Protocol++® (Protocolpp®)  v5.6.2
Public Member Functions | List of all members
ProtocolPP::jipsecsa Class Reference
Inheritance diagram for ProtocolPP::jipsecsa:
Inheritance graph
[legend]
Collaboration diagram for ProtocolPP::jipsecsa:
Collaboration graph
[legend]

Public Member Functions

 jipsecsa ()
 
 jipsecsa (direction_t dir, iana_t ver, ipmode_t mode, uint32_t spi, uint32_t seqnum, uint32_t extseqnum, uint32_t arlen, jarray< uint8_t > arwin, cipher_t cipher, uint32_t ckeylen, std::shared_ptr< jarray< uint8_t >> cipherkey, auth_t auth, uint32_t akeylen, std::shared_ptr< jarray< uint8_t >> authkey, uint32_t ivlen, std::shared_ptr< jarray< uint8_t >> iv, uint32_t saltlen, std::shared_ptr< jarray< uint8_t >> salt, uint64_t bytecnt, uint64_t lifetime, bool seqnumovrflw, bool statefulfrag, bool bypassdf, bool bypassdscp, bool nat, bool nchk, uint8_t dsecn, uint8_t ttl, uint8_t flags, uint16_t natsrc, uint16_t natdst, uint16_t id, uint32_t label, uint16_t fragoff, bool morefrag, uint32_t fragid, uint32_t mtu, jarray< uint8_t > src, jarray< uint8_t > dst, jarray< uint8_t > exthdr, iana_t nh, uint32_t icvlen, uint32_t hdrlen, uint32_t tfclen, bool usext, bool randiv, bool jumbogram, bool audit, std::string auditlog)
 
 jipsecsa (jipsecsa &rhs)
 
 jipsecsa (std::shared_ptr< jipsecsa > &rhs)
 
 ~jipsecsa ()
 
template<typename T >
void set_field (field_t field, T fieldval)
 
template<typename T >
get_field (field_t field)
 
void to_xml (tinyxml2::XMLPrinter &myxml, direction_t direction)
 
void to_json (std::ofstream &myjson, direction_t direction, std::string &indent)
 
 jipsecsa (const jipsecsa &jipsec)=delete
 
- Public Member Functions inherited from ProtocolPP::jsecass
 jsecass ()
 
virtual ~jsecass ()=default
 Standard deconstructor.
 
 jsecass (jsecass &jsecass)=delete
 
 jsecass (const jsecass &jsecass)=delete
 

Constructor & Destructor Documentation

◆ jipsecsa() [1/4]

ProtocolPP::jipsecsa::jipsecsa ( )

Standard constructor with defaults

IPsec Defaults
fieldDefault Value
dirdirection_t::DECAP
veriana_t::IPV4
modeipmode_t::TUNNEL
spi0
seqnum0
extseqnum0
arlen0
arwin0
ciphercipher_t::AES_CBC
ckeylen16
authauth_t::HMAC_SHA2_256
akeylen32
ivlen16
saltlen0
bytecnt0
lifetime0xFFFFFFFFFFFFFFFF
seqnumovrflwfalse
statefulfragfalse
bypassdffalse
bypassdscpfalse
natfalse
nchkfalse
natsrc0
natdst0
dsecn0
ttl0
flags0x02
id0x00000001
label0
fragoff0
morefragfalse
fragid0
mtu1500
src0
dst0
exthdr0
nhiana_t::ESP
icvlen32
hdrlen20
tfclen0
usexttrue
randivfalse
jumbogramtrue
auditfalse
auditlog"./ipsec_audit.log"

◆ jipsecsa() [2/4]

