tfSadbRecordFind

Jump to: navigation, search

Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference


#include <trsocket.h>


int tfSadbRecordFind (
ttUser32Bit options,
ttIpsecSelectorPtr pktSelectorPtr,
ttSadbRecordPtrPtr sadbRecordPtr ,
ttPolicyEntryPtr plcyPtr,
ttPolicyContentPtr plcyContentPtr,
ttUser8Bit direction
);


Function Description

This function is called to find a SA. It is usually called by the outbound path (it is also available for inbound ) to find the SA to protect packets that match selector pktSelectorPt , given the policy and the policy content. The SA is returned in sadbPtrPtr.


Parameters

  • options
    Zero if the SAD is not locked by the calling procedure, or TM_IPSEC_DATABASE_LOCKED if SAD is already locked by the calling procedure. For manual usage, this is always zero.
  • pktSelectorPtr
    The selector value of the given packet
  • sadbRecordPtr
    For output use. The located SA pointer address will be stored in sadbPtrPtr.
  • plcyPtr
    The policy pointer.
  • plcyContentPtr
    The policy content pointer.
  • direction
    This is normally TM_IPSEC_OUTBOUND, anyway, for manual keying, you may want to set it to be TM_IPSEC_INBOUND, to locate an inbound SA and delete that SA or modify it.


Returns

  • TM_ENOERROR
    An SA is successfully located. saPtrPtr contains the SA pointer
  • error code
    saPtrPtr contains an NULL pointer


Example

This example attempts to locate the OUTBOUND Authentication Header SA for a TCP packet from 1.1.1.100 port 3500 to 2.2.2.1 port 21 (suppose our policy has bundled policy contents, the inner most policy content is for ESP, and the outermost policy content is for AH).

{
    ttIpsecSelector  selector;
    ttPolicyEntryPtr plcyPtr;
    ttSadbRecordPtr  saPtr;
    int              errorCode;
 
/* initialize the memory */
    tm_bzero(&selector, sizeof(ttIpsecSelector));
 
/* set the selector */
    selector.selLocIp1.ss_family = PF_INET;
    selector.selLocIp1.ss_len = sizeof(struct sockaddr_in);
    selector.selRemtIp1.ss_family = PF_INET;
    selector.selRemtIp1.ss_len = sizeof(struct sockaddr_in);
    selector.selLocIp1.addr.ipv4.sin_addr.s_addr = inet_addr("1.1.1.100");
    selector.selRemtIp1.addr.ipv4.sin_addr.s_addr = inet_addr("2.2.2.1");
    selector.selRemtPort = htons(21);
    selector.selLocPort = htons(3500);
    selector.selProtocol = TM_IP_TCP;
    selector.selIpFlags = TM_SELECTOR_LOCIP_HOST +
                          TM_SELECTOR_REMTIP_HOST; 
 
/* call tfIpsecPolicyQueryBySelector to locate the policy, as our assumption
 * suggests, this policy should have bundled policy contents - inner ESP content
 * and outer AH content */
    errorCode = tfIpsecPolicyQueryBySelector(0,
                                             &selector,
                                             &plcyPtr,
                                             TM_IPSEC_OUTBOUND);
    if(errorCode != TM_ENOERROR)
    {
    }
/* locate the AH SA */
    errorCode = tfSadbRecordFind(
                          0,
                          &selector, 
                          &saPtr,
                          plcyPtr,
/* note that the inner content is ESP content, we are looking for SA for
 * the outer, i.e. AH content */
                          plcyPtr->plcyContentPtr->pctOuterContentPtr,
                          TM_IPSEC_OUTBOUND);
    if(errorCode != TM_ENOERROR)
    {
    }
...
}


Table of Contents >> IPsec/IKE Programmer's Reference >> IPsec/IKE Function Reference