@CHIP-RTOS C Library V2.06 - TCP/IP API
IPsec_Set_Option
Set options controlling IPsec/IKE behavior. int IPsec_Set_Option(unsigned int option,
unsigned int value) ;
Parameters
option
- An enumerator that specifies which
option to set.
value
- The options value to be set.
Return Value
- 0: Success
-1: Failure, invalid option or value
Comments
- This function allows the IP Security and Internet Key Exchange
(IKE) protocol options to be adjusted at run-time. The
IP Security function must have been started either from the
CHIP.INI or
IPsec_Start() API before using
this API.
For all options here which have a Boolean sense, a value 1 enables
the option and 0 disables the option.
The options available are:
IPSEC_OPT_ANTIREPLAY= 1 Specifies
if anti-replay is used or not. By default anti-replay is
used (value = 1).
IPSEC_OPT_PFSKEY= 2 Specifies if Perfect
Forward Secrecy (PFS) is used of not. By default PFS is
used (value = 1).
IPSEC_OPT_AGGRESS= 3 Specifies if aggressive
mode is used in IKE phase 1. By default this option
is not selected (value = 0).
IPSEC_OPT_AGGRESSDHGROUP= 4 Specifies which
Diffie-Hellman group is going to be used in aggressive mode.
Value must be 1, 2, 5 or 14. The default is group 2
(using 1024 bit prime number).
IPSEC_OPT_INITCONTACT= 5 Specifies if Initial
Contact message is to be sent to the peer or not. Value 1
will enable IKE to send Initial contact upon finishing IKE
phase 1 negotiation. Value 0 will disable it. By
default this option is enabled.
IPSEC_OPT_ICMPBYPASS= 9 Specifies if we
bypass all ICMP packets or not. Value 1 will bypass
all ICMP packets and no IPsec will be applied to these
packets. By default this option is selected
(value = 1).
IPSEC_OPT_ICMPSRCCHKBYPASS= 10 Specifies if ICMP
source address should be checked against IPsec policy or not.
Value 1 will bypass this check. By default this option
is not selected (value = 0).
IPSEC_OPT_ICMP6NDMLDBYPASS= 11 Specifies if
ICMPv6 packets bypass IPsec policy or not.
Value 1 will bypass IPsec. By default this option
is selected (value = 1).
IPSEC_OPT_NESTIKE_BYPASS= 12 Specifies if
nested IKE packets are to be checked against IKE or not.
Value 1 will bypass all IKE packets. Value 0 will force
all IKE packets to go through IPsec policy checking. By
default this option is not selected (value = 0).
IPSEC_OPT_DFBIT= 13 Specifies how to set
the outside IP headers Dont Fragment
bit if
a tunnel is used. Valid values are:
IPSEC_VAL_DFBIT_CLEAR = 0
IPSEC_VAL_DFBIT_SET = 1
IPSEC_VAL_DFBIT_COPY = 2
By default, the IPSEC_VAL_DFBIT_COPY = 2
value is used.
See Also
RTOS API
- This library function invokes a RTOS software interrupt.
Refer to the RTOS API function
IPSEC_VECTORS
for more details.
Supported since or modified in @CHIP-RTOS version-
SC12 | SC13 | SC11 | SC1x3 |
-
n/a | n/a | n/a | V1.07 |
Supported by @CHIP-RTOS C Library since version
This API List
List of C Libraries
@CHIP-RTOS Main Index
End of document
|