ProtocolPP::jipsecsa::jipsecsa ( direction_t  dir,
iana_t  ver,
ipmode_t  mode,
uint32_t  spi,
uint32_t  seqnum,
uint32_t  extseqnum,
uint32_t  arlen,
jarray< uint8_t >  arwin,
cipher_t  cipher,
uint32_t  ckeylen,
std::shared_ptr< jarray< uint8_t >>  cipherkey,
auth_t  auth,
uint32_t  akeylen,
std::shared_ptr< jarray< uint8_t >>  authkey,
uint32_t  ivlen,
std::shared_ptr< jarray< uint8_t >>  iv,
uint32_t  saltlen,
std::shared_ptr< jarray< uint8_t >>  salt,
uint64_t  bytecnt,
uint64_t  lifetime,
bool  seqnumovrflw,
bool  statefulfrag,
bool  bypassdf,
bool  bypassdscp,
bool  nat,
bool  nchk,
uint8_t  dsecn,
uint8_t  ttl,
uint8_t  flags,
uint16_t  natsrc,
uint16_t  natdst,
uint16_t  id,
uint32_t  label,
uint16_t  fragoff,
bool  morefrag,
uint32_t  fragid,
uint32_t  mtu,
jarray< uint8_t >  src,
jarray< uint8_t >  dst,
jarray< uint8_t >  exthdr,
iana_t  nh,
uint32_t  icvlen,
uint32_t  hdrlen,
uint32_t  tfclen,
bool  usext,
bool  randiv,
bool  jumbogram,
bool  audit,
std::string  auditlog 
)

See RFC4301 for required fields and their meanings (Section 4.4.2.1)

Security Association for IPsec. Initialization Vectors are generated randomly using the Mersenne Twister algorithm or are passed to the SA during key negotiation depending on the randiv setting

Required fields:

Parameters
dir- Direction of processing (ENCAP or DECAP)
ver- Version of IPsec (IPV4 or IPV6)
spi- Security parameters index
seqnum- Initial sequence number
extseqnum- Initial value of the extended sequence number
arlen- Number of packets to track in replay window
arwin- Anti-replay window for tracking packets
cipher- Encryption algorithm to use with IPsec
ckeylen- Length of the cipher key
cipherkey- Key for the encryption algorithm
auth- Authentication algorithm to use with IPsec
akeylen- Length of the authentication key
authkey- Key for the authentication algorithm
ivlen- Length of the initialization vector (IV)
iv- Passed in initializaton vector (IV)
saltlen- Length of the IPsec salt material
salt- IPsec salt material
bytecnt- Lifetime implementation of encrypted bytes
lifetime- Time for this SA to live before it expires
mode- Mode of operation, either TUNNEL or TRANSPORT
seqnumovrflw- Allow sequence number overflow in ENCAP
statefulfrag- Indicates whether stateful fragment checking applies to this SA
bypassdf- Do not copy the DF bit from inner to outer header (both IPv4)
bypassdscp- Do not copy the DSCP field from inner to outer header
nat- Perform NAT-T on packets
nchk- Update the UDP checksum if NAT-T is enabled
natsrc- Source port for NAT-T
natdst- Destination port for NAT-T
dsecn- Traffic class bits (DS and ECN)
ttl- Time-To-Live (or HOP limit)
flags- Flags for IPv4
id- Identification field for IPv4
label- Flow label for IPv6
fragoff- Fragment offset for IPv4
morefrag- More fragments flag in IPV6_FRAG extension header 1-more fragments after this one, 0-last fragment
fragid- ID for the fragmentation segment
mtu- Maximum Transmission Unit (MTU) for the path
src- Source address
dst- Destination address
exthdr- Extension headers for IPv6
audit- Enable auditing
auditlog- path to the audit log

Fields required for this implementation:

Parameters
nh- Next Header (NH) value for the payload
icvlen- Length of the ICV tag
hdrlen- Length of the IP header
tfclen- Length of the TFC padding, if any
usext- Use extended sequence number (default=TRUE)
randiv- Use a random IV instead of the passed in one
jumbogram- Nodal support for IPv6 JUMBOGRAMs

◆ jipsecsa() [3/4]

ProtocolPP::jipsecsa::jipsecsa ( jipsecsa rhs)

Constructor for IPsec

Parameters
rhs- Security association (SA) for this IPsec flow

◆ jipsecsa() [4/4]

ProtocolPP::jipsecsa::jipsecsa ( std::shared_ptr< jipsecsa > &  rhs)
explicit

Constructor for IPsec

Parameters
rhs- Security association (SA) for this IPsec flow

◆ ~jipsecsa()

ProtocolPP::jipsecsa::~jipsecsa ( )

Standard deconstructor flush and close the auditlog if present

Member Function Documentation

◆ get_field()

template<typename T >
T ProtocolPP::jipsecsa::get_field ( field_t  field)

Retrieve the field from the IPSec security association

IPSec Get Fields
field typefield nameExample
direction_tDIRECTIONdirection_t mydir = get_field<direction_t>(field_t::DIRECTION)
iana_tVERSIONiana_t myver = get_field<iana_t>(field_t::VERSION)
NHiana_t mynh = get_field<iana_t>(field_t::NH)
ipmode_tMODEipmode_t mymode = get_field<ipmode_t>(field_t::MODE)
cipher_tCIPHERcipher_t mycipher = get_field<cipher_t>(field_t::CIPHER)
auth_tAUTHauth_t myauth = get_field<auth_t>(field_t::AUTH)
jarray<uint8_t>SOURCEjarray<uint8_t> mysrc = get_field<jarray<uint8_t>>(field_t::SOURCE)
DESTINATIONjarray<uint8_t> mydst = get_field<jarray<uint8_t>>(field_t::DESTINATION)
EXTHDRjarray<uint8_t> myexthdr = get_field<jarray<uint8_t>>(field_t::EXTHDR)
ARWINjarray<uint8_t> myarwin = get_field<jarray<uint8_t>>(field_t::ARWIN)
std::shared_ptr<jarray<uint8_t>>CIPHERKEYstd::shared_ptr<jarray<uint8_t>> mycipherkey = get_field<std::shared_ptr<jarray<uint8_t>>>(field_t::CIPHERKEY)
AUTHKEYstd::shared_ptr<jarray<uint8_t>> myauthkey = get_field<std::shared_ptr<jarray<uint8_t>>>(field_t::AUTHKEY)
IVstd::shared_ptr<jarray<uint8_t>> myiv = get_field<std::shared_ptr<jarray<uint8_t>>>(field_t::IV)
SALTstd::shared_ptr<jarray<uint8_t>> mysalt = get_field<std::shared_ptr<jarray<uint8_t>>>(field_t::SALT)
uint8_tDSECNuint8_t mydsecn = get_field<uint8_t>(field_t::DSECN)
TTLHOPuint8_t myttl = get_field<uint8_t>(field_t::TTLHOP)
FLAGSuint8_t myflags = get_field<uint8_t>(field_t::FLAGS)
uint16_tFRAGOFFSETuint16_t myoffset = get_field<uint16_t>(field_t::FRAGOFFSET)
IDuint16_t myid = get_field<uint16_t>(field_t::ID)
NATSRCuint16_t mynatsrc = get_field<uint16_t>(field_t::NATSRC)
NATDSTuint16_t mynatdst = get_field<uint16_t>(field_t::NATDST)
uint32_tLABELuint32_t mylabel = get_field<uint32_t>(field_t::LABEL)
SPIuint32_t myspi = get_field<uint32_t>(field_t::SPI)
SEQNUMuint32_t myseqnum = get_field<uint32_t>(field_t::SEQNUM)
EXTSEQNUMuint32_t myextnum = get_field<uint32_t>(field_t::EXTSEQNUM)
ARLENuint32_t myarlen = get_field<uint32_t>(field_t::ARLEN)
CKEYLENuint32_t myckeylen = get_field<uint32_t>(field_t::CKEYLEN)
AKEYLENuint32_t myakeylen = get_field<uint32_t>(field_t::AKEYLEN)
IVLENuint32_t myivlen = get_field<uint32_t>(field_t::IVLEN)
SALTLENuint32_t mysaltlen = get_field<uint32_t>(field_t::SALTLEN)
ICVLENuint32_t myicvlen = get_field<uint32_t>(field_t::ICVLEN)
HDRLENuint32_t myhdrlen = get_field<uint32_t>(field_t::HDRLEN)
TFCLENuint32_t mytfclen = get_field<uint32_t>(field_t::TFCLEN)
FRAGIDuint32_t myfragid = get_field<uint32_t>(field_t::FRAGID)
MTUuint32_t mymtu = get_field<uint32_t>(field_t::MTU)
uint64_tBYTECNTuint64_t mybytecnt = get_field<uint64_t>(field_t::BYTECNT)
LIFETIMEuint64_t mylifetime = get_field<uint64_t>(field_t::LIFETIME)
boolMODEJUMBObool myjumbo = get_field<uint32_t>(field_t::MODEJUMBO)
SEQNUMOVRFLWbool myovflw = get_field<bool>(field_t::SEQNUMOVRFLW)
STATEFULFRAGbool mystateful = get_field<bool>(field_t::STATEFULFRAG)
BYPASSDFbool mybypassdf = get_field<bool>(field_t::BYPASSDF)
BYPASSDSCPbool mybypassdscp = get_field<bool>(field_t::BYPASSDSCP)
NATbool mynat = get_field<bool>(field_t::NAT)
NCHKbool mynchk = get_field<bool>(field_t::NCHK)
MOREFRAGbool mymfrag = get_field<bool>(field_t::MOREFRAG)
USEXTbool myusext = get_field<bool>(field_t::USEXT)
RANDIVbool myrandiv = get_field<bool>(field_t::RANDIV)
AUDITbool myaudit = get_field<bool>(field_t::AUDIT)

Due to their dynamic nature, some fields are only available in jip which include the following fields

  • LENGTH
  • CHECKSUM
Parameters
field- field to return from the secuirty association
Returns
value of the field

◆ set_field()

template<typename T >
void ProtocolPP::jipsecsa::set_field ( field_t  field,
fieldval 
)

Update IPSec field with the new value

IPSec Set Fields
field typefield nameExample
direction_tDIRECTIONset_field<direction_t>(field_t::DIRECTION, direction_t::DECAP)
iana_tVERSIONset_field<iana_t>(field_t::VERSION, iana_t::IPV4)
NHset_field<iana_t>(field_t::NH, iana_t::UDP)
ipmode_tMODEset_field<ipmode_t>(field_t::MODE, ipmode_t::TUNNEL)
cipher_tCIPHERset_field<cipher_t>(field_t::CIPHER, cipher_t::CAMELLIA_CBC)
auth_tAUTHset_field<auth_t>(field_t::AUTH, auth_t::HMAC_SHA2_256)
jarray<uint8_t>SOURCEset_field<jarray<uint8_t>>(field_t::SOURCE, jarray<uint8_t>("CCEE1144"))
DESTINATIONset_field<jarray<uint8_t>>(field_t::DESTINATION, jarray<uint8_t>("4433AABB"))
EXTHDRset_field<jarray<uint8_t>>(field_t::EXTHDR, jarray<uint8_t>("50000104"))
ARWINset_field<jarray<uint8_t>>(field_t::ARWIN, jarray<uint8_t>("00000001"))
std::shared_ptr<jarray<uint8_t>>CIPHERKEYset_field<std::shared_ptr<jarray<uint8_t>>>(field_t::CIPHERKEY, std::make_shared<jarray<uint8_t>>(16))
AUTHKEYset_field<std::shared_ptr<jarray<uint8_t>>>(field_t::AUTHKEY, std::make_shared<jarray<uint8_t>>(16))
IVset_field<std::shared_ptr<jarray<uint8_t>>>(field_t::IV, std::make_shared<jarray<uint8_t>>(16))
SALTset_field<std::shared_ptr<jarray<uint8_t>>>(field_t::SALT, std::make_shared<jarray<uint8_t>>(4))
uint8_tDSECNset_field<uint8_t>(field_t::DSECN, 0x11)
TTLHOPset_field<uint8_t>(field_t::TTLHOP, 0xFF)
FLAGSset_field<uint8_t>(field_t::FLAGS, 0x01)
uint16_tFRAGOFFSETset_field<uint16_t>(field_t::FRAGOFFSET, 0x0010)
IDset_field<uint16_t>(field_t::ID, 0xFFEE)
NATSRCset_field<uint16_t>(field_t::NATSRC, 0x10BB)
NATDSTset_field<uint16_t>(field_t::NATDST, 0xCCBB)
uint32_tLABELset_field<uint32_t>(field_t::LABEL, 0xAABB1155)
SPIset_field<uint32_t>(field_t::SPI, 0x00000040)
SEQNUMset_field<uint32_t>(field_t::SEQNUM, 0x00000040)
EXTSEQNUMset_field<uint32_t>(field_t::EXTSEQNUM, 0x00000040)
ARLENset_field<uint32_t>(field_t::ARLEN, 2048)
CKEYLENset_field<uint32_t>(field_t::CKEYLEN, 16)
AKEYLENset_field<uint32_t>(field_t::AKEYLEN, 16)
IVLENset_field<uint32_t>(field_t::IVLEN, 12)
SALTLENset_field<uint32_t>(field_t::SALTLEN, 4)
ICVLENset_field<uint32_t>(field_t::ICVLEN, 12)
HDRLENset_field<uint32_t>(field_t::HDRLEN, 20)
TFCLENset_field<uint32_t>(field_t::TFCLEN, 96)
FRAGIDset_field<uint32_t>(field_t::FRAGID, 0x10000010)
MTUset_field<uint32_t>(field_t::MTU, 0x00000040)
uint64_tBYTECNTset_field<uint64_t>(field_t::BYTECNT, 0xFFFFFFFFAAAAAAAA)
LIFETIMEset_field<uint64_t>(field_t::LIFETIME, 0xFFFFFFFFAAAAAAAA)
boolMODEJUMBOset_field<bool>(field_t::MODEJUMBO, true)
SEQNUMOVRFLWset_field<bool>(field_t::SEQNUMOVRFLW, false)
STATEFULFRAGset_field<bool>(field_t::STATEFULFRAG, false)
BYPASSDFset_field<bool>(field_t::BYPASSDF, true)
BYPASSDSCPset_field<bool>(field_t::BYPASSDSCP, true)
NATset_field<bool>(field_t::NAT, true)
NCHKset_field<bool>(field_t::NCHK, true)
MOREFRAGset_field<bool>(field_t::MOREFRAG, false)
USEXTset_field<bool>(field_t::USEXT, true)
RANDIVset_field<bool>(field_t::RANDIV, true)
AUDITset_field<bool>(field_t::AUDIT, false)

Due to their dynamic nature, some fields are only available in jip which include the following fields

  • LENGTH
  • CHECKSUM
Parameters
field- field to update
fieldval- new value for the field

◆ to_json()

void ProtocolPP::jipsecsa::to_json ( std::ofstream &  myjson,
direction_t  direction,
std::string &  indent 
)
virtual

Return the protocol and security fields as JSON

Parameters
myjson- JSON object
direction- randomization
indent- indentation for JSON output

Implements ProtocolPP::jsecass.

◆ to_xml()

void ProtocolPP::jipsecsa::to_xml ( tinyxml2::XMLPrinter myxml,
direction_t  direction 
)
virtual

Return the protocol and security fields as XML

Parameters
myxml- XMLPrinter object
direction- randomization

Implements ProtocolPP::jsecass.

The documentation for this class was generated from the following file: