tfIkePolicyRestore

Jump to: navigation, search

Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference


#include <trsocket.h>


int tfIkePolicyRestore (
ttIkePolicyPairPtr plcyPairListPtr,
ttIkePolicyInStringPtr plcyInStrListPtr,
ttIsakmpTransDataPtr transDataListPtr,
int npair
);


Function Description

This function bulk-loads a set of IKE policies from the caller-specified policy definitions and Phase 1 Transform definitions. This is similar to the tfPolicyRestore() bulk-load functionality provided for IPsec.


Usage

This function is similar to tfIkePolicyAddByPriority() however the key parameters are arrays rather than single instances. Thus, the caller allocates an array of ttIkePolicyInString structures along with their appropriate values and supplies a pointer to the start of this array. Similarly, the caller allocates an array of ttIsakmpTransData structure arrays along with appropriate values and supplies a pointer to the start of this two-dimensional array. The user-allocated ttIkePolicyPair structure is used to provide the index-based relationships between IKE Policy dominions and Phase 1 Transform definition arrays. This structure also supplies the size of the Phase 1 Transform array's second dimension. npair defines the number of IKE Policies and thus relationships that are specified. At the completion of the call, the caller must free the allocated structures regardless of the return value. If the call succeeds, the kernel will have copies of the information required to manage the IKE Policies.

As with tfIkePolicyAddByPriority(), each Phase 1 Transform array element's definition (2nd dimension) should be provided in the order that they need to appear in the Phase 1 proposal. Array index 0 comes first, 1 second, and so on up to TM_IKE_MAX_TRANSFORMS. IKE is not locked while the kernel makes copies of the required information. However, IKE is locked while the kernel updates internal references for each IKE Policy. Thus, the bulk-load is not atomic across all policies. Failure to add any single policy results in failure to add the remaining policies in the list. However, any previously added policies remain intact.


Parameters

  • plcyPairListPtr
    This is a pointer to an array of user-allocated ttIkePolicyPair structures. This defines the relationships between the Policy Definitions found in plcyInStrListPtr and the Phase 1 Transforms found in transDataListPtr.
  • plcyInStrListPtr
    This is a pointer to an array of user-allocated ttIkePolicyInString structures. These structures contain the IKE Policy definition.
  • transDataListPtr
    This is a pointer to an array of ttIsakmpTransData arrays. Each array contains an ordered list of Phase 1 Transforms to be associated with the IKE Policies found in the plcyInStrListPtr as specified by the plcyPairListPtr array.
  • npair
    This specifies the number of IKE Policy/Phase 1 Transform array pairs to bulk-load.


Returns

  • TM_ENOERROR
    This indicates success. The caller must free the memory allocated for the structure passed to this function as a copy is made and managed by the kernel.
  • TM_ENOBUFS
    This indicates failure. The kernel failed to allocate the memory required to make a copy of the data provided by the caller.
  • TM_EALREADY
    This indicates failure. The kernel found an existing IPsec or IKE Policy at the Priority specified. Note that a given Priority level can only contain one IPsec or one IKE Policy.
  • TM_EIKENOTSARTED
    This indicates failure. The kernel has not yet started IPsec/IKE.


Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference