www.beck-ipc.com

@CHIP-RTOS C Library - TCP/IP API


IPsec_Set_Option

Set options controlling IPsec/IKE behavior.

int IPsec_Set_Option(unsigned int option,
                     unsigned int value) ;

Parameters

option

An enumerator that specifies which option to set.

value

The options value to be set.

Return Value

0:   Success
-1:   Failure, invalid option or value

Comments

This function allows the IP Security and Internet Key Exchange (IKE) protocol options to be adjusted at run-time.   The IP Security function must have been started either from the CHIP.INI or IPsec_Start() API before using this API.

For all options here which have a Boolean sense, a value 1 enables the option and 0 disables the option.

The options available are:

    IPSEC_OPT_ANTIREPLAY= 1   Specifies if anti-replay is used or not.   By default anti-replay is used (value = 1).

    IPSEC_OPT_PFSKEY= 2   Specifies if Perfect Forward Secrecy (PFS) is used of not.   By default PFS is used (value = 1).

    IPSEC_OPT_AGGRESS= 3   Specifies if aggressive mode is used in IKE phase 1.   By default this option is not selected (value = 0).

    IPSEC_OPT_AGGRESSDHGROUP= 4   Specifies which Diffie-Hellman group is going to be used in aggressive mode.   Value must be 1, 2, 5 or 14.   The default is group 2 (using 1024 bit prime number).

    IPSEC_OPT_INITCONTACT= 5   Specifies if Initial Contact message is to be sent to the peer or not.   Value 1 will enable IKE to send Initial contact upon finishing IKE phase 1 negotiation.   Value 0 will disable it.   By default this option is enabled.

    IPSEC_OPT_ICMPBYPASS= 9   Specifies if the policy check for incoming ICMP packets is bypassed or not.   Value 1 will bypass the incoming policy check for incoming ICMP packets.   By default this option is selected (value = 1).

    IPSEC_OPT_ICMPSRCCHKBYPASS= 10   Specifies if ICMP source address should be checked against IPsec policy or not.   Value 1 will bypass this check.   By default this option is not selected (value = 0).
    IPSEC_OPT_ICMP6NDMLDBYPASS= 11   Specifies if ICMPv6 packets bypass IPsec policy or not.   Value 1 will bypass IPsec.   By default this option is selected (value = 1).

    IPSEC_OPT_NESTIKE_BYPASS= 12   Specifies if nested IKE packets are to be checked against IPsec policy or not.   Value 1 will bypass all IKE packets.   Value 0 will force all IKE packets to go through IPsec policy checking.   By default this option is not selected (value = 0).

    IPSEC_OPT_DFBIT= 13   Specifies how to set the outside IP header’s Dont Fragment bit if a tunnel is used.   Valid values are:
      IPSEC_VAL_DFBIT_CLEAR = 0
      IPSEC_VAL_DFBIT_SET = 1
      IPSEC_VAL_DFBIT_COPY = 2
    By default, the IPSEC_VAL_DFBIT_COPY = 2 value is used.

See Also

RTOS API

This library function invokes a RTOS software interrupt.   Refer to the RTOS API function IPSEC_VECTORS for more details.

Related Topics

IKE_PH1_AGGRESSIVE definition in CHIP.INI file
IKE_PH2_PFS definition in CHIP.INI file

Supported since or modified in @CHIP-RTOS version

    SC12SC13SC11SC1x3SC2x
    n/an/an/aV1.07V1.00

Supported by @CHIP-RTOS C Library since version

    CLIB
    V2.06

This API List
List of C Libraries
@CHIP-RTOS Main Index


End of document