IpSecManager.ApplyTransportModeTransform Method

Definition

Overloads

ApplyTransportModeTransform(FileDescriptor, IpSecTransportDirection, IpSecTransform)

Apply an IPsec transform to a socket.

ApplyTransportModeTransform(DatagramSocket, IpSecTransportDirection, IpSecTransform)

Apply an IPsec transform to a datagram socket.

ApplyTransportModeTransform(Socket, IpSecTransportDirection, IpSecTransform)

Apply an IPsec transform to a stream socket.

ApplyTransportModeTransform(FileDescriptor, IpSecTransportDirection, IpSecTransform)

Apply an IPsec transform to a socket.

[Android.Runtime.Register("applyTransportModeTransform", "(Ljava/io/FileDescriptor;ILandroid/net/IpSecTransform;)V", "GetApplyTransportModeTransform_Ljava_io_FileDescriptor_ILandroid_net_IpSecTransform_Handler", ApiSince=28)]
public virtual void ApplyTransportModeTransform (Java.IO.FileDescriptor socket, Android.Net.IpSecTransportDirection direction, Android.Net.IpSecTransform transform);
[<Android.Runtime.Register("applyTransportModeTransform", "(Ljava/io/FileDescriptor;ILandroid/net/IpSecTransform;)V", "GetApplyTransportModeTransform_Ljava_io_FileDescriptor_ILandroid_net_IpSecTransform_Handler", ApiSince=28)>]
abstract member ApplyTransportModeTransform : Java.IO.FileDescriptor * Android.Net.IpSecTransportDirection * Android.Net.IpSecTransform -> unit
override this.ApplyTransportModeTransform : Java.IO.FileDescriptor * Android.Net.IpSecTransportDirection * Android.Net.IpSecTransform -> unit

Parameters

socket
FileDescriptor

a socket file descriptor

direction
IpSecTransportDirection

the direction in which the transform should be applied

transform
IpSecTransform

a transport mode IpSecTransform

Attributes

Remarks

Apply an IPsec transform to a socket.

This applies transport mode encapsulation to the given socket. Once applied, I/O on the socket will be encapsulated according to the parameters of the IpSecTransform. When the transform is removed from the socket by calling #removeTransportModeTransforms, unprotected traffic can resume on that socket.

For security reasons, the destination address of any traffic on the socket must match the remote InetAddress of the IpSecTransform. Attempts to send traffic to any other IP address will result in an IOException. In addition, reads and writes on the socket will throw IOException if the user deactivates the transform (by calling IpSecTransform#close()) without calling #removeTransportModeTransforms.

Note that when applied to TCP sockets, calling IpSecTransform#close() on an applied transform before completion of graceful shutdown may result in the shutdown sequence failing to complete. As such, applications requiring graceful shutdown MUST close the socket prior to deactivating the applied transform. Socket closure may be performed asynchronously (in batches), so the returning of a close function does not guarantee shutdown of a socket. Setting an SO_LINGER timeout results in socket closure being performed synchronously, and is sufficient to ensure shutdown.

Specifically, if the transform is deactivated (by calling IpSecTransform#close()), prior to the socket being closed, the standard [FIN - FIN/ACK - ACK], or the reset [RST] packets are dropped due to the lack of a valid Transform. Similarly, if a socket without the SO_LINGER option set is closed, the delayed/batched FIN packets may be dropped.

<h4>Rekey Procedure</h4>

When applying a new tranform to a socket in the outbound direction, the previous transform will be removed and the new transform will take effect immediately, sending all traffic on the new transform; however, when applying a transform in the inbound direction, traffic on the old transform will continue to be decrypted and delivered until that transform is deallocated by calling IpSecTransform#close(). This overlap allows lossless rekey procedures where both transforms are valid until both endpoints are using the new transform and all in-flight packets have been received.

Java documentation for android.net.IpSecManager.applyTransportModeTransform(java.io.FileDescriptor, int, android.net.IpSecTransform).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to

ApplyTransportModeTransform(DatagramSocket, IpSecTransportDirection, IpSecTransform)

Apply an IPsec transform to a datagram socket.

[Android.Runtime.Register("applyTransportModeTransform", "(Ljava/net/DatagramSocket;ILandroid/net/IpSecTransform;)V", "GetApplyTransportModeTransform_Ljava_net_DatagramSocket_ILandroid_net_IpSecTransform_Handler", ApiSince=28)]
public virtual void ApplyTransportModeTransform (Java.Net.DatagramSocket socket, Android.Net.IpSecTransportDirection direction, Android.Net.IpSecTransform transform);
[<Android.Runtime.Register("applyTransportModeTransform", "(Ljava/net/DatagramSocket;ILandroid/net/IpSecTransform;)V", "GetApplyTransportModeTransform_Ljava_net_DatagramSocket_ILandroid_net_IpSecTransform_Handler", ApiSince=28)>]
abstract member ApplyTransportModeTransform : Java.Net.DatagramSocket * Android.Net.IpSecTransportDirection * Android.Net.IpSecTransform -> unit
override this.ApplyTransportModeTransform : Java.Net.DatagramSocket * Android.Net.IpSecTransportDirection * Android.Net.IpSecTransform -> unit

Parameters

socket
DatagramSocket

a datagram socket

direction
IpSecTransportDirection

the direction in which the transform should be applied

transform
IpSecTransform

a transport mode IpSecTransform

Attributes

Remarks

Apply an IPsec transform to a datagram socket.

This applies transport mode encapsulation to the given socket. Once applied, I/O on the socket will be encapsulated according to the parameters of the IpSecTransform. When the transform is removed from the socket by calling #removeTransportModeTransforms, unprotected traffic can resume on that socket.

For security reasons, the destination address of any traffic on the socket must match the remote InetAddress of the IpSecTransform. Attempts to send traffic to any other IP address will result in an IOException. In addition, reads and writes on the socket will throw IOException if the user deactivates the transform (by calling IpSecTransform#close()) without calling #removeTransportModeTransforms.

<h4>Rekey Procedure</h4>

When applying a new tranform to a socket in the outbound direction, the previous transform will be removed and the new transform will take effect immediately, sending all traffic on the new transform; however, when applying a transform in the inbound direction, traffic on the old transform will continue to be decrypted and delivered until that transform is deallocated by calling IpSecTransform#close(). This overlap allows lossless rekey procedures where both transforms are valid until both endpoints are using the new transform and all in-flight packets have been received.

Java documentation for android.net.IpSecManager.applyTransportModeTransform(java.net.DatagramSocket, int, android.net.IpSecTransform).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to

ApplyTransportModeTransform(Socket, IpSecTransportDirection, IpSecTransform)

Apply an IPsec transform to a stream socket.

[Android.Runtime.Register("applyTransportModeTransform", "(Ljava/net/Socket;ILandroid/net/IpSecTransform;)V", "GetApplyTransportModeTransform_Ljava_net_Socket_ILandroid_net_IpSecTransform_Handler", ApiSince=28)]
public virtual void ApplyTransportModeTransform (Java.Net.Socket socket, Android.Net.IpSecTransportDirection direction, Android.Net.IpSecTransform transform);
[<Android.Runtime.Register("applyTransportModeTransform", "(Ljava/net/Socket;ILandroid/net/IpSecTransform;)V", "GetApplyTransportModeTransform_Ljava_net_Socket_ILandroid_net_IpSecTransform_Handler", ApiSince=28)>]
abstract member ApplyTransportModeTransform : Java.Net.Socket * Android.Net.IpSecTransportDirection * Android.Net.IpSecTransform -> unit
override this.ApplyTransportModeTransform : Java.Net.Socket * Android.Net.IpSecTransportDirection * Android.Net.IpSecTransform -> unit

Parameters

socket
Socket

a stream socket

direction
IpSecTransportDirection

the direction in which the transform should be applied

transform
IpSecTransform

a transport mode IpSecTransform

Attributes

Remarks

Apply an IPsec transform to a stream socket.

This applies transport mode encapsulation to the given socket. Once applied, I/O on the socket will be encapsulated according to the parameters of the IpSecTransform. When the transform is removed from the socket by calling #removeTransportModeTransforms, unprotected traffic can resume on that socket.

For security reasons, the destination address of any traffic on the socket must match the remote InetAddress of the IpSecTransform. Attempts to send traffic to any other IP address will result in an IOException. In addition, reads and writes on the socket will throw IOException if the user deactivates the transform (by calling IpSecTransform#close()) without calling #removeTransportModeTransforms.

Note that when applied to TCP sockets, calling IpSecTransform#close() on an applied transform before completion of graceful shutdown may result in the shutdown sequence failing to complete. As such, applications requiring graceful shutdown MUST close the socket prior to deactivating the applied transform. Socket closure may be performed asynchronously (in batches), so the returning of a close function does not guarantee shutdown of a socket. Setting an SO_LINGER timeout results in socket closure being performed synchronously, and is sufficient to ensure shutdown.

Specifically, if the transform is deactivated (by calling IpSecTransform#close()), prior to the socket being closed, the standard [FIN - FIN/ACK - ACK], or the reset [RST] packets are dropped due to the lack of a valid Transform. Similarly, if a socket without the SO_LINGER option set is closed, the delayed/batched FIN packets may be dropped.

<h4>Rekey Procedure</h4>

When applying a new tranform to a socket in the outbound direction, the previous transform will be removed and the new transform will take effect immediately, sending all traffic on the new transform; however, when applying a transform in the inbound direction, traffic on the old transform will continue to be decrypted and delivered until that transform is deallocated by calling IpSecTransform#close(). This overlap allows lossless rekey procedures where both transforms are valid until both endpoints are using the new transform and all in-flight packets have been received.

Java documentation for android.net.IpSecManager.applyTransportModeTransform(java.net.Socket, int, android.net.IpSecTransform).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to