Return to
Network_IPsec.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIM29
|
Return to
Network_IPsec.mof
CVS log
|
Up to [Pegasus] / pegasus / Schemas / CIM29
|
|
File: [Pegasus] / pegasus / Schemas / CIM29 / Network_IPsec.mof
(download)
Revision: 1.1, Thu Feb 17 00:09:56 2005 UTC (19 years, 3 months ago) by a.dunfey Branch: MAIN CVS Tags: preBug9676, postBug9676, TASK_PEP328_SOLARIS_NEVADA_PORT, TASK_PEP317_1JUNE_2013, TASK_PEP233_EmbeddedInstSupport-merge_out_trunk, TASK_BUG_5314_IPC_REFACTORING_ROOT, TASK_BUG_5314_IPC_REFACTORING_BRANCH, TASK_BUG_5314_IPC_REFACTORING-V1, TASK_BUG_5191_QUEUE_CONSOLIDATION_ROOT, TASK_BUG_5191_QUEUE_CONSOLIDATION_BRANCH, TASK-TASK_PEP362_RestfulService_branch-root, TASK-TASK_PEP362_RestfulService_branch-merged_out_from_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_to_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_from_branch, TASK-TASK_PEP362_RestfulService_branch-branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-root, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_to_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_from_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_to_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_from_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-branch, TASK-PEP362_RestfulService-root, TASK-PEP362_RestfulService-merged_out_to_branch, TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP362_RestfulService-merged_in_to_trunk, TASK-PEP362_RestfulService-merged_in_from_branch, TASK-PEP362_RestfulService-branch, TASK-PEP348_SCMO-root, TASK-PEP348_SCMO-merged_out_to_branch, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP348_SCMO-merged_in_to_trunk, TASK-PEP348_SCMO-merged_in_from_branch, TASK-PEP348_SCMO-branch, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-root, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-branch, TASK-PEP328_SOLARIS_NEVADA_PORT-root, TASK-PEP328_SOLARIS_NEVADA_PORT-branch, TASK-PEP328_SOLARIS_IX86_CC_PORT-root, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch-v2, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch, TASK-PEP317_pullop-root, TASK-PEP317_pullop-merged_out_to_branch, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP317_pullop-merged_in_from_branch, TASK-PEP317_pullop-branch, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, TASK-PEP305_VXWORKS-root, TASK-PEP305_VXWORKS-branch-pre-solaris-port, TASK-PEP305_VXWORKS-branch-post-solaris-port, TASK-PEP305_VXWORKS-branch-beta2, TASK-PEP305_VXWORKS-branch, TASK-PEP305_VXWORKS-2008-10-23, TASK-PEP291_IPV6-root, TASK-PEP291_IPV6-branch, TASK-PEP286_PRIVILEGE_SEPARATION-root, TASK-PEP286_PRIVILEGE_SEPARATION-branch, TASK-PEP274_dacim-root, TASK-PEP274_dacim-merged_out_to_branch, TASK-PEP274_dacim-merged_out_from_trunk, TASK-PEP274_dacim-merged_in_to_trunk, TASK-PEP274_dacim-merged_in_from_branch, TASK-PEP274_dacim-branch, TASK-PEP268_SSLClientCertificatePropagation-root, TASK-PEP268_SSLClientCertificatePropagation-merged_out_to_branch, TASK-PEP268_SSLClientCertificatePropagation-merged_out_from_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_to_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_from_branch, TASK-PEP268_SSLClientCertificatePropagation-branch, TASK-PEP267_SLPReregistrationSupport-root, TASK-PEP267_SLPReregistrationSupport-merging_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merging_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merged_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_to_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_from_branch, TASK-PEP267_SLPReregistrationSupport-branch, TASK-PEP250_RPMProvider-root, TASK-PEP250_RPMProvider-merged_out_to_branch, TASK-PEP250_RPMProvider-merged_out_from_trunk, TASK-PEP250_RPMProvider-merged_in_to_trunk, TASK-PEP250_RPMProvider-merged_in_from_branch, TASK-PEP250_RPMProvider-branch, TASK-PEP245_CimErrorInfrastructure-root, TASK-PEP245_CimErrorInfrastructure-merged_out_to_branch, TASK-PEP245_CimErrorInfrastructure-merged_out_from_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_to_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_from_branch, TASK-PEP245_CimErrorInfrastructure-branch, TASK-PEP241_OpenPegasusStressTests-root, TASK-PEP241_OpenPegasusStressTests-merged_out_to_branch, TASK-PEP241_OpenPegasusStressTests-merged_out_from_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_to_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_from_branch, TASK-PEP241_OpenPegasusStressTests-branch, TASK-Bugs5690_3913_RemoteCMPI-root, TASK-Bugs5690_3913_RemoteCMPI-merged_out_to_branch, TASK-Bugs5690_3913_RemoteCMPI-merged_out_from_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_to_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_from_branch, TASK-Bugs5690_3913_RemoteCMPI-branch, TASK-Bug2102_RCMPIWindows-root, TASK-Bug2102_RCMPIWindows-merged_out_to_branch, TASK-Bug2102_RCMPIWindows-merged_out_from_trunk, TASK-Bug2102_RCMPIWindows-merged_in_to_trunk, TASK-Bug2102_RCMPIWindows-merged_in_from_branch, TASK-Bug2102_RCMPIWindows-branch, TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch, TASK-Bug2021_RemoteCMPIonWindows-root, TASK-Bug2021_RemoteCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RemoteCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RemoteCMPIonWindows-branch, TASK-Bug2021_RCMPIonWindows-root, TASK-Bug2021_RCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RCMPIonWindows-branch, TASK-BUG7240-root, TASK-BUG7240-branch, TASK-BUG7146_SqlRepositoryPrototype-root, TASK-BUG7146_SqlRepositoryPrototype-merged_out_to_branch, TASK-BUG7146_SqlRepositoryPrototype-merged_out_from_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_to_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_from_branch, TASK-BUG7146_SqlRepositoryPrototype-branch, TASK-BUG4011_WinLocalConnect-root, TASK-BUG4011_WinLocalConnect-merged_out_to_branch, TASK-BUG4011_WinLocalConnect-merged_out_from_trunk, TASK-BUG4011_WinLocalConnect-merged_in_to_trunk, TASK-BUG4011_WinLocalConnect-merged_in_from_branch, TASK-BUG4011_WinLocalConnect-branch-New, TASK-BUG4011_WinLocalConnect-branch, STABLE, RELEASE_2_9_2-RC2, RELEASE_2_9_2-RC1, RELEASE_2_9_2, RELEASE_2_9_1-RC1, RELEASE_2_9_1, RELEASE_2_9_0-RC1, RELEASE_2_9_0-FC, RELEASE_2_9_0, RELEASE_2_9-root, RELEASE_2_9-branch, RELEASE_2_8_2-RC1, RELEASE_2_8_2, RELEASE_2_8_1-RC1, RELEASE_2_8_1, RELEASE_2_8_0_BETA, RELEASE_2_8_0-RC2, RELEASE_2_8_0-RC1, RELEASE_2_8_0-FC, RELEASE_2_8_0, RELEASE_2_8-root, RELEASE_2_8-branch, RELEASE_2_7_3-RC1, RELEASE_2_7_3, RELEASE_2_7_2-RC1, RELEASE_2_7_2, RELEASE_2_7_1-RC1, RELEASE_2_7_1, RELEASE_2_7_0-RC1, RELEASE_2_7_0-BETA, RELEASE_2_7_0, RELEASE_2_7-root, RELEASE_2_7-branch, RELEASE_2_6_3-RC2, RELEASE_2_6_3-RC1, RELEASE_2_6_3, RELEASE_2_6_2-RC1, RELEASE_2_6_2, RELEASE_2_6_1-RC1, RELEASE_2_6_1, RELEASE_2_6_0-RC1, RELEASE_2_6_0-FC, RELEASE_2_6_0, RELEASE_2_6-root, RELEASE_2_6-branch-clean, RELEASE_2_6-branch, RELEASE_2_5_5-RC2, RELEASE_2_5_5-RC1, RELEASE_2_5_5, RELEASE_2_5_4-RC2, RELEASE_2_5_4-RC1, RELEASE_2_5_4, RELEASE_2_5_3-RC1, RELEASE_2_5_3, RELEASE_2_5_2-RC1, RELEASE_2_5_2, RELEASE_2_5_1-RC1, RELEASE_2_5_1, RELEASE_2_5_0-RC1, RELEASE_2_5_0, RELEASE_2_5-root, RELEASE_2_5-branch, RELEASE_2_14_1, RELEASE_2_14_0-RC2, RELEASE_2_14_0-RC1, RELEASE_2_14_0, RELEASE_2_14-root, RELEASE_2_14-branch, RELEASE_2_13_0-RC2, RELEASE_2_13_0-RC1, RELEASE_2_13_0-FC, RELEASE_2_13_0, RELEASE_2_13-root, RELEASE_2_13-branch, RELEASE_2_12_1-RC1, RELEASE_2_12_1, RELEASE_2_12_0-RC1, RELEASE_2_12_0-FC, RELEASE_2_12_0, RELEASE_2_12-root, RELEASE_2_12-branch, RELEASE_2_11_2-RC1, RELEASE_2_11_2, RELEASE_2_11_1-RC1, RELEASE_2_11_1, RELEASE_2_11_0-RC1, RELEASE_2_11_0-FC, RELEASE_2_11_0, RELEASE_2_11-root, RELEASE_2_11-branch, RELEASE_2_10_1-RC1, RELEASE_2_10_1, RELEASE_2_10_0-RC2, RELEASE_2_10_0-RC1, RELEASE_2_10_0, RELEASE_2_10-root, RELEASE_2_10-branch, PREAUG25UPDATE, POSTAUG25UPDATE, PEP286_PRIVILEGE_SEPARATION_ROOT, PEP286_PRIVILEGE_SEPARATION_CODE_FREEZE, PEP286_PRIVILEGE_SEPARATION_BRANCH, PEP286_PRIVILEGE_SEPARATION_1, PEP244_ServerProfile-root, PEP244_ServerProfile-branch, PEP233_EmbeddedInstSupport-root, PEP233_EmbeddedInstSupport-branch, PEP214ROOT, PEP214BRANCH, PEP214-root, PEP214-branch, PEP-214B-root, PEGASUS_2_5_0_PerformanceDev-string-end, PEGASUS_2_5_0_PerformanceDev-rootlt, PEGASUS_2_5_0_PerformanceDev-root, PEGASUS_2_5_0_PerformanceDev-r2, PEGASUS_2_5_0_PerformanceDev-r1, PEGASUS_2_5_0_PerformanceDev-lit-end, PEGASUS_2_5_0_PerformanceDev-buffer-end, PEGASUS_2_5_0_PerformanceDev-branch, PEGASUS_2_5_0_PerformanceDev-AtomicInt-branch, PEG25_IBM_5_16_05, NPEGASUS_2_5_0_PerformanceDev-String-root, NNPEGASUS_2_5_0_PerformanceDev-String-branch, Makefile, HPUX_TEST, HEAD, CIMRS_WORK_20130824, BeforeUpdateToHeadOct82011, BUG_4225_PERFORMANCE_VERSION_1_DONE PEP#: 215 TITLE: Adding CIM29 to Repository DESCRIPTION: I added CIM 2.9 Final to the Pegasus Repository. I did NOT make any build changes. This just makes the CIM29 schema available for testing until a time is designated for switching the default schema from 2.8 to 2.9. |
// ===================================================================
// Title: Network_IPsec
// $State: Exp $
// $Date: 2005/02/17 00:09:56 $
// $RCSfile: Network_IPsec.mof,v $
// $Revision: 1.1 $
// ===================================================================
//#pragma inLine ("Includes/copyright.inc")
// Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
// All rights reserved.
// DMTF is a not-for-profit association of industry members dedicated
// to promoting enterprise and systems management and interoperability.
// DMTF specifications and documents may be reproduced for uses
// consistent with this purpose by members and non-members,
// provided that correct attribution is given.
// As DMTF specifications may be revised from time to time,
// the particular version and release date should always be noted.
//
// Implementation of certain elements of this standard or proposed
// standard may be subject to third party patent rights, including
// provisional patent rights (herein "patent rights"). DMTF makes
// no representations to users of the standard as to the existence
// of such rights, and is not responsible to recognize, disclose, or
// identify any or all such third party patent right, owners or
// claimants, nor for any incomplete or inaccurate identification or
// disclosure of such rights, owners or claimants. DMTF shall have no
// liability to any party, in any manner or circumstance, under any
// legal theory whatsoever, for failure to recognize, disclose, or
// identify any such third party patent rights, or for such party's
// reliance on the standard or incorporation thereof in its product,
// protocols or testing procedures. DMTF shall have no liability to
// any party implementing such standard, whether such implementation
// is foreseeable or not, nor to any patent owner or claimant, and shall
// have no liability or responsibility for costs or losses incurred if
// a standard is withdrawn or modified after publication, and shall be
// indemnified and held harmless by any party implementing the
// standard from any and all claims of infringement by a patent owner
// for such implementations.
//
// For information about patents held by third-parties which have
// notified the DMTF that, in their opinion, such patent may relate to
// or impact implementations of DMTF standards, visit
// http://www.dmtf.org/about/policies/disclosures.php.
//#pragma inLine
// ===================================================================
// Description: The Network Model extends the management concepts to
// represent protocol interfaces and network/protocol
// services. This file defines the classes to manage
// an IPsec security association.
//
// The object classes below are listed in an order that
// avoids forward references. Required objects, defined
// by other working groups, are omitted.
// ==================================================================
// This model was originally introduced in CIM V2.6 Preliminary and
// was not promoted to Final status. The following CR updates the
// V2.6 MOF and better aligns it with the IETF I-D from the IPSP
// Working Group.
// CR1026 - Modifications to the V2.6 MOF for IPsec management
// Change Log CIM V2.8
// CR1194 - Promote all classes to final
// CR1238 - Fix model correspondece reference problems in final version
//
// ===================================================================
#pragma Locale ("en_US")
// ==================================================================
// Security Association Endpoints
// ==================================================================
// ==================================================================
// SecurityAssociationEndpoint
// ==================================================================
[Version ( "2.8.0" ), Description (
"SecurityAssociationEndpoint (SAEndpoint) represents the "
"endpoint of a secure connection. This is typically an IP "
"connection, although the model allows more flexibility than "
"just IP. The SecurityAssociationEndpoint is tied to an "
"IPProtocolEndpoint (or possibly other endpoint) using the "
"LogicalIdentity association. Note that an endpoint is defined "
"at both ends of the connection.")]
class CIM_SecurityAssociationEndpoint : CIM_ProtocolEndpoint {
[Override ( "InstallDate" ), Description (
"InstallDate records when the SA (and its endpoint) was "
"created.")]
datetime InstallDate;
[Description (
"LifetimeSeconds specifies the maximum time that the SA will "
"be considered valid after it has been created. A value of "
"zero indicates that the default of 8 hours be used. A "
"non-zero value indicates the seconds lifetime."),
Units ( "Seconds" )]
uint64 LifetimeSeconds = 0;
[Write, Description (
"RefreshThresholdSecondsPercentage is the lifetime "
"percentage after which a new SA should be acquired, before "
"the existing SA expires. A random period may be added to a "
"calculated threshold to reduce network thrashing."),
Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 )]
uint8 RefreshThresholdSecondsPercentage;
[Description (
"IdleDurationSeconds specifies how long the SA can be idle "
"before it is deleted. The default value, 0, indicates that "
"there is no idle timeout period."),
Units ( "Seconds" )]
uint64 IdleDurationSeconds = 0;
[Description (
"LifetimeKilobytes specifies the maximum number of kilobytes "
"of data traffic to be protected by the SA. A value of zero "
"(the default) indicates that there should be no maximum "
"kilobyte lifetime. A non-zero value specifies the desired "
"kilobyte lifetime. The SA is deleted when the "
"LifetimeKilobyte value is exceeded."),
Units ( "KiloBytes" )]
uint64 LifetimeKilobytes = 0;
[Write, Description (
"RefreshThresholdKbytesPercentage is the lifetime percentage "
"of kilobytes processed, at which a new SA should be "
"acquired. A random value may be added to the calculated "
"threshold to reduce network thrashing."),
Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 )]
uint8 RefreshThresholdKbytesPercentage;
[Write, Description (
"PacketLoggingActive causes a log to be kept of traffic "
"processed by the SAEndpoint.")]
boolean PacketLoggingActive;
};
// ==================================================================
// FilterOfSecurityAssociation
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"FilterOfSecurityAssociation associates a network traffic "
"specification (i.e., a FilterList) with a SecurityAssociation "
"Endpoint, to which the filter list applies.")]
class CIM_FilterOfSecurityAssociation : CIM_Dependency {
[Override ( "Antecedent" ), Max ( 1 ), Description (
"FilterList describing the traffic to be selected/matched.")]
CIM_FilterList REF Antecedent;
[Override ( "Dependent" ), Description (
"SecurityAssociation using the FilterList as its traffic "
"selector.")]
CIM_SecurityAssociationEndpoint REF Dependent;
};
// ==================================================================
// SAEndpointConnectionStatistics
// ==================================================================
[Version ( "2.8.0" ), Description (
"This class captures statistical and time-related information "
"about the use of the IPsec or IKE Security Associations, "
"through their IPsecSAEndpoint or IKESAEndpoint. The relevant "
"SAEndpoint is determined by traversing the "
"ElementStatisticalData association.")]
class CIM_SAEndpointConnectionStatistics : CIM_StatisticalData {
[Description (
"Number of bytes that have been protected by the associated "
"SAEndpoint."),
Units ( "Bytes" ), Counter]
uint64 ByteCount;
[Description (
"LastAccessed indicates when the SAEndpoint was last used. "
"This property is helpful in determining if the SA (and its "
"endpoint) will be deleted due to sitting idle.")]
datetime LastAccessed;
};
// ==================================================================
// SAEndpointRefreshSettings
// ==================================================================
[Version ( "2.8.0" ), Description (
"SAEndpointRefreshSettings hold the refresh thresholds for the "
"SecurityAssociationEndpoint. Since these settings may change "
"for an SA, the properties are defined both in this class and "
"in SecurityAssociationEndpoint.")]
class CIM_SAEndpointRefreshSettings : CIM_SettingData {
[Write, Description (
"RefreshThresholdSecondsPercentage is the lifetime "
"percentage after which a new SA should be acquired, before "
"the existing SA expires."),
Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 ),
ModelCorrespondence { "CIM_SecurityAssociationEndpoint."
"RefreshThresholdSecondsPercentage" }]
uint8 RefreshThresholdSecondsPercentage;
[Write, Description (
"RefreshThresholdKbytesPercentage is the lifetime percentage "
"of kilobytes processed, at which a new SA should be "
"acquired."),
Units ( "Percent" ), MinValue ( 0 ), MaxValue ( 100 ),
ModelCorrespondence { "CIM_SecurityAssociationEndpoint."
"RefreshThresholdKbytesPercentage" }]
uint8 RefreshThresholdKbytesPercentage;
};
// ==================================================================
// IPsecSAEndpoint
// ==================================================================
[Version ( "2.8.0" ), Description (
"IPsecSAEndpoints are types of SecurityAssociationEndpoints "
"representing both negotiated and static SAs that correspond to "
"AH, ESP, or IPCOMP transforms.")]
class CIM_IPsecSAEndpoint : CIM_SecurityAssociationEndpoint {
[Description (
"SPI contains the Security Parameter Index of the SA. This "
"value in string form may also be used in the key field "
"'Name' inherited from ServiceAccessPoint.")]
uint32 SPI;
[Description (
"InboundDirection specifies whether the SA applies to "
"inbound (TRUE) or outbound (FALSE) traffic.")]
boolean InboundDirection;
[Description (
"EncapsulationMode indicates whether the IPsecSAEndpoint "
"uses transport or tunnel encapsulation."),
ValueMap { "0", "2", "3" },
Values { "Unknown", "Tunnel", "Transport" }]
uint16 EncapsulationMode;
[Description (
"DFHandling controls how the 'Don't Fragment' bit is managed "
"by the IPsecSAEndpoint."),
ValueMap { "0", "2", "3", "4" },
Values { "Unknown", "Copy from Internal to External IP Header",
"Set DF Bit in External Header to 1",
"Set DF Bit in External Header to 0" }]
uint16 DFHandling;
[Description (
"PFSInUse indicates whether perfect forward secrecy is "
"required when refreshing keys.")]
boolean PFSInUse;
};
// ==================================================================
// PeerOfIPsecSAEndpoint
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"PeerOfIPsecSAEndpoint identifies the peer of the "
"IPsecSAEndpoint.")]
class CIM_PeerOfSAEndpoint : CIM_Dependency {
[Override ( "Antecedent" ), Max ( 1 ), Description (
"The peer for the SAEndpoint.")]
CIM_RemoteServiceAccessPoint REF Antecedent;
[Override ( "Dependent" ), Description (
"The IPsecSAEndpoint which has a peer.")]
CIM_IPsecSAEndpoint REF Dependent;
};
// ==================================================================
// IKESAEndpoint
// ==================================================================
[Version ( "2.8.0" ), Description (
"IKESAEndpoint is created in the first phase of SA negotiation "
"and protects the key negotiation traffic. This endpoint is "
"only created when IKE is the key exchange protocol. Other "
"protocols and their endpoints will be defined in a future "
"release.")]
class CIM_IKESAEndpoint : CIM_SecurityAssociationEndpoint {
[Description (
"Identifier of the IKE phase 1 negotiation initiator. "
"Combined with the ResponderCookie, this value, in string "
"form, may be used to construct the value of the key field "
"'Name', inherited from ServiceAccessPoint.")]
uint64 InitiatorCookie;
[Description (
"Identifier of the IKE phase 1 negotiation responder. "
"Combined with the InitiatorCookie, this value, in string "
"form, may be used to construct the value of the key field "
"'Name', inherited from ServiceAccessPoint.")]
uint64 ResponderCookie;
[Description (
"CipherAlgorithm is an enumeration that specifies the "
"encryption algorithm used by the IKESAEndpoint. The list of "
"algorithms was generated from Appendix A of RFC2409. Note "
"that the enumeration is different than the RFC list, since "
"the values of Unknown and Other are taken into account."),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8..65000",
"65001..65535" },
Values { "Unknown", "Other", "DES", "IDEA", "Blowfish", "RC5",
"3DES", "CAST", "DMTF/IANA Reserved", "Vendor Reserved" },
MappingStrings { "RFC2409.IETF|Appendix A" },
ModelCorrespondence { "CIM_IKESAEndpoint.OtherCipherAlgorithm" }]
uint16 CipherAlgorithm;
[Description (
"Description of the encryption algorithm when the value 1 "
"(\"Other\") is specified for the property, CipherAlgorithm."),
ModelCorrespondence { "CIM_IKESAEndpoint.CipherAlgorithm" }]
string OtherCipherAlgorithm;
[Description (
"HashAlgorithm is an enumeration that specifies the hash "
"function used by the IKESAEndpoint. The list of algorithms "
"was generated from Appendix A of RFC2409. Note that the "
"enumeration is different than the RFC list, since the "
"values of Unknown and Other are taken into account."),
ValueMap { "0", "1", "2", "3", "4", "5..65000", "65001..65535" },
Values { "Unknown", "Other", "MD5", "SHA-1", "Tiger",
"DMTF/IANA Reserved", "Vendor Reserved" },
MappingStrings { "RFC2409.IETF|Appendix A" },
ModelCorrespondence { "CIM_IKESAEndpoint.OtherHashAlgorithm" }]
uint16 HashAlgorithm;
[Description (
"Description of the hash function when the value 1 "
"(\"Other\") is specified for the property, HashAlgorithm."),
ModelCorrespondence { "CIM_IKESAEndpoint.HashAlgorithm" }]
string OtherHashAlgorithm;
[Description (
"AuthenticationMethod is an enumeration that specifies the "
"operation of the IKESAEndpoint. The list of methods was "
"generated from Appendix A of RFC2409. Note that the "
"enumeration is different than the RFC list, since the "
"values of Unknown and Other are taken into account."),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7..65000",
"65001..65535" },
Values { "Unknown", "Other", "Pre-Shared Key", "DSS Signatures",
"RSA Signatures", "Encryption with RSA",
"Revised Encryption with RSA", "DMTF/IANA Reserved",
"Vendor Reserved" },
MappingStrings { "RFC2409.IETF|Appendix A" },
ModelCorrespondence {
"CIM_IKESAEndpoint.OtherAuthenticationMethod" }]
uint16 AuthenticationMethod;
[Description (
"Description of the method when the value 1 (\"Other\") is "
"specified for the property, AuthenticationMethod."),
ModelCorrespondence { "CIM_IKESAEndpoint.AuthenticationMethod" }]
string OtherAuthenticationMethod;
[Description (
"GroupId specifies the key exchange group ID. If the GroupID "
"number is from the vendor-specific range (32768-65535), the "
"VendorID qualifies the group number. Well-known group "
"identifiers from RFC2412, Appendix E, are: Group 1='768 bit "
"prime', Group 2='1024 bit prime', Group 3= 'Elliptic Curve "
"Group with 155 bit field element', Group 4= 'Large Elliptic "
"Curve Group with 185 bit field element', and Group 5='1536 "
"bit prime'."),
ValueMap { "0", "1", "2", "3", "4", "5", "..", "0x8000.." },
Values { "No Group/Non-Diffie-Hellman Exchange",
"DH-768 bit prime", "DH-1024 bit prime",
"EC2N-155 bit field element", "EC2N-185 bit field element",
"DH-1536 bit prime", "Standard Group - Reserved",
"Vendor Reserved" },
MappingStrings { "RFC2412.IETF|Appendix E" },
ModelCorrespondence { "CIM_IKESAEndpoint.VendorID" }]
uint16 GroupId;
[Description (
"VendorID identifies the vendor when the value of GroupID is "
"in the vendor-specific range, 32768 to 65535."),
ModelCorrespondence { "CIM_IKESAEndpoint.GroupId" }]
string VendorID;
};
// ==================================================================
// Phase1SAUsedForPhase2
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"Phase1SAUsedForPhase2 associates a phase 1 endpoint (such as "
"an IKESAEndpoint) with an IPsecSAEndpoint that was negotiated "
"using that phase 1 Security Association.")]
class CIM_Phase1SAUsedForPhase2 : CIM_Dependency {
[Override ( "Antecedent" ), Max ( 1 ), Description (
"Phase 1 SAEndpoint that protected the negotiation of the "
"phase 2 Security Association. An example of a phase 1 "
"endpoint is an IKESAEndpoint.")]
CIM_SecurityAssociationEndpoint REF Antecedent;
[Override ( "Dependent" ), Description (
"The phase 2 SAEndpoint.")]
CIM_IPsecSAEndpoint REF Dependent;
};
// ==================================================================
// Security Association Transforms
// ==================================================================
// ==================================================================
// SATransform
// ==================================================================
[Abstract, Version ( "2.8.0" ), Description (
"SATransform is the base class for the various types of "
"transforms that are in effect for an existing IPsecSAEndpoint, "
"or aggregated into phase 2 proposals used during the IPsec "
"negotiation process. This class is defined as a kind of "
"ScopedSettingData, since it describes the set of transform "
"properties that MUST be applied together, if negotiated. This "
"subclassing is different than that defined in IETF's IPSP "
"Policy draft - where it is subclassed from Policy. The "
"definition as SettingData is more consistent with the "
"application of the properties as a set, to the negotiated "
"Security Association. \n"
"\n"
"Note that an instance of this class is 'scoped' or contained "
"by a System (either a ComputerSystem or AdminDomain), rather "
"than by a SecurityAssociationEndpoint. This is indicated by "
"instantiating the ScopedSetting association, and is necessary "
"since the transform data is used in IPsec negotiation policies "
"(also scoped by Systems) before ever being associated with a "
"SecurityAssociationEndpoint. The latter semantics (i.e., that "
"'this' transform is negotiated for 'this' Security "
"Association) is conveyed via a subclass of ElementSettingData, "
"TransformOfSecurityAssociation."),
MappingStrings { "IPSP Model.IETF|SATransform" }]
class CIM_SATransform : CIM_ScopedSettingData {
[Override ( "ElementName" ),
MappingStrings { "IPSP Model.IETF|SATransform.CommonName" }]
string ElementName;
[Description (
"MaxLifetimeSeconds specifies the maximum time that the "
"Security Association should be considered valid after it "
"has been created. A value of 0, the default, indicates that "
"8 hours should be used. A non-zero value indicates the "
"maximum lifetime in seconds."),
Units ( "Seconds" ),
MappingStrings { "IPSP "
"Model.IETF|SATransform.MaxLifetimeSeconds" }]
uint64 MaxLifetimeSeconds = 0;
[Description (
"MaxLifetimeKilobytes specifies the maximum kilobyte "
"lifetime for a Security Association. Different lifetimes "
"are used, depending on the strength of the encryption "
"algorithm. A value of 0, the default, indicates that no "
"maximum should be defined. A non-zero value specifies the "
"desired kilobyte lifetime."),
Units ( "KiloBytes" ),
MappingStrings { "IPSP "
"Model.IETF|SATransform.MaxLifetimeKilobytes" }]
uint64 MaxLifetimeKilobytes = 0;
[Description (
"VendorID identifies vendor-defined transforms. If this "
"field is empty (the default), then this is a standard "
"transform."),
MappingStrings { "IPSP Model.IETF|SATransform.VendorID" }]
string VendorID = "";
};
// ==================================================================
// TransformOfSecurityAssociation
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"TransformOfSecurityAssociation maps a SecurityAssociation "
"Endpoint with the transform that it uses. For security, no "
"keying material of the SA is exposed.")]
class CIM_TransformOfSecurityAssociation : CIM_ElementSettingData {
[Override ( "SettingData" ), Min ( 1 ), Max ( 1 ), Description (
"Transform of the IPsecSAEndpoint.")]
CIM_SATransform REF SettingData;
[Override ( "ManagedElement" ), Description (
"The IPsecSAEndpoint that uses the transform.")]
CIM_IPsecSAEndpoint REF ManagedElement;
};
// ==================================================================
// AHTransform
// ==================================================================
[Version ( "2.8.0" ), Description (
"AHTransform defines the parameters used for a phase 2 AH "
"(Authentication Header) Security Association."),
MappingStrings { "IPSP Model.IETF|AHTransform" }]
class CIM_AHTransform : CIM_SATransform {
[Description (
"AHTransformId is an enumeration that specifies the hash "
"algorithm to be used. The list of values was generated from "
"RFC2407, Section 4.4.3."),
ValueMap { "1", "2", "3", "4" },
Values { "Other", "MD5", "SHA-1", "DES" },
MappingStrings { "IPSP Model.IETF|AHTransform.AHTransformID",
"RFC2407.IETF|Section 4.4.3" },
ModelCorrespondence { "CIM_AHTransform.OtherAHTransformId" }]
uint16 AHTransformId;
[Description (
"Description of the hash algorithm when the value 1 "
"(\"Other\") is specified for the property, AHTransformId."),
ModelCorrespondence { "CIM_AHTransform.AHTransformId" }]
string OtherAHTransformId;
[Description (
"UseReplayPrevention causes the local peer to enable replay "
"prevention detection. This can be accomplished by using a "
"sequence number when sending a packet or checking the "
"sequence number upon receipt of a packet."),
MappingStrings { "IPSP "
"Model.IETF|AHTransform.UseReplayPrevention" }]
boolean UseReplayPrevention;
[Description (
"ReplayPreventionWindowsSize specifies, in bits, the length "
"of the sliding window used by the replay prevention "
"mechanism. The value of this property is meaningless if "
"UseReplayPrevention is false. The window size MUST be a "
"power of 2."),
Units ( "Bits" ),
MappingStrings { "IPSP "
"Model.IETF|AHTransform.ReplayPreventionWindowSize" }]
uint32 ReplayPreventionWindowSize;
};
// ==================================================================
// ESPTransform
// ==================================================================
[Version ( "2.8.0" ), Description (
"ESPTransform defines the parameters used for a phase 2 ESP "
"(Encapsulating Security Protocol) Security Association."),
MappingStrings { "IPSP Model.IETF|ESPTransform" }]
class CIM_ESPTransform : CIM_SATransform {
[Description (
"IntegrityTransformId is an enumeration that specifies the "
"ESP integrity algorithm to be used. The list of values is "
"generated from the enumeration defined in RFC2407, Section "
"4.5. Note that the enumeration is different than the RFC "
"list, since the values of Other and None are taken into "
"account. Also, note that 2 (\"None\") is used when ESP is "
"negotiated without authentication."),
ValueMap { "1", "2", "3", "4", "5", "6", "7..61439",
"61440..65535" },
Values { "Other", "None", "MD5", "SHA-1", "DES", "KPDK",
"DMTF/IANA Reserved", "Vendor Reserved" },
MappingStrings { "IPSP "
"Model.IETF|ESPTransform.IntegrityTransformId",
"RFC2407.IETF|Section 4.5" },
ModelCorrespondence {
"CIM_ESPTransform.OtherIntegrityTransformId" }]
uint16 IntegrityTransformId;
[Description (
"Description of the integrity algorithm when the value 1 "
"(\"Other\") is specified for the property, "
"IntegrityTransformId."),
ModelCorrespondence { "CIM_ESPTransform.IntegrityTransformId" }]
string OtherIntegrityTransformId;
[Description (
"CipherTransformId is an enumeration that specifies the ESP "
"encrypion algorithm to be used. The list of values is "
"defined in RFC2407, Section 4.4.4, where the RFC's NULL "
"value maps to 2-\"None\". Note that the enumeration is "
"different than the RFC list, since 'Other' is added to the "
"enumeration."),
ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
"11", "12" },
Values { "Other", "None", "DES_IV64", "DES", "3DES", "RC5",
"IDEA", "CAST", "Blowfish", "3-IDEA", "DES_IV32", "RC4" },
MappingStrings { "IPSP "
"Model.IETF|ESPTransform.CipherTransformId",
"RFC2407.IETF|Section 4.4.4" },
ModelCorrespondence { "CIM_ESPTransform.OtherCipherTransformId"
}]
uint16 CipherTransformId;
[Description (
"Description of the encryption algorithm when the value 1 "
"(\"Other\") is specified for the property, "
"CipherTransformId."),
ModelCorrespondence { "CIM_ESPTransform.CipherTransformId" }]
string OtherCipherTransformId;
[Description (
"CipherKeyLength specifies, in bits, the key length for the "
"encryption algorithm. For algorithms with fixed key "
"lengths, this value is ignored."),
Units ( "Bits" ),
MappingStrings { "IPSP Model.IETF|ESPTransform.CipherKeyLength"
}]
uint16 CipherKeyLength;
[Description (
"CipherKeyRounds specifies the key rounds for the encryption "
"algorithm. For algorithms with a fixed number of key "
"rounds, this value is ignored. Currently, key rounds are "
"NOT defined for any ESP encryption algorithms."),
MappingStrings { "IPSP Model.IETF|ESPTransform.CipherKeyRounds"
}]
uint16 CipherKeyRounds;
[Description (
"UseReplayPrevention causes the local peer to enable replay "
"prevention detection. This can be accomplished by using a "
"sequence number when sending a packet or checking the "
"sequence number upon receipt of a packet."),
MappingStrings { "IPSP "
"Model.IETF|ESPTransform.UseReplayPrevention" }]
boolean UseReplayPrevention;
[Description (
"ReplayPreventionWindowsSize specifies, in bits, the length "
"of the sliding window used by the replay prevention "
"mechanism. The value of this property is meaningless if "
"UseReplayPrevention is false. The window size MUST be a "
"power of 2."),
Units ( "Bits" ),
MappingStrings { "IPSP "
"Model.IETF|ESPTransform.ReplayPreventionWindowSize" }]
uint32 ReplayPreventionWindowSize;
};
// ==================================================================
// IPCOMPTransform
// ==================================================================
[Version ( "2.8.0" ), Description (
"The IPCOMPTransform specifies the IP compression algorithm to "
"use for payload of the Security Association."),
MappingStrings { "IPSP Model.IETF|IPCOMPTransform" }]
class CIM_IPCOMPTransform : CIM_SATransform {
[Description (
"The Algorithm is an enumeration that designates the IPCOMP "
"compression algorithm to use. Its values are generated from "
"RFC2407, Section 4.4.5. Note that the values are modified "
"from the RFC, since 'Other' must be taken into account."),
ValueMap { "1", "2", "3", "4" },
Values { "Other", "Vendor Algorithm/OUI", "DEFLATE", "LZS" },
MappingStrings { "IPSP Model.IETF|IPCOMPTransform.Algorithm",
"RFC2407.IETF|Section 4.4.5" },
ModelCorrespondence { "CIM_IPCOMPTransform.PrivateAlgorithm",
"CIM_IPCOMPTransform.OtherAlgorithm" }]
uint16 Algorithm;
[Description (
"Description of the compression algorithm when the value 1 "
"(\"Other\") is specified for the property, Algorithm."),
ModelCorrespondence { "CIM_IPCOMPTransform.Algorithm" }]
string OtherAlgorithm;
[Description (
"A private compression algorithm, used when the Algorithm "
"property is set to 2, \"Vendor Algorithm/OUI\"."),
MappingStrings { "IPSP "
"Model.IETF|IPCOMPTransform.PrivateAlgorithm" },
ModelCorrespondence { "CIM_IPCOMPTransform.Algorithm" }]
uint32 PrivateAlgorithm;
[Description (
"DictionarySize is an optional field that specifies the log2 "
"maximum size of the dictionary for the compression "
"algorithm. For dictionaries that have a fixed size, this "
"value is ignored."),
MappingStrings { "IPSP "
"Model.IETF|IPCOMPTransform.DictionarySize" }]
uint16 DictionarySize;
};
// ===================================================================
// end of file
// ===================================================================
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |