     pctPortMask;
#endif /* TM_USE_STRONG_ESL */ 
/* for router, it may have multiple ip, need to specify,
 * anyway, we don't care the port number here
 */
    struct sockaddr_storage         pctLocIpAddr; 
    struct sockaddr_storage         pctRemtIpAddr;
#ifndef TM_USE_MULTIPLE_PROPOSALS
    ttUserPacketPtr                 pctQueuePtr;
    ttUserPacketPtr                 pctLastQueuePtr;
#endif /* !TM_USE_MULTIPLE_PROPOSALS */
/* AH|ESP, tunnel|transport, policy|packet determination */
    ttUser32Bit                     pctRuleFlags; 
/* along with pctQueuePtr, indicates how many bytes data are waiting
 * for an IKE negotiation results
 */
    ttUser32Bit                     pctLifeSeconds;
#ifdef TM_USE_IPSEC_64BIT_KB_LIFETIMES
    ttUser64Bit                     pctLifeKbytes;
#else /* TM_USE_IPSEC_64BIT_KB_LIFETIMES */
    ttUser32Bit                     pctLifeKbytes;
#endif /* TM_USE_IPSEC_64BIT_KB_LIFETIMES */
    ttUser32Bit                     pctContentIndex;
    ttUser16Bit                     pctEncryptKeyBits;
#ifndef TM_USE_MULTIPLE_PROPOSALS
    ttUser16Bit                     pctQueueBytes;
/* How many entities own this policy content entry */
#endif /* !TM_USE_MULTIPLE_PROPOSALS */
    ttUser16Bit                     pctOwnerCount;
/* esp may also have authentication algorithm*/
    ttUser8Bit                      pctAuthAlg;
    ttUser8Bit                      pctEncryptAlg;
#ifdef TM_USE_IPSEC_IPCOMP
    ttUser8Bit                      pctIpcompAlg;
#endif /* TM_USE_IPSEC_IPCOMP */
#ifdef TM_USE_MULTIPLE_PROPOSALS
    struct tsPolicyContent TM_FAR * pctPrevPtr;
    ttUser8Bit                      pctProposalNumber;
    ttUser8Bit                      pctTransformNumber;
/* pctTransformCount is valid only for the first transform in a proposal */
    ttUser8Bit                      pctTransformCount;
#endif /* TM_USE_MULTIPLE_PROPOSALS */
    ttUser8Bit                      pctP2PfsDhGroup;
}  ttPolicyContent;
typedef ttPolicyContent    TM_FAR * ttPolicyContentPtr;
typedef ttPolicyContentPtr TM_FAR * ttPolicyContentPtrPtr;


Structure Description

ttPolicyContentInString is for user's reference, so the IP information is the string format IPv4 or IPv6 address. While ttPolicyContent is designed for internal use, thus all the IP addresses are in sockaddr_storage format We have a pointer which points to the outer policy content if there is any. The two 8-bit padding is not used at all, just for alignment usage.


Members

  • pctOuterContentPtr
    Points to the outer policy content, if there is any. The inner policy content and all outer policy contents must work together to protect the traffic. They are bundled policy contents. If there is no outer policy content, this pointer is NULL.
  • pctPortMask
    Physical port mask.
  • pctLocIpAddr
    Tunnel address at the local side. We use local and remote rather than source and destination, because the policy content will also applies to inbound traffic. Must be a sockaddr_storage structure to indicate either IPv4 or IPv6 address. If this policy content is for transport mode, this member variable is not used.
  • pctRemtIpAddr
    Tunnel address at the remote side. See pctLocIpAddr above.
  • pctQueuePtr
    Pointer to the first queued packet which is waiting for the establishment of security association according to this policy content. Other queued packets are linked using pktChainNextPtr.
  • pctLastQueuePtr
    Pointer to the last item of the queued packet list, i.e. the newest coming packet.
  • pctRuleFlags
    Same as pctRuleFlags of ttPolicyContentInString. It may not be any of the DNS flags anyway.
  • pctLifeSeconds
    Lifetime value in seconds of the IPsec SA for this policy content.
  • pctLifeKbytes
    Lifetime value in kilo-bytes of the IPsec SA for this policy content.
  • pctContentIndex
    The index number of this content.
  • pctQueueBytes
    Indicates how much data is waiting for IKE to negotiate IPsec SA according to this policy content. The maximum number is TM_IKE_PACKET_MAX_QUEUE_BYTES
  • pctOwnerCount
    Policy Content owner count.
  • pctAuthAlg
    Same as pctAuthAlg of ttPolicyContentInString. We use eight bit here. It is enough for up to 256 authentication algorithms.
  • pctEncryptAlg
    Same as pctEncryptAlg of ttPolicyContentInString.
  • pctIpcompAlg
    IP Compression algorithm. Treck does not support IP Compression natively, however it does have the ability to negotiate the IP Compression algorithm in IKE.
  • pctPrevPtr
    A pointer to the previous policy content in the case of multiple proposals.
  • pctProposalNumber
    Proposal number.
  • pctTransformNumber
    Transform number.
  • pctTransformCount
    Transform count.
  • pctP2PfsDhGroup
    Diffie-Hellman Group to use during Phase 2 Perfect Forward Secrecy (PFS).