Return to
Network28_IPsec.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim28
|
Return to
Network28_IPsec.mof
CVS log
|
Up to [Pegasus] / pegasus / Schemas / CIMPrelim28
|
|
File: [Pegasus] / pegasus / Schemas / CIMPrelim28 / Attic / Network28_IPsec.mof
(download)
Revision: 1.2, Thu Feb 24 20:47:29 2005 UTC (19 years, 3 months ago) by a.dunfey Branch: MAIN CVS Tags: TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, RELEASE_2_5_0-RC1, HPUX_TEST, HEAD Changes since 1.1: +0 -0 lines FILE REMOVED PEP#: 215 TITLE: Remove old schemas DESCRIPTION: Removing old, unneeded schema files from the repository: CIM 2.7 CIM 2.7.1 Preliminary CIM 2.8 Preliminary CIM 2.9 Preliminary |
// ===================================================================
// Title: Network IPsec 2.8 Preliminary
// Filename: Network28_IPsec.mof
// Version: 2.8
// Status: Preliminary
// Date: August 18, 2003
// ===================================================================
// Copyright 1998-2003 Distributed Management Task Force, Inc. (DMTF).
// All rights reserved.
// DMTF is a not-for-profit association of industry members dedicated
// to promoting enterprise and systems management and interoperability.
// DMTF specifications and documents may be reproduced for uses
// consistent with this purpose by members and non-members,
// provided that correct attribution is given.
// As DMTF specifications may be revised from time to time,
// the particular version and release date should always be noted.
//
// Implementation of certain elements of this standard or proposed
// standard may be subject to third party patent rights, including
// provisional patent rights (herein "patent rights"). DMTF makes
// no representations to users of the standard as to the existence
// of such rights, and is not responsible to recognize, disclose, or
// identify any or all such third party patent right, owners or
// claimants, nor for any incomplete or inaccurate identification or
// disclosure of such rights, owners or claimants. DMTF shall have no
// liability to any party, in any manner or circumstance, under any
// legal theory whatsoever, for failure to recognize, disclose, or
// identify any such third party patent rights, or for such party's
// reliance on the standard or incorporation thereof in its product,
// protocols or testing procedures. DMTF shall have no liability to
// any party implementing such standard, whether such implementation
// is foreseeable or not, nor to any patent owner or claimant, and shall
// have no liability or responsibility for costs or losses incurred if
// a standard is withdrawn or modified after publication, and shall be
// indemnified and held harmless by any party implementing the
// standard from any and all claims of infringement by a patent owner
// for such implementations.
//
// For information about patents held by third-parties which have
// notified the DMTF that, in their opinion, such patent may relate to
// or impact implementations of DMTF standards, visit
// http://www.dmtf.org/about/policies/disclosures.php.
// ===================================================================
// Description: The Network Model extends the management concepts to
// represent protocol interfaces and network/protocol
// services. This file defines the classes to manage
// an IPsec security association.
//
// The object classes below are listed in an order that
// avoids forward references. Required objects, defined
// by other working groups, are omitted.
// ==================================================================
// This model was originally introduced in CIM V2.6 Preliminary and
// was not promoted to Final status. The following CR updates the
// V2.6 MOF and better aligns it with the IETF I-D from the IPSP
// Working Group.
