tfIkePolicyAddByPriority
Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference
#include <trsocket.h> |
int tfIkePolicyAddByPriority | ( |
ttIkePolicyInStringPtr plcyInStrPtr, | |
ttIsakmpTransDataPtr transDataListPtr, | |
ttUser8Bit transCount, | |
ttUser16Bit priority | |
); |
Function Description
This function creates a single IKE Policy, by Priority, from the caller-specified Policy definition and Phase 1 Transform definition array.
Usage
The caller must allocate a single ttIkePolicyInString structure, initialize the associated values, and supply the pointer. The caller must also allocate the array of ttIsakmpTransData structures and supply values for each and a pointer to the array. The caller must also provide the integer transCount and priority. At the completion of the call, the caller must free the allocated structures regardless of the return value. If the call succeeds, the kernel will have a copy of the information required to manage the IKE Policy.
Multiple Phase 1 Transforms
The transDataListPtr array represents the list of Phase 1 Transforms that should be sent. The order in which they are present in the array determines the order in which they are sent within a single proposal. Thus, the more-desired transforms should be put at array index 0 with less desired transforms being put at the higher indices.
Parameters
- plcyInStrPtr
- This is a pointer to a user-allocated ttIkePolicyInString structure. This structure contains the IKE Selectors, attributes and rules, as well as the features required for negotiation with the specified peers.
- transDataListPtr
- This is a pointer to an array of user-allocated ttIsakmpTransData structures. This structure contains Phase 1 SA lifetimes, algorithms, and keylengths.
- transCount
- This contains the number of members in the transDataListPtr array. This number must be <= TM_IKE_MAX_TRANSFORMS as defined in <trsecapi.h>.
- priority
- This is the 0-based Priority of the IKE Policy. Lower values have higher precedence during policy searches.
Returns
- TM_ENOERROR
- This indicates success. The caller must free the memory allocated for the structure passed to this function as a copy is made and managed by the kernel.
- TM_ENOBUFS
- This indicates failure. The kernel failed to allocate the memory required to make a copy of the data provided by the caller.
- TM_EALREADY
- This indicates failure. The kernel found an existing IPsec or IKE Policy at the Priority specified. Note that a given Priority level can only contain one IPsec or one IKE Policy.
- TM_EIKENOTSARTED
- This indicates failure. The kernel has not yet started IKE.
- TM_EIPSECNOTINITIALIZED
- This indicates failure. The kernel has not yet started IPsec.
Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference