tfIkePolicyAddByPriority

Jump to: navigation, search

Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference


#include <trsocket.h>


int tfIkePolicyAddByPriority (
ttIkePolicyInStringPtr plcyInStrPtr,
ttIsakmpTransDataPtr transDataListPtr,
ttUser8Bit transCount,
ttUser16Bit priority
);


Function Description

This function creates a single IKE Policy, by Priority, from the caller-specified Policy definition and Phase 1 Transform definition array.


Usage

The caller must allocate a single ttIkePolicyInString structure, initialize the associated values, and supply the pointer. The caller must also allocate the array of ttIsakmpTransData structures and supply values for each and a pointer to the array. The caller must also provide the integer transCount and priority. At the completion of the call, the caller must free the allocated structures regardless of the return value. If the call succeeds, the kernel will have a copy of the information required to manage the IKE Policy.


Multiple Phase 1 Transforms

The transDataListPtr array represents the list of Phase 1 Transforms that should be sent. The order in which they are present in the array determines the order in which they are sent within a single proposal. Thus, the more-desired transforms should be put at array index 0 with less desired transforms being put at the higher indices.

Note Note: When receiving an IKE offer, the offered transforms are matched against the list of all transforms that the stack supports. Thus, the incoming offer is not validated against the list of transforms for the matching IKE Policy.


Parameters

  • plcyInStrPtr
    This is a pointer to a user-allocated ttIkePolicyInString structure. This structure contains the IKE Selectors, attributes and rules, as well as the features required for negotiation with the specified peers.
  • transDataListPtr
    This is a pointer to an array of user-allocated ttIsakmpTransData structures. This structure contains Phase 1 SA lifetimes, algorithms, and keylengths.
  • transCount
    This contains the number of members in the transDataListPtr array. This number must be <= TM_IKE_MAX_TRANSFORMS as defined in <trsecapi.h>.
  • priority
    This is the 0-based Priority of the IKE Policy. Lower values have higher precedence during policy searches.


Returns

  • TM_ENOERROR
    This indicates success. The caller must free the memory allocated for the structure passed to this function as a copy is made and managed by the kernel.
  • TM_ENOBUFS
    This indicates failure. The kernel failed to allocate the memory required to make a copy of the data provided by the caller.
  • TM_EALREADY
    This indicates failure. The kernel found an existing IPsec or IKE Policy at the Priority specified. Note that a given Priority level can only contain one IPsec or one IKE Policy.
  • TM_EIKENOTSARTED
    This indicates failure. The kernel has not yet started IKE.
  • TM_EIPSECNOTINITIALIZED
    This indicates failure. The kernel has not yet started IPsec.


Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference