]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/stroke/stroke_msg.h
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'opaque-ports'
[people/ms/strongswan.git] / src / stroke / stroke_msg.h
1 /**
2 * @file stroke_msg.h
3 *
4 * @brief Definition of stroke_msg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef STROKE_MSG_H_
24 #define STROKE_MSG_H_
25
26 #include <sys/types.h>
27
28 #include <library.h>
29
30 /**
31 * Socket which is used to communicate between charon and stroke
32 */
33 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
34
35 #define STROKE_BUF_LEN 2048
36
37 typedef enum list_flag_t list_flag_t;
38
39 /**
40 * Definition of the LIST flags, used for
41 * the various stroke list* commands.
42 */
43 enum list_flag_t {
44 /** don't list anything */
45 LIST_NONE = 0x0000,
46 /** list all raw public keys */
47 LIST_PUBKEYS = 0x0001,
48 /** list all host/user certs */
49 LIST_CERTS = 0x0002,
50 /** list all ca certs */
51 LIST_CACERTS = 0x0004,
52 /** list all ocsp signer certs */
53 LIST_OCSPCERTS = 0x0008,
54 /** list all aa certs */
55 LIST_AACERTS = 0x0010,
56 /** list all attribute certs */
57 LIST_ACERTS = 0x0020,
58 /** list all access control groups */
59 LIST_GROUPS = 0x0040,
60 /** list all ca information records */
61 LIST_CAINFOS = 0x0080,
62 /** list all crls */
63 LIST_CRLS = 0x0100,
64 /** list all ocsp cache entries */
65 LIST_OCSP = 0x0200,
66 /** list all supported algorithms */
67 LIST_ALGS = 0x0400,
68 /** list plugin information */
69 LIST_PLUGINS = 0x0800,
70 /** list IKE counters */
71 LIST_COUNTERS = 0x1000,
72 /** all list options */
73 LIST_ALL = 0x1FFF,
74 };
75
76 typedef enum reread_flag_t reread_flag_t;
77
78 /**
79 * Definition of the REREAD flags, used for
80 * the various stroke reread* commands.
81 */
82 enum reread_flag_t {
83 /** don't reread anything */
84 REREAD_NONE = 0x0000,
85 /** reread all secret keys */
86 REREAD_SECRETS = 0x0001,
87 /** reread all ca certs */
88 REREAD_CACERTS = 0x0002,
89 /** reread all ocsp signer certs */
90 REREAD_OCSPCERTS = 0x0004,
91 /** reread all aa certs */
92 REREAD_AACERTS = 0x0008,
93 /** reread all attribute certs */
94 REREAD_ACERTS = 0x0010,
95 /** reread all crls */
96 REREAD_CRLS = 0x0020,
97 /** all reread options */
98 REREAD_ALL = 0x003F,
99 };
100
101 typedef enum purge_flag_t purge_flag_t;
102
103 /**
104 * Definition of the PURGE flags, currently used for
105 * the stroke purgeocsp command.
106 */
107 enum purge_flag_t {
108 /** don't purge anything */
109 PURGE_NONE = 0x0000,
110 /** purge ocsp cache entries */
111 PURGE_OCSP = 0x0001,
112 /** purge CRL cache entries */
113 PURGE_CRLS = 0x0002,
114 /** purge X509 cache entries */
115 PURGE_CERTS = 0x0004,
116 /** purge IKE_SAs without a CHILD_SA */
117 PURGE_IKE = 0x0008,
118 };
119
120 typedef enum export_flag_t export_flag_t;
121
122 /**
123 * Definition of the export flags
124 */
125 enum export_flag_t {
126 /** export an X509 certificate */
127 EXPORT_X509 = 0x0001,
128 };
129
130 /**
131 * CRL certificate validation policy
132 */
133 typedef enum {
134 CRL_STRICT_NO,
135 CRL_STRICT_YES,
136 CRL_STRICT_IFURI,
137 } crl_policy_t;
138
139
140 typedef struct stroke_end_t stroke_end_t;
141
142 /**
143 * definition of a peer in a stroke message
144 */
145 struct stroke_end_t {
146 char *auth;
147 char *auth2;
148 char *id;
149 char *id2;
150 char *eap_id;
151 char *rsakey;
152 char *cert;
153 char *cert2;
154 char *ca;
155 char *ca2;
156 char *groups;
157 char *groups2;
158 char *cert_policy;
159 char *updown;
160 char *address;
161 u_int16_t ikeport;
162 char *sourceip;
163 char *dns;
164 char *subnets;
165 int sendcert;
166 int hostaccess;
167 int tohost;
168 int allow_any;
169 u_int8_t protocol;
170 u_int16_t from_port;
171 u_int16_t to_port;
172 };
173
174 typedef struct stroke_msg_t stroke_msg_t;
175
176 /**
177 * @brief A stroke message sent over the unix socket.
178 */
179 struct stroke_msg_t {
180 /* length of this message with all strings */
181 u_int16_t length;
182
183 /* type of the message */
184 enum {
185 /* initiate a connection */
186 STR_INITIATE,
187 /* install SPD entries for a policy */
188 STR_ROUTE,
189 /* uninstall SPD entries for a policy */
190 STR_UNROUTE,
191 /* add a connection */
192 STR_ADD_CONN,
193 /* delete a connection */
194 STR_DEL_CONN,
195 /* terminate connection */
196 STR_TERMINATE,
197 /* terminate connection by peers srcip/virtual ip */
198 STR_TERMINATE_SRCIP,
199 /* rekey a connection */
200 STR_REKEY,
201 /* show connection status */
202 STR_STATUS,
203 /* show verbose connection status */
204 STR_STATUS_ALL,
205 /* show verbose connection status, non-blocking variant */
206 STR_STATUS_ALL_NOBLK,
207 /* add a ca information record */
208 STR_ADD_CA,
209 /* delete ca information record */
210 STR_DEL_CA,
211 /* set a log type to log/not log */
212 STR_LOGLEVEL,
213 /* configure global options for stroke */
214 STR_CONFIG,
215 /* list various objects */
216 STR_LIST,
217 /* reread various objects */
218 STR_REREAD,
219 /* purge various objects */
220 STR_PURGE,
221 /* show pool leases */
222 STR_LEASES,
223 /* export credentials */
224 STR_EXPORT,
225 /* print memory usage details */
226 STR_MEMUSAGE,
227 /* set username and password for a connection */
228 STR_USER_CREDS,
229 /* more to come */
230 } type;
231
232 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
233 int output_verbosity;
234
235 union {
236 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
237 struct {
238 char *name;
239 } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
240
241 /* data for STR_TERMINATE_SRCIP */
242 struct {
243 char *start;
244 char *end;
245 } terminate_srcip;
246
247 /* data for STR_ADD_CONN */
248 struct {
249 char *name;
250 int version;
251 char *eap_identity;
252 char *aaa_identity;
253 char *xauth_identity;
254 int mode;
255 int mobike;
256 int aggressive;
257 int force_encap;
258 int fragmentation;
259 int ipcomp;
260 time_t inactivity;
261 int proxy_mode;
262 int install_policy;
263 int close_action;
264 u_int32_t reqid;
265 u_int32_t tfc;
266 u_int8_t ikedscp;
267
268 crl_policy_t crl_policy;
269 int unique;
270 struct {
271 char *ike;
272 char *esp;
273 } algorithms;
274 struct {
275 int reauth;
276 time_t ipsec_lifetime;
277 time_t ike_lifetime;
278 time_t margin;
279 u_int64_t life_bytes;
280 u_int64_t margin_bytes;
281 u_int64_t life_packets;
282 u_int64_t margin_packets;
283 unsigned long tries;
284 unsigned long fuzz;
285 } rekey;
286 struct {
287 time_t delay;
288 time_t timeout;
289 int action;
290 } dpd;
291 struct {
292 int mediation;
293 char *mediated_by;
294 char *peerid;
295 } ikeme;
296 struct {
297 u_int32_t value;
298 u_int32_t mask;
299 } mark_in, mark_out;
300 stroke_end_t me, other;
301 } add_conn;
302
303 /* data for STR_ADD_CA */
304 struct {
305 char *name;
306 char *cacert;
307 char *crluri;
308 char *crluri2;
309 char *ocspuri;
310 char *ocspuri2;
311 char *certuribase;
312 } add_ca;
313
314 /* data for STR_LOGLEVEL */
315 struct {
316 char *type;
317 int level;
318 } loglevel;
319
320 /* data for STR_CONFIG */
321 struct {
322 int cachecrl;
323 } config;
324
325 /* data for STR_LIST */
326 struct {
327 list_flag_t flags;
328 int utc;
329 } list;
330
331 /* data for STR_REREAD */
332 struct {
333 reread_flag_t flags;
334 } reread;
335
336 /* data for STR_PURGE */
337 struct {
338 purge_flag_t flags;
339 } purge;
340
341 /* data for STR_EXPORT */
342 struct {
343 export_flag_t flags;
344 char *selector;
345 } export;
346
347 /* data for STR_LEASES */
348 struct {
349 char *pool;
350 char *address;
351 } leases;
352
353 /* data for STR_USER_CREDS */
354 struct {
355 char *name;
356 char *username;
357 char *password;
358 } user_creds;
359 };
360 char buffer[STROKE_BUF_LEN];
361 };
362
363 #endif /* STROKE_MSG_H_ */
Michael's strongswan development tree