Annotation of embedaddon/strongswan/src/stroke/stroke_msg.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2015 Tobias Brunner
! 3: * Copyright (C) 2006 Martin Willi
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: #ifndef STROKE_MSG_H_
! 18: #define STROKE_MSG_H_
! 19:
! 20: #include <sys/types.h>
! 21:
! 22: #include <library.h>
! 23:
! 24: /**
! 25: * Socket which is used to communicate between charon and stroke
! 26: */
! 27: #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
! 28:
! 29: /**
! 30: * Number of bytes by which the buffer is increased as needed
! 31: */
! 32: #define STROKE_BUF_LEN_INC 1024
! 33:
! 34: typedef enum list_flag_t list_flag_t;
! 35:
! 36: /**
! 37: * Definition of the LIST flags, used for
! 38: * the various stroke list* commands.
! 39: */
! 40: enum list_flag_t {
! 41: /** don't list anything */
! 42: LIST_NONE = 0x0000,
! 43: /** list all raw public keys */
! 44: LIST_PUBKEYS = 0x0001,
! 45: /** list all host/user certs */
! 46: LIST_CERTS = 0x0002,
! 47: /** list all ca certs */
! 48: LIST_CACERTS = 0x0004,
! 49: /** list all ocsp signer certs */
! 50: LIST_OCSPCERTS = 0x0008,
! 51: /** list all aa certs */
! 52: LIST_AACERTS = 0x0010,
! 53: /** list all attribute certs */
! 54: LIST_ACERTS = 0x0020,
! 55: /** list all access control groups */
! 56: LIST_GROUPS = 0x0040,
! 57: /** list all ca information records */
! 58: LIST_CAINFOS = 0x0080,
! 59: /** list all crls */
! 60: LIST_CRLS = 0x0100,
! 61: /** list all ocsp cache entries */
! 62: LIST_OCSP = 0x0200,
! 63: /** list all supported algorithms */
! 64: LIST_ALGS = 0x0400,
! 65: /** list plugin information */
! 66: LIST_PLUGINS = 0x0800,
! 67: /** all list options */
! 68: LIST_ALL = 0x0FFF,
! 69: };
! 70:
! 71: typedef enum reread_flag_t reread_flag_t;
! 72:
! 73: /**
! 74: * Definition of the REREAD flags, used for
! 75: * the various stroke reread* commands.
! 76: */
! 77: enum reread_flag_t {
! 78: /** don't reread anything */
! 79: REREAD_NONE = 0x0000,
! 80: /** reread all secret keys */
! 81: REREAD_SECRETS = 0x0001,
! 82: /** reread all ca certs */
! 83: REREAD_CACERTS = 0x0002,
! 84: /** reread all ocsp signer certs */
! 85: REREAD_OCSPCERTS = 0x0004,
! 86: /** reread all aa certs */
! 87: REREAD_AACERTS = 0x0008,
! 88: /** reread all attribute certs */
! 89: REREAD_ACERTS = 0x0010,
! 90: /** reread all crls */
! 91: REREAD_CRLS = 0x0020,
! 92: /** all reread options */
! 93: REREAD_ALL = 0x003F,
! 94: };
! 95:
! 96: typedef enum purge_flag_t purge_flag_t;
! 97:
! 98: /**
! 99: * Definition of the PURGE flags, currently used for
! 100: * the stroke purgeocsp command.
! 101: */
! 102: enum purge_flag_t {
! 103: /** don't purge anything */
! 104: PURGE_NONE = 0x0000,
! 105: /** purge ocsp cache entries */
! 106: PURGE_OCSP = 0x0001,
! 107: /** purge CRL cache entries */
! 108: PURGE_CRLS = 0x0002,
! 109: /** purge X509 cache entries */
! 110: PURGE_CERTS = 0x0004,
! 111: /** purge IKE_SAs without a CHILD_SA */
! 112: PURGE_IKE = 0x0008,
! 113: };
! 114:
! 115: typedef enum export_flag_t export_flag_t;
! 116:
! 117: /**
! 118: * Definition of the export flags
! 119: */
! 120: enum export_flag_t {
! 121: /** export an X509 certificate */
! 122: EXPORT_X509 = 0x0001,
! 123: /** export an X509 end entity certificate for a connection */
! 124: EXPORT_CONN_CERT = 0x0002,
! 125: /** export the complete trust chain of a connection */
! 126: EXPORT_CONN_CHAIN = 0x0004,
! 127: };
! 128:
! 129: /**
! 130: * CRL certificate validation policy
! 131: */
! 132: typedef enum {
! 133: CRL_STRICT_NO,
! 134: CRL_STRICT_YES,
! 135: CRL_STRICT_IFURI,
! 136: } crl_policy_t;
! 137:
! 138:
! 139: typedef struct stroke_end_t stroke_end_t;
! 140:
! 141: /**
! 142: * definition of a peer in a stroke message
! 143: */
! 144: struct stroke_end_t {
! 145: char *auth;
! 146: char *auth2;
! 147: char *id;
! 148: char *id2;
! 149: char *eap_id;
! 150: char *rsakey;
! 151: char *cert;
! 152: char *cert2;
! 153: char *ca;
! 154: char *ca2;
! 155: char *groups;
! 156: char *groups2;
! 157: char *cert_policy;
! 158: char *updown;
! 159: char *address;
! 160: uint16_t ikeport;
! 161: char *sourceip;
! 162: char *dns;
! 163: char *subnets;
! 164: int sendcert;
! 165: int hostaccess;
! 166: int tohost;
! 167: int allow_any;
! 168: uint8_t protocol;
! 169: uint16_t from_port;
! 170: uint16_t to_port;
! 171: };
! 172:
! 173: typedef struct stroke_msg_t stroke_msg_t;
! 174:
! 175: /**
! 176: * @brief A stroke message sent over the unix socket.
! 177: */
! 178: struct stroke_msg_t {
! 179: /* length of this message with all strings */
! 180: uint16_t length;
! 181:
! 182: /* type of the message */
! 183: enum {
! 184: /* initiate a connection */
! 185: STR_INITIATE,
! 186: /* install SPD entries for a policy */
! 187: STR_ROUTE,
! 188: /* uninstall SPD entries for a policy */
! 189: STR_UNROUTE,
! 190: /* add a connection */
! 191: STR_ADD_CONN,
! 192: /* delete a connection */
! 193: STR_DEL_CONN,
! 194: /* terminate connection */
! 195: STR_TERMINATE,
! 196: /* terminate connection by peers srcip/virtual ip */
! 197: STR_TERMINATE_SRCIP,
! 198: /* rekey a connection */
! 199: STR_REKEY,
! 200: /* show connection status */
! 201: STR_STATUS,
! 202: /* show verbose connection status */
! 203: STR_STATUS_ALL,
! 204: /* show verbose connection status, non-blocking variant */
! 205: STR_STATUS_ALL_NOBLK,
! 206: /* add a ca information record */
! 207: STR_ADD_CA,
! 208: /* delete ca information record */
! 209: STR_DEL_CA,
! 210: /* set a log type to log/not log */
! 211: STR_LOGLEVEL,
! 212: /* configure global options for stroke */
! 213: STR_CONFIG,
! 214: /* list various objects */
! 215: STR_LIST,
! 216: /* reread various objects */
! 217: STR_REREAD,
! 218: /* purge various objects */
! 219: STR_PURGE,
! 220: /* show pool leases */
! 221: STR_LEASES,
! 222: /* export credentials */
! 223: STR_EXPORT,
! 224: /* print memory usage details */
! 225: STR_MEMUSAGE,
! 226: /* set username and password for a connection */
! 227: STR_USER_CREDS,
! 228: /* print/reset counters */
! 229: STR_COUNTERS,
! 230: /* more to come */
! 231: } type;
! 232:
! 233: /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
! 234: int output_verbosity;
! 235:
! 236: union {
! 237: /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
! 238: struct {
! 239: char *name;
! 240: } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
! 241:
! 242: /* data for STR_TERMINATE_SRCIP */
! 243: struct {
! 244: char *start;
! 245: char *end;
! 246: } terminate_srcip;
! 247:
! 248: /* data for STR_ADD_CONN */
! 249: struct {
! 250: char *name;
! 251: int version;
! 252: char *eap_identity;
! 253: char *aaa_identity;
! 254: char *xauth_identity;
! 255: int mode;
! 256: int mobike;
! 257: int aggressive;
! 258: int pushmode;
! 259: int force_encap;
! 260: int fragmentation;
! 261: int ipcomp;
! 262: time_t inactivity;
! 263: int proxy_mode;
! 264: int install_policy;
! 265: int close_action;
! 266: uint32_t reqid;
! 267: uint32_t tfc;
! 268: uint8_t ikedscp;
! 269:
! 270: crl_policy_t crl_policy;
! 271: int unique;
! 272: struct {
! 273: char *ike;
! 274: char *esp;
! 275: char *ah;
! 276: } algorithms;
! 277: struct {
! 278: int reauth;
! 279: time_t ipsec_lifetime;
! 280: time_t ike_lifetime;
! 281: time_t margin;
! 282: uint64_t life_bytes;
! 283: uint64_t margin_bytes;
! 284: uint64_t life_packets;
! 285: uint64_t margin_packets;
! 286: unsigned long tries;
! 287: unsigned long fuzz;
! 288: } rekey;
! 289: struct {
! 290: time_t delay;
! 291: time_t timeout;
! 292: int action;
! 293: } dpd;
! 294: struct {
! 295: int mediation;
! 296: char *mediated_by;
! 297: char *peerid;
! 298: } ikeme;
! 299: struct {
! 300: uint32_t value;
! 301: uint32_t mask;
! 302: } mark_in, mark_out;
! 303: stroke_end_t me, other;
! 304: uint32_t replay_window;
! 305: bool sha256_96;
! 306: } add_conn;
! 307:
! 308: /* data for STR_ADD_CA */
! 309: struct {
! 310: char *name;
! 311: char *cacert;
! 312: char *crluri;
! 313: char *crluri2;
! 314: char *ocspuri;
! 315: char *ocspuri2;
! 316: char *certuribase;
! 317: } add_ca;
! 318:
! 319: /* data for STR_LOGLEVEL */
! 320: struct {
! 321: char *type;
! 322: int level;
! 323: } loglevel;
! 324:
! 325: /* data for STR_CONFIG */
! 326: struct {
! 327: int cachecrl;
! 328: } config;
! 329:
! 330: /* data for STR_LIST */
! 331: struct {
! 332: list_flag_t flags;
! 333: int utc;
! 334: } list;
! 335:
! 336: /* data for STR_REREAD */
! 337: struct {
! 338: reread_flag_t flags;
! 339: } reread;
! 340:
! 341: /* data for STR_PURGE */
! 342: struct {
! 343: purge_flag_t flags;
! 344: } purge;
! 345:
! 346: /* data for STR_EXPORT */
! 347: struct {
! 348: export_flag_t flags;
! 349: char *selector;
! 350: } export;
! 351:
! 352: /* data for STR_LEASES */
! 353: struct {
! 354: char *pool;
! 355: char *address;
! 356: } leases;
! 357:
! 358: /* data for STR_USER_CREDS */
! 359: struct {
! 360: char *name;
! 361: char *username;
! 362: char *password;
! 363: } user_creds;
! 364:
! 365: /* data for STR_COUNTERS */
! 366: struct {
! 367: /* reset or print counters? */
! 368: int reset;
! 369: char *name;
! 370: } counters;
! 371: };
! 372: /* length of the string buffer */
! 373: uint16_t buflen;
! 374: /* string buffer */
! 375: char buffer[];
! 376: };
! 377:
! 378: #endif /* STROKE_MSG_H_ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to stroke_msg.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / stroke