//
// Change log for 2.8
// CR1026 - Modifications to the V2.6 MOF for IPsec management
// ===================================================================
#pragma Locale ("en_US")
// ==================================================================
// Security Association Endpoints
// ==================================================================
// ==================================================================
// SecurityAssociationEndpoint
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"SecurityAssociationEndpoint (SAEndpoint) represents the "
"endpoint of a secure connection. This is typically an IP "
"connection, although the model allows more flexibility than "
"just IP. The SecurityAssociationEndpoint is tied to an "
"IPProtocolEndpoint (or possibly other endpoint) using the "
"LogicalIdentity association. Note that an endpoint is defined "
"at both ends of the connection.") ]
class CIM_SecurityAssociationEndpoint : CIM_ProtocolEndpoint {
[Override ("InstallDate"), Description (
"InstallDate records when the SA (and its endpoint) was "
"created.") ]
datetime InstallDate;
[Description (
"LifetimeSeconds specifies the maximum time that the SA will "
"be considered valid after it has been created. A value of "
"zero indicates that the default of 8 hours be used. A "
"non-zero value indicates the seconds lifetime."),
Units ("Seconds") ]
uint64 LifetimeSeconds = 0;
[Write, Description (
"RefreshThresholdSecondsPercentage is the lifetime "
"percentage after which a new SA should be acquired, before "
"the existing SA expires. A random period may be added to a "
"calculated threshold to reduce network thrashing."),
Units ("Percent"), MinValue (0), MaxValue (100) ]
uint8 RefreshThresholdSecondsPercentage;
[Description (
"IdleDurationSeconds specifies how long the SA can be idle "
"before it is deleted. The default value, 0, indicates that "
"there is no idle timeout period."),
Units ("Seconds") ]
uint64 IdleDurationSeconds = 0;
[Description (
"LifetimeKilobytes specifies the maximum number of kilobytes "
"of data traffic to be protected by the SA. A value of zero "
"(the default) indicates that there should be no maximum "
"kilobyte lifetime. A non-zero value specifies the desired "
"kilobyte lifetime. The SA is deleted when the "
"LifetimeKilobyte value is exceeded."),
Units ("KiloBytes") ]
uint64 LifetimeKilobytes = 0;
[Write, Description (
"RefreshThresholdKbytesPercentage is the lifetime percentage "
"of kilobytes processed, at which a new SA should be "
"acquired. A random value may be added to the calculated "
"threshold to reduce network thrashing."),
Units ("Percent"), MinValue (0), MaxValue (100) ]
uint8 RefreshThresholdKbytesPercentage;
[Write, Description (
"PacketLoggingActive causes a log to be kept of traffic "
"processed by the SAEndpoint.") ]
boolean PacketLoggingActive;
};
// ==================================================================
// FilterOfSecurityAssociation
// ==================================================================
[Association, Experimental, Version ("2.7.1000"), Description (
"FilterOfSecurityAssociation associates a network traffic "
"specification (i.e., a FilterList) with a SecurityAssociation "
"Endpoint, to which the filter list applies.") ]
class CIM_FilterOfSecurityAssociation : CIM_Dependency {
[Override ("Antecedent"), Max (1), Description (
"FilterList describing the traffic to be selected/matched.") ]
CIM_FilterList REF Antecedent;
[Override ("Dependent"), Description (
"SecurityAssociation using the FilterList as its traffic "
"selector.") ]
CIM_SecurityAssociationEndpoint REF Dependent;
};
// ==================================================================
// SAEndpointConnectionStatistics
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"This class captures statistical and time-related information "
"about the use of the IPsec or IKE Security Associations, "
"through their IPsecSAEndpoint or IKESAEndpoint. The relevant "
"SAEndpoint is determined by traversing the "
"ElementStatisticalData association.") ]
class CIM_SAEndpointConnectionStatistics : CIM_StatisticalData {
[Description (
"Number of bytes that have been protected by the associated "
"SAEndpoint."),
Units ("Bytes"), Counter ]
uint64 ByteCount;
[Description (
"LastAccessed indicates when the SAEndpoint was last used. "
"This property is helpful in determining if the SA (and its "
"endpoint) will be deleted due to sitting idle.") ]
datetime LastAccessed;
};
// ==================================================================
// SAEndpointRefreshSettings
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"SAEndpointRefreshSettings hold the refresh thresholds for the "
"SecurityAssociationEndpoint. Since these settings may change "
"for an SA, the properties are defined both in this class and "
"in SecurityAssociationEndpoint.") ]
class CIM_SAEndpointRefreshSettings: CIM_SettingData {
[Write, Description (
"RefreshThresholdSecondsPercentage is the lifetime "
"percentage after which a new SA should be acquired, before "
"the existing SA expires."),
Units ("Percent"), MinValue (0), MaxValue (100),
ModelCorrespondence {"CIM_SecurityAssociationEndpoint."
"RefreshThresholdSecondsPercentage"} ]
uint8 RefreshThresholdSecondsPercentage;
[Write, Description (
"RefreshThresholdKbytesPercentage is the lifetime percentage "
"of kilobytes processed, at which a new SA should be "
"acquired."),
Units ("Percent"), MinValue (0), MaxValue (100),
ModelCorrespondence {"CIM_SecurityAssociationEndpoint."
"RefreshThresholdKbytesPercentage"} ]
uint8 RefreshThresholdKbytesPercentage;
};
// ==================================================================
// IPsecSAEndpoint
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"IPsecSAEndpoints are types of SecurityAssociationEndpoints "
"representing both negotiated and static SAs that correspond to "
"AH, ESP, or IPCOMP transforms.") ]
class CIM_IPsecSAEndpoint : CIM_SecurityAssociationEndpoint {
[Description (
"SPI contains the Security Parameter Index of the SA. This "
"value in string form may also be used in the key field "
"'Name' inherited from ServiceAccessPoint.") ]
uint32 SPI;
[Description (
"InboundDirection specifies whether the SA applies to "
"inbound (TRUE) or outbound (FALSE) traffic.") ]
boolean InboundDirection;
[Description (
"EncapsulationMode indicates whether the IPsecSAEndpoint "
"uses transport or tunnel encapsulation."),
ValueMap {"0", "2", "3"},
Values {"Unknown", "Tunnel", "Transport"} ]
uint16 EncapsulationMode;
[Description (
"DFHandling controls how the 'Don't Fragment' bit is managed "
"by the IPsecSAEndpoint."),
ValueMap {"0", "2", "3", "4"},
Values {"Unknown", "Copy from Internal to External IP Header",
"Set DF Bit in External Header to 1",
"Set DF Bit in External Header to 0"} ]
uint16 DFHandling;
[Description (
"PFSInUse indicates whether perfect forward secrecy is "
"required when refreshing keys.") ]
boolean PFSInUse;
};
// ==================================================================
// PeerOfIPsecSAEndpoint
// ==================================================================
[Association, Experimental, Version ("2.7.1000"), Description (
"PeerOfIPsecSAEndpoint identifies the peer of the "
"IPsecSAEndpoint.") ]
class CIM_PeerOfIPsecSAEndpoint : CIM_Dependency {
[Override ("Antecedent"), Max (1), Description (
"The peer for the SAEndpoint.") ]
CIM_RemoteServiceAccessPoint REF Antecedent;
[Override ("Dependent"), Description (
"The IPsecSAEndpoint which has a peer.") ]
CIM_IPsecSAEndpoint REF Dependent;
};
// ==================================================================
// IKESAEndpoint
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"IKESAEndpoint is created in the first phase of SA negotiation "
"and protects the key negotiation traffic. This endpoint is "
"only created when IKE is the key exchange protocol. Other "
"protocols and their endpoints will be defined in a future "
"release.") ]
class CIM_IKESAEndpoint : CIM_SecurityAssociationEndpoint {
[Description (
"Identifier of the IKE phase 1 negotiation initiator. "
"Combined with the ResponderCookie, this value, in string "
"form, may be used to construct the value of the key field "
"'Name', inherited from ServiceAccessPoint.") ]
uint64 InitiatorCookie;
[Description (
"Identifier of the IKE phase 1 negotiation responder. "
"Combined with the InitiatorCookie, this value, in string "
"form, may be used to construct the value of the key field "
"'Name', inherited from ServiceAccessPoint.") ]
uint64 ResponderCookie;
[Description (
"CipherAlgorithm is an enumeration that specifies the "
"encryption algorithm used by the IKESAEndpoint. The list "
"of algorithms was generated from Appendix A of RFC2409. "
"Note that the enumeration is different than the RFC list, "
"since the values of Unknown and Other are taken into "
"account."),
ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8..65000",
"65001..65535"},
Values {"Unknown", "Other", "DES", "IDEA", "Blowfish", "RC5",
"3DES", "CAST", "DMTF/IANA Reserved", "Vendor Reserved"},
MappingStrings {"RFC2409.IETF|Appendix A"},
ModelCorrespondence { "CIM_IKESAEndpoint.OtherCipherAlgorithm"} ]
uint16 CipherAlgorithm;
[Description (
"Description of the encryption algorithm when the value 1 "
"(\"Other\") is specified for the property, "
"CipherAlgorithm."),
ModelCorrespondence {"CIM_IKESAEndpoint.CipherAlgorithm"} ]
string OtherCipherAlgorithm;
[Description (
"HashAlgorithm is an enumeration that specifies the hash "
"function used by the IKESAEndpoint. The list of algorithms "
"was generated from Appendix A of RFC2409. Note that the "
"enumeration is different than the RFC list, since the "
"values of Unknown and Other are taken into account."),
ValueMap {"0", "1", "2", "3", "4", "5..65000", "65001..65535"},
Values {"Unknown", "Other", "MD5", "SHA-1", "Tiger",
"DMTF/IANA Reserved", "Vendor Reserved"},
MappingStrings {"RFC2409.IETF|Appendix A"},
ModelCorrespondence { "CIM_IKESAEndpoint.OtherHashAlgorithm"} ]
uint16 HashAlgorithm;
[Description (
"Description of the hash function when the value 1 "
"(\"Other\") is specified for the property, HashAlgorithm."),
ModelCorrespondence {"CIM_IKESAEndpoint.HashAlgorithm"} ]
string OtherHashAlgorithm;
[Description (
"AuthenticationMethod is an enumeration that specifies the "
"operation of the IKESAEndpoint. The list of methods was "
"generated from Appendix A of RFC2409. Note that the "
"enumeration is different than the RFC list, since the "
"values of Unknown and Other are taken into account."),
ValueMap {"0", "1", "2", "3", "4", "5", "6", "7..65000",
"65001..65535"},
Values {"Unknown", "Other", "Pre-shared Key", "DSS Signatures",
"RSA Signatures", "Encryption with RSA",
"Revised Encryption with RSA", "DMTF/IANA Reserved",
"Vendor Reserved"},
MappingStrings {"RFC2409.IETF|Appendix A"},
ModelCorrespondence {
"CIM_IKESAEndpoint.OtherAuthenticationMethod"} ]
uint16 AuthenticationMethod;
[Description (
"Description of the method when the value 1 (\"Other\") is "
"specified for the property, AuthenticationMethod."),
ModelCorrespondence { "CIM_IKESAEndpoint.AuthenticationMethod"} ]
string OtherAuthenticationMethod;
[Description (
"GroupId specifies the key exchange group ID. If the "
"GroupID number is from the vendor-specific range "
"(32768-65535), the VendorID qualifies the group number. "
"Well-known group identifiers from RFC2412, Appendix E, are: "
"Group 1='768 bit prime', Group 2='1024 bit prime', Group 3= "
"'Elliptic Curve Group with 155 bit field element', Group 4= "
"'Large Elliptic Curve Group with 185 bit field element', "
"and Group 5='1536 bit prime'."),
ValueMap {"0", "1", "2", "3", "4", "5", "..", "0x8000.."},
Values {"No Group/Non-Diffie-Hellman Exchange",
"DH-768 bit prime", "DH-1024 bit prime",
"EC2N-155 bit field element", "EC2N-185 bit field element",
"DH-1536 bit prime", "Standard Group - Reserved",
"Vendor Reserved"},
MappingStrings {"RFC2412.IETF|Appendix E"},
ModelCorrespondence {"CIM_IKESAEndpoint.VendorID"} ]
uint16 GroupId;
[Description (
"VendorID identifies the vendor when the value of GroupID is "
"in the vendor-specific range, 32768 to 65535."),
ModelCorrespondence {"CIM_IKESAEndpoint.GroupId"} ]
string VendorID;
};
// ==================================================================
// Phase1SAUsedForPhase2
// ==================================================================
[Association, Experimental, Version ("2.7.1000"), Description (
"Phase1SAUsedForPhase2 associates a phase 1 endpoint (such as "
"an IKESAEndpoint) with an IPsecSAEndpoint that was negotiated "
"using that phase 1 Security Association.") ]
class CIM_Phase1SAUsedForPhase2 : CIM_Dependency {
[Override ("Antecedent"), Max (1), Description (
"Phase 1 SAEndpoint that protected the negotiation of the "
"phase 2 Security Association. An example of a phase 1 "
"endpoint is an IKESAEndpoint.") ]
CIM_SecurityAssociationEndpoint REF Antecedent;
[Override ("Dependent"), Description (
"The phase 2 SAEndpoint.") ]
CIM_IPsecSAEndpoint REF Dependent;
};
// ==================================================================
// Security Association Transforms
// ==================================================================
// ==================================================================
// SATransform
// ==================================================================
[Experimental, Abstract, Version ("2.7.1000"), Description (
"SATransform is the base class for the various types of "
"transforms that are in effect for an existing IPsecSAEndpoint, "
"or aggregated into phase 2 proposals used during the IPsec "
"negotiation process. This class is defined as a kind of "
"ScopedSettingData, since it describes the set of transform "
"properties that MUST be applied together, if negotiated. This "
"subclassing is different than that defined in IETF's IPSP "
"Policy draft - where it is subclassed from Policy. The "
"definition as SettingData is more consistent with the "
"application of the properties as a set, to the negotiated "
"Security Association.\n"
"\n"
"Note that an instance of this class is 'scoped' or contained "
"by a System (either a ComputerSystem or AdminDomain), rather "
"than by a SecurityAssociationEndpoint. This is indicated by "
"instantiating the ScopedSetting association, and is necessary "
"since the transform data is used in IPsec negotiation policies "
"(also scoped by Systems) before ever being associated with a "
"SecurityAssociationEndpoint. The latter semantics (i.e., that "
"'this' transform is negotiated for 'this' Security "
"Association) is conveyed via a subclass of ElementSettingData, "
"TransformOfSecurityAssociation."),
MappingStrings {"IPSP Model.IETF|SATransform"} ]
class CIM_SATransform : CIM_ScopedSettingData {
[Override ("ElementName"),
MappingStrings {"IPSP Model.IETF|SATransform.CommonName"} ]
string ElementName;
[Description (
"MaxLifetimeSeconds specifies the maximum time that the "
"Security Association should be considered valid after it "
"has been created. A value of 0, the default, indicates "
"that 8 hours should be used. A non-zero value indicates "
"the maximum lifetime in seconds."),
Units ("Seconds"),
MappingStrings { "IPSP "
"Model.IETF|SATransform.MaxLifetimeSeconds"} ]
uint64 MaxLifetimeSeconds = 0;
[Description (
"MaxLifetimeKilobytes specifies the maximum kilobyte "
"lifetime for a Security Association. Different lifetimes "
"are used, depending on the strength of the encryption "
"algorithm. A value of 0, the default, indicates that no "
"maximum should be defined. A non-zero value specifies the "
"desired kilobyte lifetime."),
Units ("KiloBytes"),
MappingStrings { "IPSP "
"Model.IETF|SATransform.MaxLifetimeKilobytes"} ]
uint64 MaxLifetimeKilobytes = 0;
[Description (
"VendorID identifies vendor-defined transforms. If this "
"field is empty (the default), then this is a standard "
"transform."),
MappingStrings {"IPSP Model.IETF|SATransform.VendorID"} ]
string VendorID = "";
};
// ==================================================================
// TransformOfSecurityAssociation
// ==================================================================
[Association, Experimental, Version ("2.7.1000"), Description (
"TransformOfSecurityAssociation maps a SecurityAssociation "
"Endpoint with the transform that it uses. For security, no "
"keying material of the SA is exposed.") ]
class CIM_TransformOfSecurityAssociation : CIM_ElementSettingData {
[Override ("SettingData"), Min (1), Max (1), Description (
"Transform of the IPsecSAEndpoint.") ]
CIM_SATransform REF SettingData;
[Override ("ManagedElement"), Description (
"The IPsecSAEndpoint that uses the transform.") ]
CIM_IPsecSAEndpoint REF ManagedElement;
};
// ==================================================================
// AHTransform
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"AHTransform defines the parameters used for a phase 2 AH "
"(Authentication Header) Security Association."),
MappingStrings {"IPSP Model.IETF|AHTransform"} ]
class CIM_AHTransform : CIM_SATransform {
[Description (
"AHTransformId is an enumeration that specifies the hash "
"algorithm to be used. The list of values was generated "
"from RFC2407, Section 4.4.3."),
ValueMap {"1", "2", "3", "4"},
Values {"Other", "MD5", "SHA-1", "DES"},
MappingStrings { "IPSP Model.IETF|AHTransform.AHTransformID",
"RFC2407.IETF|Section 4.4.3"},
ModelCorrespondence {"CIM_AHTransform.OtherTransformId"} ]
uint16 AHTransformId;
[Description (
"Description of the hash algorithm when the value 1 "
"(\"Other\") is specified for the property, AHTransformId."),
ModelCorrespondence {"CIM_AHTransform.AHTransformId"} ]
string OtherAHTransformId;
[Description (
"UseReplayPrevention causes the local peer to enable replay "
"prevention detection. This can be accomplished by using a "
"sequence number when sending a packet or checking the "
"sequence number upon receipt of a packet."),
MappingStrings { "IPSP "
"Model.IETF|AHTransform.UseReplayPrevention"} ]
boolean UseReplayPrevention;
[Description (
"ReplayPreventionWindowsSize specifies, in bits, the length "
"of the sliding window used by the replay prevention "
"mechanism. The value of this property is meaningless if "
"UseReplayPrevention is false. The window size MUST be a "
"power of 2."),
Units ("Bits"),
MappingStrings { "IPSP "
"Model.IETF|AHTransform.ReplayPreventionWindowSize"} ]
uint32 ReplayPreventionWindowSize;
};
// ==================================================================
// ESPTransform
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"ESPTransform defines the parameters used for a phase 2 ESP "
"(Encapsulating Security Protocol) Security Association."),
MappingStrings {"IPSP Model.IETF|ESPTransform"} ]
class CIM_ESPTransform : CIM_SATransform {
[Description (
"IntegrityTransformId is an enumeration that specifies the "
"ESP integrity algorithm to be used. The list of values is "
"generated from the enumeration defined in RFC2407, Section "
"4.5. Note that the enumeration is different than the RFC "
"list, since the values of Other and None are taken into "
"account. Also, note that 2 (\"None\") is used when ESP is "
"negotiated without authentication."),
ValueMap {"1", "2", "3", "4", "5", "6", "7..61439",
"61440..65535"},
Values {"Other", "None", "MD5", "SHA-1", "DES", "KPDK",
"DMTF/IANA Reserved", "Vendor Reserved"},
MappingStrings { "IPSP Model."
"IETF|ESPTransform.IntegrityTransformId",
"RFC2407.IETF|Section 4.5"},
ModelCorrespondence {
"CIM_ESPTransform.OtherIntegrityTransformId"} ]
uint16 IntegrityTransformId;
[Description (
"Description of the integrity algorithm when the value 1 "
"(\"Other\") is specified for the property, "
"IntegrityTransformId."),
ModelCorrespondence {"CIM_ESPTransform.IntegrityTransformId"} ]
string OtherIntegrityTransformId;
[Description (
"CipherTransformId is an enumeration that specifies the ESP "
"encrypion algorithm to be used. The list of values is "
"defined in RFC2407, Section 4.4.4, where the RFC's NULL "
"value maps to 2-\"None\". Note that the enumeration is "
"different than the RFC list, since 'Other' is added to the "
"enumeration."),
ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
"11", "12"},
Values {"Other", "None", "DES_IV64", "DES", "3DES", "RC5",
"IDEA", "CAST", "Blowfish", "3-IDEA", "DES_IV32", "RC4"},
MappingStrings { "IPSP "
"Model.IETF|ESPTransform.CipherTransformId",
"RFC2407.IETF|Section 4.4.4"},
ModelCorrespondence { "CIM_ESPTransform.OtherCipherTransformId"} ]
uint16 CipherTransformId;
[Description (
"Description of the encryption algorithm when the value 1 "
"(\"Other\") is specified for the property, "
"CipherTransformId."),
ModelCorrespondence {"CIM_ESPTransform.CipherTransformId"} ]
string OtherCipherTransformId;
[Description (
"CipherKeyLength specifies, in bits, the key length for the "
"encryption algorithm. For algorithms with fixed key "
"lengths, this value is ignored."),
Units ("Bits"),
MappingStrings { "IPSP Model.IETF|ESPTransform.CipherKeyLength"} ]
uint16 CipherKeyLength;
[Description (
"CipherKeyRounds specifies the key rounds for the encryption "
"algorithm. For algorithms with a fixed number of key "
"rounds, this value is ignored. Currently, key rounds are "
"NOT defined for any ESP encryption algorithms."),
MappingStrings { "IPSP Model.IETF|ESPTransform.CipherKeyRounds"} ]
uint16 CipherKeyRounds;
[Description (
"UseReplayPrevention causes the local peer to enable replay "
"prevention detection. This can be accomplished by using a "
"sequence number when sending a packet or checking the "
"sequence number upon receipt of a packet."),
MappingStrings { "IPSP "
"Model.IETF|ESPTransform.UseReplayPrevention"} ]
boolean UseReplayPrevention;
[Description (
"ReplayPreventionWindowsSize specifies, in bits, the length "
"of the sliding window used by the replay prevention "
"mechanism. The value of this property is meaningless if "
"UseReplayPrevention is false. The window size MUST be a "
"power of 2."),
Units ("Bits"),
MappingStrings { "IPSP "
"Model.IETF|ESPTransform.ReplayPreventionWindowSize"} ]
uint32 ReplayPreventionWindowSize;
};
// ==================================================================
// IPCOMPTransform
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"The IPCOMPTransform specifies the IP compression algorithm to "
"use for payload of the Security Association."),
MappingStrings {"IPSP Model.IETF|IPCOMPTransform"} ]
class CIM_IPCOMPTransform : CIM_SATransform {
[Description (
"The Algorithm is an enumeration that designates the IPCOMP "
"compression algorithm to use. Its values are generated "
"from RFC2407, Section 4.4.5. Note that the values are "
"modified from the RFC, since 'Other' must be taken into "
"account."),
ValueMap {"1", "2", "3", "4"},
Values {"Other", "Vendor Algorithm/OUI", "DEFLATE", "LZS"},
MappingStrings {"IPSP Model.IETF|IPCOMPTransform.Algorithm",
"RFC2407.IETF|Section 4.4.5"},
ModelCorrespondence {"CIM_IPCOMPTransform.PrivateAlgorithm",
"CIM_IPCOMPTransform.OtherAlgorithm"} ]
uint16 Algorithm;
[Description (
"Description of the compression algorithm when the value 1 "
"(\"Other\") is specified for the property, Algorithm."),
ModelCorrespondence {"CIM_IPCOMPTransform.Algorithm"} ]
string OtherAlgorithm;
[Description (
"A private compression algorithm, used when the Algorithm "
"property is set to 2, \"Vendor Algorithm/OUI\"."),
MappingStrings { "IPSP "
"Model.IETF|IPCOMPTransform.PrivateAlgorithm"},
ModelCorrespondence {"CIM_IPCOMPTransform.Algorithm"} ]
uint32 PrivateAlgorithm;
[Description (
"DictionarySize is an optional field that specifies the log2 "
"maximum size of the dictionary for the compression "
"algorithm. For dictionaries that have a fixed size, this "
"value is ignored."),
MappingStrings { "IPSP "
"Model.IETF|IPCOMPTransform.DictionarySize"} ]
uint16 DictionarySize;
};
// ===================================================================
// end of file
// ===================================================================
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |