1 marek 1.1 // Copyright (c) 2005 DMTF. All rights reserved.
2 [Version ( "2.8.0" ),
3 UMLPackagePath ( "CIM::IPsecPolicy" ),
4 Description (
5 "IPsecAction specifies the parameters to use for an IPsec phase "
6 "2 negotiation." ),
7 MappingStrings { "IPSP Policy Model.IETF|IPsecAction" }]
8 class CIM_IPsecAction : CIM_SANegotiationAction {
9
10 [Description (
11 "UsePFS indicates whether perfect forward secrecy is "
12 "required when refreshing keys." ),
13 MappingStrings { "IPSP Policy Model.IETF|IPsecAction.UsePFS" },
14 ModelCorrespondence { "CIM_IPsecSAEndpoint.PFSInUse" }]
15 boolean UsePFS;
16
17 [Description (
18 "UsePhase1Group indicates that the phase 2 GroupId should "
19 "be the same as that used in the phase 1 key exchange. If "
20 "UsePFS is False, then this property is ignored. Note "
21 "that a value of False indicates that the property "
22 marek 1.1 "GroupId will contain the key exchange group to use for "
23 "phase 2." ),
24 MappingStrings {
25 "IPSP Policy Model.IETF|IPsecAction.UseIKEGroup" }]
26 boolean UsePhase1Group;
27
28 [Description (
29 "GroupId specifies the PFS group ID to use. This value is "
30 "only used if PFS is True and UsePhase1Group is False. If "
31 "the GroupID number is from the vendor-specific range "
32 "(32768-65535), the VendorID qualifies the group number. "
33 "Well-known group identifiers from RFC2412, Appendix E, "
34 "are: Group 1=\'768 bit prime\', Group 2=\'1024 bit "
35 "prime\', Group 3=\'Elliptic Curve Group with 155 bit "
36 "field element\', Group 4=\'Large Elliptic Curve Group "
37 "with 185 bit field element\', and Group 5=\'1536 bit "
38 "prime\'." ),
39 ValueMap { "0", "1", "2", "3", "4", "5", "..", "0x8000.." },
40 Values { "No Group/Non-Diffie-Hellman Exchange",
41 "DH-768 bit prime", "DH-1024 bit prime",
42 "EC2N-155 bit field element",
43 marek 1.1 "EC2N-185 bit field element", "DH-1536 bit prime",
44 "Standard Group - Reserved", "Vendor Reserved" },
45 MappingStrings {
46 "IPSP Policy Model.IETF|IPsecAction.GroupID",
47 "RFC2412.IETF|Appendix E" },
48 ModelCorrespondence { "CIM_IPsecAction.VendorID",
49 "CIM_IKESAEndpoint.GroupID" }]
50 uint16 GroupId;
51
52 [Description (
53 "The property VendorID is used together with the property "
54 "GroupID (when it is in the vendor-specific range) to "
55 "identify the key exchange group. VendorID is ignored "
56 "unless UsePFS is true, AND UsePhase1Group is False, AND "
57 "GroupID is in the vendor-specific range (32768-65535)." ),
58 MappingStrings { "IPSP Policy Model.IETF|IPsecAction.VendorID" },
59 ModelCorrespondence { "CIM_IPsecAction.GroupId",
60 "CIM_IKESAEndpoint.VendorID" }]
61 string VendorID;
62
63 [Description (
64 marek 1.1 "The property Granularity is an enumeration that "
65 "specifies how the selector for the SA should be derived "
66 "from the traffic that triggered the negotiation. Its "
67 "values are: \n"
68 "1=Other; See the OtherGranularity property for more "
69 "information \n"
70 "2=Subnet; The source and destination subnet masks are "
71 "used \n"
72 "3=Address; The source and destination IP addresses of "
73 "the triggering packet are used \n"
74 "4=Protocol; The source and destination IP addresses and "
75 "the IP protocol of the triggering packet are used \n"
76 "5=Port; The source and destination IP addresses, IP "
77 "protocol and the source and destination layer 4 ports of "
78 "the triggering packet are used." ),
79 ValueMap { "1", "2", "3", "4", "5" },
80 Values { "Other", "Subnet", "Address", "Protocol", "Port" },
81 MappingStrings {
82 "IPSP Policy Model.IETF|IPsecAction.Granularity" },
83 ModelCorrespondence { "CIM_IPsecAction.OtherGranularity" }]
84 uint16 Granularity;
85 marek 1.1
86 [Description (
87 "Description of the granularity when the value 1 "
88 "(\"Other\") is specified for the property, Granularity." ),
89 ModelCorrespondence { "CIM_IPsecAction.Granularity" }]
90 string OtherGranularity;
91
92
93 };
|