Return to Network_IPsec.mof CVS log | Up to [Pegasus] / pegasus / Schemas / CIM29 |
File: [Pegasus] / pegasus / Schemas / CIM29 / Network_IPsec.mof
(download)
Revision: 1.1, Thu Feb 17 00:09:56 2005 UTC (19 years, 4 months ago) by a.dunfey Branch: MAIN CVS Tags: preBug9676, postBug9676, TASK_PEP328_SOLARIS_NEVADA_PORT, TASK_PEP317_1JUNE_2013, TASK_PEP233_EmbeddedInstSupport-merge_out_trunk, TASK_BUG_5314_IPC_REFACTORING_ROOT, TASK_BUG_5314_IPC_REFACTORING_BRANCH, TASK_BUG_5314_IPC_REFACTORING-V1, TASK_BUG_5191_QUEUE_CONSOLIDATION_ROOT, TASK_BUG_5191_QUEUE_CONSOLIDATION_BRANCH, TASK-TASK_PEP362_RestfulService_branch-root, TASK-TASK_PEP362_RestfulService_branch-merged_out_from_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_to_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_from_branch, TASK-TASK_PEP362_RestfulService_branch-branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-root, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_to_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_from_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_to_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_from_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-branch, TASK-PEP362_RestfulService-root, TASK-PEP362_RestfulService-merged_out_to_branch, TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP362_RestfulService-merged_in_to_trunk, TASK-PEP362_RestfulService-merged_in_from_branch, TASK-PEP362_RestfulService-branch, TASK-PEP348_SCMO-root, TASK-PEP348_SCMO-merged_out_to_branch, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP348_SCMO-merged_in_to_trunk, TASK-PEP348_SCMO-merged_in_from_branch, TASK-PEP348_SCMO-branch, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-root, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-branch, TASK-PEP328_SOLARIS_NEVADA_PORT-root, TASK-PEP328_SOLARIS_NEVADA_PORT-branch, TASK-PEP328_SOLARIS_IX86_CC_PORT-root, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch-v2, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch, TASK-PEP317_pullop-root, TASK-PEP317_pullop-merged_out_to_branch, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP317_pullop-merged_in_from_branch, TASK-PEP317_pullop-branch, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, TASK-PEP305_VXWORKS-root, TASK-PEP305_VXWORKS-branch-pre-solaris-port, TASK-PEP305_VXWORKS-branch-post-solaris-port, TASK-PEP305_VXWORKS-branch-beta2, TASK-PEP305_VXWORKS-branch, TASK-PEP305_VXWORKS-2008-10-23, TASK-PEP291_IPV6-root, TASK-PEP291_IPV6-branch, TASK-PEP286_PRIVILEGE_SEPARATION-root, TASK-PEP286_PRIVILEGE_SEPARATION-branch, TASK-PEP274_dacim-root, TASK-PEP274_dacim-merged_out_to_branch, TASK-PEP274_dacim-merged_out_from_trunk, TASK-PEP274_dacim-merged_in_to_trunk, TASK-PEP274_dacim-merged_in_from_branch, TASK-PEP274_dacim-branch, TASK-PEP268_SSLClientCertificatePropagation-root, TASK-PEP268_SSLClientCertificatePropagation-merged_out_to_branch, TASK-PEP268_SSLClientCertificatePropagation-merged_out_from_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_to_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_from_branch, TASK-PEP268_SSLClientCertificatePropagation-branch, TASK-PEP267_SLPReregistrationSupport-root, TASK-PEP267_SLPReregistrationSupport-merging_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merging_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merged_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_to_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_from_branch, TASK-PEP267_SLPReregistrationSupport-branch, TASK-PEP250_RPMProvider-root, TASK-PEP250_RPMProvider-merged_out_to_branch, TASK-PEP250_RPMProvider-merged_out_from_trunk, TASK-PEP250_RPMProvider-merged_in_to_trunk, TASK-PEP250_RPMProvider-merged_in_from_branch, TASK-PEP250_RPMProvider-branch, TASK-PEP245_CimErrorInfrastructure-root, TASK-PEP245_CimErrorInfrastructure-merged_out_to_branch, TASK-PEP245_CimErrorInfrastructure-merged_out_from_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_to_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_from_branch, TASK-PEP245_CimErrorInfrastructure-branch, TASK-PEP241_OpenPegasusStressTests-root, TASK-PEP241_OpenPegasusStressTests-merged_out_to_branch, TASK-PEP241_OpenPegasusStressTests-merged_out_from_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_to_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_from_branch, TASK-PEP241_OpenPegasusStressTests-branch, TASK-Bugs5690_3913_RemoteCMPI-root, TASK-Bugs5690_3913_RemoteCMPI-merged_out_to_branch, TASK-Bugs5690_3913_RemoteCMPI-merged_out_from_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_to_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_from_branch, TASK-Bugs5690_3913_RemoteCMPI-branch, TASK-Bug2102_RCMPIWindows-root, TASK-Bug2102_RCMPIWindows-merged_out_to_branch, TASK-Bug2102_RCMPIWindows-merged_out_from_trunk, TASK-Bug2102_RCMPIWindows-merged_in_to_trunk, TASK-Bug2102_RCMPIWindows-merged_in_from_branch, TASK-Bug2102_RCMPIWindows-branch, TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch, TASK-Bug2021_RemoteCMPIonWindows-root, TASK-Bug2021_RemoteCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RemoteCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RemoteCMPIonWindows-branch, TASK-Bug2021_RCMPIonWindows-root, TASK-Bug2021_RCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RCMPIonWindows-branch, TASK-BUG7240-root, TASK-BUG7240-branch, TASK-BUG7146_SqlRepositoryPrototype-root, TASK-BUG7146_SqlRepositoryPrototype-merged_out_to_branch, TASK-BUG7146_SqlRepositoryPrototype-merged_out_from_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_to_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_from_branch, TASK-BUG7146_SqlRepositoryPrototype-branch, TASK-BUG4011_WinLocalConnect-root, TASK-BUG4011_WinLocalConnect-merged_out_to_branch, TASK-BUG4011_WinLocalConnect-merged_out_from_trunk, TASK-BUG4011_WinLocalConnect-merged_in_to_trunk, TASK-BUG4011_WinLocalConnect-merged_in_from_branch, TASK-BUG4011_WinLocalConnect-branch-New, TASK-BUG4011_WinLocalConnect-branch, STABLE, RELEASE_2_9_2-RC2, RELEASE_2_9_2-RC1, RELEASE_2_9_2, RELEASE_2_9_1-RC1, RELEASE_2_9_1, RELEASE_2_9_0-RC1, RELEASE_2_9_0-FC, RELEASE_2_9_0, RELEASE_2_9-root, RELEASE_2_9-branch, RELEASE_2_8_2-RC1, RELEASE_2_8_2, RELEASE_2_8_1-RC1, RELEASE_2_8_1, RELEASE_2_8_0_BETA, RELEASE_2_8_0-RC2, RELEASE_2_8_0-RC1, RELEASE_2_8_0-FC, RELEASE_2_8_0, RELEASE_2_8-root, RELEASE_2_8-branch, RELEASE_2_7_3-RC1, RELEASE_2_7_3, RELEASE_2_7_2-RC1, RELEASE_2_7_2, RELEASE_2_7_1-RC1, RELEASE_2_7_1, RELEASE_2_7_0-RC1, RELEASE_2_7_0-BETA, RELEASE_2_7_0, RELEASE_2_7-root, RELEASE_2_7-branch, RELEASE_2_6_3-RC2, RELEASE_2_6_3-RC1, RELEASE_2_6_3, RELEASE_2_6_2-RC1, RELEASE_2_6_2, RELEASE_2_6_1-RC1, RELEASE_2_6_1, RELEASE_2_6_0-RC1, RELEASE_2_6_0-FC, RELEASE_2_6_0, RELEASE_2_6-root, RELEASE_2_6-branch-clean, RELEASE_2_6-branch, RELEASE_2_5_5-RC2, RELEASE_2_5_5-RC1, RELEASE_2_5_5, RELEASE_2_5_4-RC2, RELEASE_2_5_4-RC1, RELEASE_2_5_4, RELEASE_2_5_3-RC1, RELEASE_2_5_3, RELEASE_2_5_2-RC1, RELEASE_2_5_2, RELEASE_2_5_1-RC1, RELEASE_2_5_1, RELEASE_2_5_0-RC1, RELEASE_2_5_0, RELEASE_2_5-root, RELEASE_2_5-branch, RELEASE_2_14_1, RELEASE_2_14_0-RC2, RELEASE_2_14_0-RC1, RELEASE_2_14_0, RELEASE_2_14-root, RELEASE_2_14-branch, RELEASE_2_13_0-RC2, RELEASE_2_13_0-RC1, RELEASE_2_13_0-FC, RELEASE_2_13_0, RELEASE_2_13-root, RELEASE_2_13-branch, RELEASE_2_12_1-RC1, RELEASE_2_12_1, RELEASE_2_12_0-RC1, RELEASE_2_12_0-FC, RELEASE_2_12_0, RELEASE_2_12-root, RELEASE_2_12-branch, RELEASE_2_11_2-RC1, RELEASE_2_11_2, RELEASE_2_11_1-RC1, RELEASE_2_11_1, RELEASE_2_11_0-RC1, RELEASE_2_11_0-FC, RELEASE_2_11_0, RELEASE_2_11-root, RELEASE_2_11-branch, RELEASE_2_10_1-RC1, RELEASE_2_10_1, RELEASE_2_10_0-RC2, RELEASE_2_10_0-RC1, RELEASE_2_10_0, RELEASE_2_10-root, RELEASE_2_10-branch, PREAUG25UPDATE, POSTAUG25UPDATE, PEP286_PRIVILEGE_SEPARATION_ROOT, PEP286_PRIVILEGE_SEPARATION_CODE_FREEZE, PEP286_PRIVILEGE_SEPARATION_BRANCH, PEP286_PRIVILEGE_SEPARATION_1, PEP244_ServerProfile-root, PEP244_ServerProfile-branch, PEP233_EmbeddedInstSupport-root, PEP233_EmbeddedInstSupport-branch, PEP214ROOT, PEP214BRANCH, PEP214-root, PEP214-branch, PEP-214B-root, PEGASUS_2_5_0_PerformanceDev-string-end, PEGASUS_2_5_0_PerformanceDev-rootlt, PEGASUS_2_5_0_PerformanceDev-root, PEGASUS_2_5_0_PerformanceDev-r2, PEGASUS_2_5_0_PerformanceDev-r1, PEGASUS_2_5_0_PerformanceDev-lit-end, PEGASUS_2_5_0_PerformanceDev-buffer-end, PEGASUS_2_5_0_PerformanceDev-branch, PEGASUS_2_5_0_PerformanceDev-AtomicInt-branch, PEG25_IBM_5_16_05, NPEGASUS_2_5_0_PerformanceDev-String-root, NNPEGASUS_2_5_0_PerformanceDev-String-branch, Makefile, HPUX_TEST, HEAD, CIMRS_WORK_20130824, BeforeUpdateToHeadOct82011, BUG_4225_PERFORMANCE_VERSION_1_DONE PEP#: 215 TITLE: Adding CIM29 to Repository DESCRIPTION: I added CIM 2.9 Final to the Pegasus Repository. I did NOT make any build changes. This just makes the CIM29 schema available for testing until a time is designated for switching the default schema from 2.8 to 2.9. |
// =================================================================== // Title: Network_IPsec // $State: Exp $ // $Date: 2005/02/17 00:09:56 $ // $RCSfile: Network_IPsec.mof,v $ // $Revision: 1.1 $ // =================================================================== //#pragma inLine ("Includes/copyright.inc") // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. //#pragma inLine // =================================================================== // Description: The Network Model extends the management concepts to // represent protocol interfaces and network/protocol // services. This file defines the classes to manage // an IPsec security association. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // ================================================================== // This model was originally introduced in CIM V2.6 Preliminary and // was not promoted to Final status. The following CR updates the // V2.6 MOF and better aligns it with the IETF I-D from the IPSP // Working Group. // CR1026 - Modifications to the V2.6 MOF for IPsec management // Change Log CIM V2.8 // CR1194 - Promote all classes to final // CR1238 - Fix model correspondece reference problems in final version // // =================================================================== #pragma Locale ("en_US") // ================================================================== // Security Association Endpoints // ================================================================== // ================================================================== // SecurityAssociationEndpoint // ================================================================== [Version ( "2.8.0" ), Description ( "SecurityAssociationEndpoint (SAEndpoint) represents the " "endpoint of a secure connection. This is typically an IP " "connection, although the model allows more flexibility than " "just IP. The SecurityAssociationEndpoint is tied to an " "IPProtocolEndpoint (or possibly other endpoint) using the " "LogicalIdentity association. Note that an endpoint is defined " "at both ends of the connection.")] class CIM_SecurityAssociationEndpoint : CIM_ProtocolEndpoint { [Override ( "InstallDate" ), Description ( "InstallDate records when the SA (and its endpoint) was " "created.")] datetime InstallDate; [Description ( "LifetimeSeconds specifies the maximum time that the SA will " "be considered valid after it has been created. A value of " "zero indicates that the default of 8 hours be used. A " "non-zero value indicates the seconds lifetime."), Units ( "Seconds" )] uint64 LifetimeSeconds = 0; [Write, Description ( "RefreshThresholdSecondsPercentage is the lifetime " "percentage after which a new SA should be acquired, before " "the existing SA expires. A random period may be added to a " "calculated threshold to reduce network thrashing."), Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 )] uint8 RefreshThresholdSecondsPercentage; [Description ( "IdleDurationSeconds specifies how long the SA can be idle " "before it is deleted. The default value, 0, indicates that " "there is no idle timeout period."), Units ( "Seconds" )] uint64 IdleDurationSeconds = 0; [Description ( "LifetimeKilobytes specifies the maximum number of kilobytes " "of data traffic to be protected by the SA. A value of zero " "(the default) indicates that there should be no maximum " "kilobyte lifetime. A non-zero value specifies the desired " "kilobyte lifetime. The SA is deleted when the " "LifetimeKilobyte value is exceeded."), Units ( "KiloBytes" )] uint64 LifetimeKilobytes = 0; [Write, Description ( "RefreshThresholdKbytesPercentage is the lifetime percentage " "of kilobytes processed, at which a new SA should be " "acquired. A random value may be added to the calculated " "threshold to reduce network thrashing."), Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 )] uint8 RefreshThresholdKbytesPercentage; [Write, Description ( "PacketLoggingActive causes a log to be kept of traffic " "processed by the SAEndpoint.")] boolean PacketLoggingActive; }; // ================================================================== // FilterOfSecurityAssociation // ================================================================== [Association, Version ( "2.8.0" ), Description ( "FilterOfSecurityAssociation associates a network traffic " "specification (i.e., a FilterList) with a SecurityAssociation " "Endpoint, to which the filter list applies.")] class CIM_FilterOfSecurityAssociation : CIM_Dependency { [Override ( "Antecedent" ), Max ( 1 ), Description ( "FilterList describing the traffic to be selected/matched.")] CIM_FilterList REF Antecedent; [Override ( "Dependent" ), Description ( "SecurityAssociation using the FilterList as its traffic " "selector.")] CIM_SecurityAssociationEndpoint REF Dependent; }; // ================================================================== // SAEndpointConnectionStatistics // ================================================================== [Version ( "2.8.0" ), Description ( "This class captures statistical and time-related information " "about the use of the IPsec or IKE Security Associations, " "through their IPsecSAEndpoint or IKESAEndpoint. The relevant " "SAEndpoint is determined by traversing the " "ElementStatisticalData association.")] class CIM_SAEndpointConnectionStatistics : CIM_StatisticalData { [Description ( "Number of bytes that have been protected by the associated " "SAEndpoint."), Units ( "Bytes" ), Counter] uint64 ByteCount; [Description ( "LastAccessed indicates when the SAEndpoint was last used. " "This property is helpful in determining if the SA (and its " "endpoint) will be deleted due to sitting idle.")] datetime LastAccessed; }; // ================================================================== // SAEndpointRefreshSettings // ================================================================== [Version ( "2.8.0" ), Description ( "SAEndpointRefreshSettings hold the refresh thresholds for the " "SecurityAssociationEndpoint. Since these settings may change " "for an SA, the properties are defined both in this class and " "in SecurityAssociationEndpoint.")] class CIM_SAEndpointRefreshSettings : CIM_SettingData { [Write, Description ( "RefreshThresholdSecondsPercentage is the lifetime " "percentage after which a new SA should be acquired, before " "the existing SA expires."), Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 ), ModelCorrespondence { "CIM_SecurityAssociationEndpoint." "RefreshThresholdSecondsPercentage" }] uint8 RefreshThresholdSecondsPercentage; [Write, Description ( "RefreshThresholdKbytesPercentage is the lifetime percentage " "of kilobytes processed, at which a new SA should be " "acquired."), Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 ), ModelCorrespondence { "CIM_SecurityAssociationEndpoint." "RefreshThresholdKbytesPercentage" }] uint8 RefreshThresholdKbytesPercentage; }; // ================================================================== // IPsecSAEndpoint // ================================================================== [Version ( "2.8.0" ), Description ( "IPsecSAEndpoints are types of SecurityAssociationEndpoints " "representing both negotiated and static SAs that correspond to " "AH, ESP, or IPCOMP transforms.")] class CIM_IPsecSAEndpoint : CIM_SecurityAssociationEndpoint { [Description ( "SPI contains the Security Parameter Index of the SA. This " "value in string form may also be used in the key field " "'Name' inherited from ServiceAccessPoint.")] uint32 SPI; [Description ( "InboundDirection specifies whether the SA applies to " "inbound (TRUE) or outbound (FALSE) traffic.")] boolean InboundDirection; [Description ( "EncapsulationMode indicates whether the IPsecSAEndpoint " "uses transport or tunnel encapsulation."), ValueMap { "0", "2", "3" }, Values { "Unknown", "Tunnel", "Transport" }] uint16 EncapsulationMode; [Description ( "DFHandling controls how the 'Don't Fragment' bit is managed " "by the IPsecSAEndpoint."), ValueMap { "0", "2", "3", "4" }, Values { "Unknown", "Copy from Internal to External IP Header", "Set DF Bit in External Header to 1", "Set DF Bit in External Header to 0" }] uint16 DFHandling; [Description ( "PFSInUse indicates whether perfect forward secrecy is " "required when refreshing keys.")] boolean PFSInUse; }; // ================================================================== // PeerOfIPsecSAEndpoint // ================================================================== [Association, Version ( "2.8.0" ), Description ( "PeerOfIPsecSAEndpoint identifies the peer of the " "IPsecSAEndpoint.")] class CIM_PeerOfSAEndpoint : CIM_Dependency { [Override ( "Antecedent" ), Max ( 1 ), Description ( "The peer for the SAEndpoint.")] CIM_RemoteServiceAccessPoint REF Antecedent; [Override ( "Dependent" ), Description ( "The IPsecSAEndpoint which has a peer.")] CIM_IPsecSAEndpoint REF Dependent; }; // ================================================================== // IKESAEndpoint // ================================================================== [Version ( "2.8.0" ), Description ( "IKESAEndpoint is created in the first phase of SA negotiation " "and protects the key negotiation traffic. This endpoint is " "only created when IKE is the key exchange protocol. Other " "protocols and their endpoints will be defined in a future " "release.")] class CIM_IKESAEndpoint : CIM_SecurityAssociationEndpoint { [Description ( "Identifier of the IKE phase 1 negotiation initiator. " "Combined with the ResponderCookie, this value, in string " "form, may be used to construct the value of the key field " "'Name', inherited from ServiceAccessPoint.")] uint64 InitiatorCookie; [Description ( "Identifier of the IKE phase 1 negotiation responder. " "Combined with the InitiatorCookie, this value, in string " "form, may be used to construct the value of the key field " "'Name', inherited from ServiceAccessPoint.")] uint64 ResponderCookie; [Description ( "CipherAlgorithm is an enumeration that specifies the " "encryption algorithm used by the IKESAEndpoint. The list of " "algorithms was generated from Appendix A of RFC2409. Note " "that the enumeration is different than the RFC list, since " "the values of Unknown and Other are taken into account."), ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8..65000", "65001..65535" }, Values { "Unknown", "Other", "DES", "IDEA", "Blowfish", "RC5", "3DES", "CAST", "DMTF/IANA Reserved", "Vendor Reserved" }, MappingStrings { "RFC2409.IETF|Appendix A" }, ModelCorrespondence { "CIM_IKESAEndpoint.OtherCipherAlgorithm" }] uint16 CipherAlgorithm; [Description ( "Description of the encryption algorithm when the value 1 " "(\"Other\") is specified for the property, CipherAlgorithm."), ModelCorrespondence { "CIM_IKESAEndpoint.CipherAlgorithm" }] string OtherCipherAlgorithm; [Description ( "HashAlgorithm is an enumeration that specifies the hash " "function used by the IKESAEndpoint. The list of algorithms " "was generated from Appendix A of RFC2409. Note that the " "enumeration is different than the RFC list, since the " "values of Unknown and Other are taken into account."), ValueMap { "0", "1", "2", "3", "4", "5..65000", "65001..65535" }, Values { "Unknown", "Other", "MD5", "SHA-1", "Tiger", "DMTF/IANA Reserved", "Vendor Reserved" }, MappingStrings { "RFC2409.IETF|Appendix A" }, ModelCorrespondence { "CIM_IKESAEndpoint.OtherHashAlgorithm" }] uint16 HashAlgorithm; [Description ( "Description of the hash function when the value 1 " "(\"Other\") is specified for the property, HashAlgorithm."), ModelCorrespondence { "CIM_IKESAEndpoint.HashAlgorithm" }] string OtherHashAlgorithm; [Description ( "AuthenticationMethod is an enumeration that specifies the " "operation of the IKESAEndpoint. The list of methods was " "generated from Appendix A of RFC2409. Note that the " "enumeration is different than the RFC list, since the " "values of Unknown and Other are taken into account."), ValueMap { "0", "1", "2", "3", "4", "5", "6", "7..65000", "65001..65535" }, Values { "Unknown", "Other", "Pre-Shared Key", "DSS Signatures", "RSA Signatures", "Encryption with RSA", "Revised Encryption with RSA", "DMTF/IANA Reserved", "Vendor Reserved" }, MappingStrings { "RFC2409.IETF|Appendix A" }, ModelCorrespondence { "CIM_IKESAEndpoint.OtherAuthenticationMethod" }] uint16 AuthenticationMethod; [Description ( "Description of the method when the value 1 (\"Other\") is " "specified for the property, AuthenticationMethod."), ModelCorrespondence { "CIM_IKESAEndpoint.AuthenticationMethod" }] string OtherAuthenticationMethod; [Description ( "GroupId specifies the key exchange group ID. If the GroupID " "number is from the vendor-specific range (32768-65535), the " "VendorID qualifies the group number. Well-known group " "identifiers from RFC2412, Appendix E, are: Group 1='768 bit " "prime', Group 2='1024 bit prime', Group 3= 'Elliptic Curve " "Group with 155 bit field element', Group 4= 'Large Elliptic " "Curve Group with 185 bit field element', and Group 5='1536 " "bit prime'."), ValueMap { "0", "1", "2", "3", "4", "5", "..", "0x8000.." }, Values { "No Group/Non-Diffie-Hellman Exchange", "DH-768 bit prime", "DH-1024 bit prime", "EC2N-155 bit field element", "EC2N-185 bit field element", "DH-1536 bit prime", "Standard Group - Reserved", "Vendor Reserved" }, MappingStrings { "RFC2412.IETF|Appendix E" }, ModelCorrespondence { "CIM_IKESAEndpoint.VendorID" }] uint16 GroupId; [Description ( "VendorID identifies the vendor when the value of GroupID is " "in the vendor-specific range, 32768 to 65535."), ModelCorrespondence { "CIM_IKESAEndpoint.GroupId" }] string VendorID; }; // ================================================================== // Phase1SAUsedForPhase2 // ================================================================== [Association, Version ( "2.8.0" ), Description ( "Phase1SAUsedForPhase2 associates a phase 1 endpoint (such as " "an IKESAEndpoint) with an IPsecSAEndpoint that was negotiated " "using that phase 1 Security Association.")] class CIM_Phase1SAUsedForPhase2 : CIM_Dependency { [Override ( "Antecedent" ), Max ( 1 ), Description ( "Phase 1 SAEndpoint that protected the negotiation of the " "phase 2 Security Association. An example of a phase 1 " "endpoint is an IKESAEndpoint.")] CIM_SecurityAssociationEndpoint REF Antecedent; [Override ( "Dependent" ), Description ( "The phase 2 SAEndpoint.")] CIM_IPsecSAEndpoint REF Dependent; }; // ================================================================== // Security Association Transforms // ================================================================== // ================================================================== // SATransform // ================================================================== [Abstract, Version ( "2.8.0" ), Description ( "SATransform is the base class for the various types of " "transforms that are in effect for an existing IPsecSAEndpoint, " "or aggregated into phase 2 proposals used during the IPsec " "negotiation process. This class is defined as a kind of " "ScopedSettingData, since it describes the set of transform " "properties that MUST be applied together, if negotiated. This " "subclassing is different than that defined in IETF's IPSP " "Policy draft - where it is subclassed from Policy. The " "definition as SettingData is more consistent with the " "application of the properties as a set, to the negotiated " "Security Association. \n" "\n" "Note that an instance of this class is 'scoped' or contained " "by a System (either a ComputerSystem or AdminDomain), rather " "than by a SecurityAssociationEndpoint. This is indicated by " "instantiating the ScopedSetting association, and is necessary " "since the transform data is used in IPsec negotiation policies " "(also scoped by Systems) before ever being associated with a " "SecurityAssociationEndpoint. The latter semantics (i.e., that " "'this' transform is negotiated for 'this' Security " "Association) is conveyed via a subclass of ElementSettingData, " "TransformOfSecurityAssociation."), MappingStrings { "IPSP Model.IETF|SATransform" }] class CIM_SATransform : CIM_ScopedSettingData { [Override ( "ElementName" ), MappingStrings { "IPSP Model.IETF|SATransform.CommonName" }] string ElementName; [Description ( "MaxLifetimeSeconds specifies the maximum time that the " "Security Association should be considered valid after it " "has been created. A value of 0, the default, indicates that " "8 hours should be used. A non-zero value indicates the " "maximum lifetime in seconds."), Units ( "Seconds" ), MappingStrings { "IPSP " "Model.IETF|SATransform.MaxLifetimeSeconds" }] uint64 MaxLifetimeSeconds = 0; [Description ( "MaxLifetimeKilobytes specifies the maximum kilobyte " "lifetime for a Security Association. Different lifetimes " "are used, depending on the strength of the encryption " "algorithm. A value of 0, the default, indicates that no " "maximum should be defined. A non-zero value specifies the " "desired kilobyte lifetime."), Units ( "KiloBytes" ), MappingStrings { "IPSP " "Model.IETF|SATransform.MaxLifetimeKilobytes" }] uint64 MaxLifetimeKilobytes = 0; [Description ( "VendorID identifies vendor-defined transforms. If this " "field is empty (the default), then this is a standard " "transform."), MappingStrings { "IPSP Model.IETF|SATransform.VendorID" }] string VendorID = ""; }; // ================================================================== // TransformOfSecurityAssociation // ================================================================== [Association, Version ( "2.8.0" ), Description ( "TransformOfSecurityAssociation maps a SecurityAssociation " "Endpoint with the transform that it uses. For security, no " "keying material of the SA is exposed.")] class CIM_TransformOfSecurityAssociation : CIM_ElementSettingData { [Override ( "SettingData" ), Min ( 1 ), Max ( 1 ), Description ( "Transform of the IPsecSAEndpoint.")] CIM_SATransform REF SettingData; [Override ( "ManagedElement" ), Description ( "The IPsecSAEndpoint that uses the transform.")] CIM_IPsecSAEndpoint REF ManagedElement; }; // ================================================================== // AHTransform // ================================================================== [Version ( "2.8.0" ), Description ( "AHTransform defines the parameters used for a phase 2 AH " "(Authentication Header) Security Association."), MappingStrings { "IPSP Model.IETF|AHTransform" }] class CIM_AHTransform : CIM_SATransform { [Description ( "AHTransformId is an enumeration that specifies the hash " "algorithm to be used. The list of values was generated from " "RFC2407, Section 4.4.3."), ValueMap { "1", "2", "3", "4" }, Values { "Other", "MD5", "SHA-1", "DES" }, MappingStrings { "IPSP Model.IETF|AHTransform.AHTransformID", "RFC2407.IETF|Section 4.4.3" }, ModelCorrespondence { "CIM_AHTransform.OtherAHTransformId" }] uint16 AHTransformId; [Description ( "Description of the hash algorithm when the value 1 " "(\"Other\") is specified for the property, AHTransformId."), ModelCorrespondence { "CIM_AHTransform.AHTransformId" }] string OtherAHTransformId; [Description ( "UseReplayPrevention causes the local peer to enable replay " "prevention detection. This can be accomplished by using a " "sequence number when sending a packet or checking the " "sequence number upon receipt of a packet."), MappingStrings { "IPSP " "Model.IETF|AHTransform.UseReplayPrevention" }] boolean UseReplayPrevention; [Description ( "ReplayPreventionWindowsSize specifies, in bits, the length " "of the sliding window used by the replay prevention " "mechanism. The value of this property is meaningless if " "UseReplayPrevention is false. The window size MUST be a " "power of 2."), Units ( "Bits" ), MappingStrings { "IPSP " "Model.IETF|AHTransform.ReplayPreventionWindowSize" }] uint32 ReplayPreventionWindowSize; }; // ================================================================== // ESPTransform // ================================================================== [Version ( "2.8.0" ), Description ( "ESPTransform defines the parameters used for a phase 2 ESP " "(Encapsulating Security Protocol) Security Association."), MappingStrings { "IPSP Model.IETF|ESPTransform" }] class CIM_ESPTransform : CIM_SATransform { [Description ( "IntegrityTransformId is an enumeration that specifies the " "ESP integrity algorithm to be used. The list of values is " "generated from the enumeration defined in RFC2407, Section " "4.5. Note that the enumeration is different than the RFC " "list, since the values of Other and None are taken into " "account. Also, note that 2 (\"None\") is used when ESP is " "negotiated without authentication."), ValueMap { "1", "2", "3", "4", "5", "6", "7..61439", "61440..65535" }, Values { "Other", "None", "MD5", "SHA-1", "DES", "KPDK", "DMTF/IANA Reserved", "Vendor Reserved" }, MappingStrings { "IPSP " "Model.IETF|ESPTransform.IntegrityTransformId", "RFC2407.IETF|Section 4.5" }, ModelCorrespondence { "CIM_ESPTransform.OtherIntegrityTransformId" }] uint16 IntegrityTransformId; [Description ( "Description of the integrity algorithm when the value 1 " "(\"Other\") is specified for the property, " "IntegrityTransformId."), ModelCorrespondence { "CIM_ESPTransform.IntegrityTransformId" }] string OtherIntegrityTransformId; [Description ( "CipherTransformId is an enumeration that specifies the ESP " "encrypion algorithm to be used. The list of values is " "defined in RFC2407, Section 4.4.4, where the RFC's NULL " "value maps to 2-\"None\". Note that the enumeration is " "different than the RFC list, since 'Other' is added to the " "enumeration."), ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12" }, Values { "Other", "None", "DES_IV64", "DES", "3DES", "RC5", "IDEA", "CAST", "Blowfish", "3-IDEA", "DES_IV32", "RC4" }, MappingStrings { "IPSP " "Model.IETF|ESPTransform.CipherTransformId", "RFC2407.IETF|Section 4.4.4" }, ModelCorrespondence { "CIM_ESPTransform.OtherCipherTransformId" }] uint16 CipherTransformId; [Description ( "Description of the encryption algorithm when the value 1 " "(\"Other\") is specified for the property, " "CipherTransformId."), ModelCorrespondence { "CIM_ESPTransform.CipherTransformId" }] string OtherCipherTransformId; [Description ( "CipherKeyLength specifies, in bits, the key length for the " "encryption algorithm. For algorithms with fixed key " "lengths, this value is ignored."), Units ( "Bits" ), MappingStrings { "IPSP Model.IETF|ESPTransform.CipherKeyLength" }] uint16 CipherKeyLength; [Description ( "CipherKeyRounds specifies the key rounds for the encryption " "algorithm. For algorithms with a fixed number of key " "rounds, this value is ignored. Currently, key rounds are " "NOT defined for any ESP encryption algorithms."), MappingStrings { "IPSP Model.IETF|ESPTransform.CipherKeyRounds" }] uint16 CipherKeyRounds; [Description ( "UseReplayPrevention causes the local peer to enable replay " "prevention detection. This can be accomplished by using a " "sequence number when sending a packet or checking the " "sequence number upon receipt of a packet."), MappingStrings { "IPSP " "Model.IETF|ESPTransform.UseReplayPrevention" }] boolean UseReplayPrevention; [Description ( "ReplayPreventionWindowsSize specifies, in bits, the length " "of the sliding window used by the replay prevention " "mechanism. The value of this property is meaningless if " "UseReplayPrevention is false. The window size MUST be a " "power of 2."), Units ( "Bits" ), MappingStrings { "IPSP " "Model.IETF|ESPTransform.ReplayPreventionWindowSize" }] uint32 ReplayPreventionWindowSize; }; // ================================================================== // IPCOMPTransform // ================================================================== [Version ( "2.8.0" ), Description ( "The IPCOMPTransform specifies the IP compression algorithm to " "use for payload of the Security Association."), MappingStrings { "IPSP Model.IETF|IPCOMPTransform" }] class CIM_IPCOMPTransform : CIM_SATransform { [Description ( "The Algorithm is an enumeration that designates the IPCOMP " "compression algorithm to use. Its values are generated from " "RFC2407, Section 4.4.5. Note that the values are modified " "from the RFC, since 'Other' must be taken into account."), ValueMap { "1", "2", "3", "4" }, Values { "Other", "Vendor Algorithm/OUI", "DEFLATE", "LZS" }, MappingStrings { "IPSP Model.IETF|IPCOMPTransform.Algorithm", "RFC2407.IETF|Section 4.4.5" }, ModelCorrespondence { "CIM_IPCOMPTransform.PrivateAlgorithm", "CIM_IPCOMPTransform.OtherAlgorithm" }] uint16 Algorithm; [Description ( "Description of the compression algorithm when the value 1 " "(\"Other\") is specified for the property, Algorithm."), ModelCorrespondence { "CIM_IPCOMPTransform.Algorithm" }] string OtherAlgorithm; [Description ( "A private compression algorithm, used when the Algorithm " "property is set to 2, \"Vendor Algorithm/OUI\"."), MappingStrings { "IPSP " "Model.IETF|IPCOMPTransform.PrivateAlgorithm" }, ModelCorrespondence { "CIM_IPCOMPTransform.Algorithm" }] uint32 PrivateAlgorithm; [Description ( "DictionarySize is an optional field that specifies the log2 " "maximum size of the dictionary for the compression " "algorithm. For dictionaries that have a fixed size, this " "value is ignored."), MappingStrings { "IPSP " "Model.IETF|IPCOMPTransform.DictionarySize" }] uint16 DictionarySize; }; // =================================================================== // end of file // ===================================================================
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |