openikev2::IpsecController

openikev2::IpsecController Class Reference

This class allows to perform IPsec operations using several concrete implementations. More...

#include <ipseccontroller.h>

List of all members.

Static Public Member Functions

static void startThread ()

Initializes the implementation and starts the thread.

static void setImplementation (auto_ptr< IpsecControllerImpl > implementation)

Sets the implementation of the IPSEC_Controller.

static bool narrowPayloadTS (const Payload_TSi &received_payload_ts_i, const Payload_TSr &received_payload_ts_r, IkeSaController &ike_sa_controller, ChildSa &child_sa)

Determines if received TS Payload is acceptable, making narrowing if needed (executed in the responder).

static bool checkNarrowPayloadTS (const Payload_TSi &received_payload_ts_i, const Payload_TSr &received_payload_ts_r, ChildSa &child_sa)

Checks if responder narrowing is valid (executed in the initiator).

static uint32_t getSpi (const IpAddress &src, const IpAddress &dst, Enums::PROTOCOL_ID ipsec_protocol)

Request an SPI value.

static void createIpsecSa (const IpAddress &src, const IpAddress &dst, const ChildSa &childsa)

Creates an IPSEC SA.

static uint32_t deleteIpsecSa (const IpAddress &src, const IpAddress &dst, Enums::PROTOCOL_ID ipsec_protocol, uint32_t spi)

Deletes an IPSEC SA.

static void createIpsecPolicy (vector< TrafficSelector * > src_sel, vector< TrafficSelector * > dst_sel, Enums::DIRECTION direction=Enums::DIR_ALL, uint32_t priority=1000, Enums::PROTOCOL_ID ipsec_protocol=Enums::PROTO_NONE, Enums::IPSEC_MODE mode=Enums::TRANSPORT_MODE, const IpAddress *src_tunnel=NULL, const IpAddress *dst_tunnel=NULL)

Creates an IPSEC policy indicating all its parameters.

static void createIpsecPolicy (const TrafficSelector &src_sel, const TrafficSelector &dst_sel, Enums::DIRECTION direction=Enums::DIR_ALL, uint32_t priority=1000, Enums::PROTOCOL_ID ipsec_protocol=Enums::PROTO_NONE, Enums::IPSEC_MODE mode=Enums::TRANSPORT_MODE, const IpAddress *src_tunnel=NULL, const IpAddress *dst_tunnel=NULL)

Creates an IPSEC policy indicating a single selector (reduced version).

static void deleteIpsecPolicy (vector< TrafficSelector * > src_sel, vector< TrafficSelector * > dst_sel, Enums::DIRECTION direction)

Deletes an IPSEC policy.

static void updateIpsecAddresses (const IpAddress &old_address, const IpAddress &new_address)

Updates all the IPsec SA and policies with the specified new address.

static void flushIpsecPolicies ()

Deletes all the IPsec policies.

static void flushIpsecSas ()

Deletes all the IPSEC SAs.

Static Protected Attributes

static auto_ptr< IpsecControllerImpl > implementation

Protected implementation.

Detailed Description

This class allows to perform IPsec operations using several concrete implementations.

Author:: Alejandro Perez Mendez, Pedro J. Fernandez Ruiz <alejandro_perez@dif.um.es, pedroj.fernandez@dif.um.es>

Member Function Documentation

void openikev2::IpsecController::setImplementation ( auto_ptr< IpsecControllerImpl > implementation ) [static]

Sets the implementation of the IPSEC_Controller.

Parameters:

implementation

Implementation to be used.

bool openikev2::IpsecController::narrowPayloadTS	(	const Payload_TSi &	received_payload_ts_i,
		const Payload_TSr &	received_payload_ts_r,
		IkeSaController &	ike_sa_controller,
		ChildSa &	child_sa
	)			`[static]`

Determines if received TS Payload is acceptable, making narrowing if needed (executed in the responder).

Parameters:

	received_payload_ts_i	Received PAYLOAD_TSi
	received_payload_ts_r	Reveived PAYLOAD_TSr
	ike_sa_controller	IKE_SA controller
	child_sa	ChildSa object to be updated

Returns:: TRUE if narrowing has been possible. FALSE otherwise.

bool openikev2::IpsecController::checkNarrowPayloadTS	(	const Payload_TSi &	received_payload_ts_i,
		const Payload_TSr &	received_payload_ts_r,
		ChildSa &	child_sa
	)			`[static]`

Checks if responder narrowing is valid (executed in the initiator).

Parameters:

	received_payload_ts_i	Received PAYLOAD_TSi
	received_payload_ts_r	Received PAYLOLAD_TSr
	child_sa	ChildSa beign created

Returns:: TRUE if responder narrowing is valid. FALSE otherwise.

uint32_t openikev2::IpsecController::getSpi	(	const IpAddress &	src,
		const IpAddress &	dst,
		Enums::PROTOCOL_ID	ipsec_protocol
	)			`[static]`

Request an SPI value.

Parameters:

	src	Source address of the CHILD SA
	dst	Destination address of the CHILD SA
	ipsec_protocol	Protocol of the CHILD SA

Returns:: The SPI value

void openikev2::IpsecController::createIpsecSa	(	const IpAddress &	src,
		const IpAddress &	dst,
		const ChildSa &	childsa
	)			`[static]`

Creates an IPSEC SA.

Parameters:

	src	Source address of the IPSEC SA
	dst	Destionation address of the IPSEC SA
	childsa	ChildSa object with the values of the IPSEC SA

uint32_t openikev2::IpsecController::deleteIpsecSa	(	const IpAddress &	src,
		const IpAddress &	dst,
		Enums::PROTOCOL_ID	ipsec_protocol,
		uint32_t	spi
	)			`[static]`

Deletes an IPSEC SA.

Parameters:

	src	Source address of the IPSEC SA
	dst	Destionation address of the IPSEC SA
	ipsec_protocol	IPsec protocol of the IPSEC SA
	spi	SPI value of the IPSEC SA

Returns:: The SPI value of the updated IPSEC SA. 0 if an error was found

void openikev2::IpsecController::createIpsecPolicy	(	vector< TrafficSelector * >	src_sel,
		vector< TrafficSelector * >	dst_sel,
		Enums::DIRECTION	direction = `Enums::DIR_ALL`,
		uint32_t	priority = `1000`,
		Enums::PROTOCOL_ID	ipsec_protocol = `Enums::PROTO_NONE`,
		Enums::IPSEC_MODE	mode = `Enums::TRANSPORT_MODE`,
		const IpAddress *	src_tunnel = `NULL`,
		const IpAddress *	dst_tunnel = `NULL`
	)			`[static]`

Creates an IPSEC policy indicating all its parameters.

Parameters:

	src_sel	Source selector collection
	dst_sel	Destination selector collection
	direction	Direction of the policy
	priority	Policy priority. This value is dependet of the concrete implementation.
	ipsec_protocol	IPsec protocol
	mode	IPsec mode
	src_tunnel	Source tunnel address
	dst_tunnel	Destination tunnel address

void openikev2::IpsecController::createIpsecPolicy	(	const TrafficSelector &	src_sel,
		const TrafficSelector &	dst_sel,
		Enums::DIRECTION	direction = `Enums::DIR_ALL`,
		uint32_t	priority = `1000`,
		Enums::PROTOCOL_ID	ipsec_protocol = `Enums::PROTO_NONE`,
		Enums::IPSEC_MODE	mode = `Enums::TRANSPORT_MODE`,
		const IpAddress *	src_tunnel = `NULL`,
		const IpAddress *	dst_tunnel = `NULL`
	)			`[static]`

Creates an IPSEC policy indicating a single selector (reduced version).

Parameters:

	src_sel	Source selector collection
	dst_sel	Destination selector collection
	direction	Direction of the policy
	priority	Policy priority. This value is dependet of the concrete implementation.
	ipsec_protocol	IPsec protocol
	mode	IPsec mode
	src_tunnel	Source tunnel address
	dst_tunnel	Destination tunnel address

void openikev2::IpsecController::deleteIpsecPolicy	(	vector< TrafficSelector * >	src_sel,
		vector< TrafficSelector * >	dst_sel,
		Enums::DIRECTION	direction
	)			`[static]`

Deletes an IPSEC policy.

Parameters:

	src_sel	Source selector
	dst_sel	Destination selector
	direction	Direction of the policy

void openikev2::IpsecController::updateIpsecAddresses	(	const IpAddress &	old_address,
		const IpAddress &	new_address
	)			`[static]`

Updates all the IPsec SA and policies with the specified new address.

Parameters:

	old_address	Address to be updated
	new_address	New address

Generated on Fri Jul 27 11:04:51 2007 for libopenikev2 by

1.5.1


Static Public Member Functions
static void	startThread ()
	Initializes the implementation and starts the thread.
static void	setImplementation (auto_ptr< IpsecControllerImpl > implementation)
	Sets the implementation of the IPSEC_Controller.
static bool	narrowPayloadTS (const Payload_TSi &received_payload_ts_i, const Payload_TSr &received_payload_ts_r, IkeSaController &ike_sa_controller, ChildSa &child_sa)
	Determines if received TS Payload is acceptable, making narrowing if needed (executed in the responder).
static bool	checkNarrowPayloadTS (const Payload_TSi &received_payload_ts_i, const Payload_TSr &received_payload_ts_r, ChildSa &child_sa)
	Checks if responder narrowing is valid (executed in the initiator).
static uint32_t	getSpi (const IpAddress &src, const IpAddress &dst, Enums::PROTOCOL_ID ipsec_protocol)
	Request an SPI value.
static void	createIpsecSa (const IpAddress &src, const IpAddress &dst, const ChildSa &childsa)
	Creates an IPSEC SA.
static uint32_t	deleteIpsecSa (const IpAddress &src, const IpAddress &dst, Enums::PROTOCOL_ID ipsec_protocol, uint32_t spi)
	Deletes an IPSEC SA.
static void	createIpsecPolicy (vector< TrafficSelector * > src_sel, vector< TrafficSelector * > dst_sel, Enums::DIRECTION direction=Enums::DIR_ALL, uint32_t priority=1000, Enums::PROTOCOL_ID ipsec_protocol=Enums::PROTO_NONE, Enums::IPSEC_MODE mode=Enums::TRANSPORT_MODE, const IpAddress src_tunnel=NULL, const IpAddress dst_tunnel=NULL)
	Creates an IPSEC policy indicating all its parameters.
static void	createIpsecPolicy (const TrafficSelector &src_sel, const TrafficSelector &dst_sel, Enums::DIRECTION direction=Enums::DIR_ALL, uint32_t priority=1000, Enums::PROTOCOL_ID ipsec_protocol=Enums::PROTO_NONE, Enums::IPSEC_MODE mode=Enums::TRANSPORT_MODE, const IpAddress src_tunnel=NULL, const IpAddress dst_tunnel=NULL)
	Creates an IPSEC policy indicating a single selector (reduced version).
static void	deleteIpsecPolicy (vector< TrafficSelector * > src_sel, vector< TrafficSelector * > dst_sel, Enums::DIRECTION direction)
	Deletes an IPSEC policy.
static void	updateIpsecAddresses (const IpAddress &old_address, const IpAddress &new_address)
	Updates all the IPsec SA and policies with the specified new address.
static void	flushIpsecPolicies ()
	Deletes all the IPsec policies.
static void	flushIpsecSas ()
	Deletes all the IPSEC SAs.
Static Protected Attributes
static auto_ptr< IpsecControllerImpl >	implementation
	Protected implementation.