![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to stroke_msg.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / stroke|
Return to stroke_msg.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / stroke |
1.1 misho 1: /*
2: * Copyright (C) 2015 Tobias Brunner
3: * Copyright (C) 2006 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #ifndef STROKE_MSG_H_
18: #define STROKE_MSG_H_
19:
20: #include <sys/types.h>
21:
22: #include <library.h>
23:
24: /**
25: * Socket which is used to communicate between charon and stroke
26: */
27: #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
28:
29: /**
30: * Number of bytes by which the buffer is increased as needed
31: */
32: #define STROKE_BUF_LEN_INC 1024
33:
34: typedef enum list_flag_t list_flag_t;
35:
36: /**
37: * Definition of the LIST flags, used for
38: * the various stroke list* commands.
39: */
40: enum list_flag_t {
41: /** don't list anything */
42: LIST_NONE = 0x0000,
43: /** list all raw public keys */
44: LIST_PUBKEYS = 0x0001,
45: /** list all host/user certs */
46: LIST_CERTS = 0x0002,
47: /** list all ca certs */
48: LIST_CACERTS = 0x0004,
49: /** list all ocsp signer certs */
50: LIST_OCSPCERTS = 0x0008,
51: /** list all aa certs */
52: LIST_AACERTS = 0x0010,
53: /** list all attribute certs */
54: LIST_ACERTS = 0x0020,
55: /** list all access control groups */
56: LIST_GROUPS = 0x0040,
57: /** list all ca information records */
58: LIST_CAINFOS = 0x0080,
59: /** list all crls */
60: LIST_CRLS = 0x0100,
61: /** list all ocsp cache entries */
62: LIST_OCSP = 0x0200,
63: /** list all supported algorithms */
64: LIST_ALGS = 0x0400,
65: /** list plugin information */
66: LIST_PLUGINS = 0x0800,
67: /** all list options */
68: LIST_ALL = 0x0FFF,
69: };
70:
71: typedef enum reread_flag_t reread_flag_t;
72:
73: /**
74: * Definition of the REREAD flags, used for
75: * the various stroke reread* commands.
76: */
77: enum reread_flag_t {
78: /** don't reread anything */
79: REREAD_NONE = 0x0000,
80: /** reread all secret keys */
81: REREAD_SECRETS = 0x0001,
82: /** reread all ca certs */
83: REREAD_CACERTS = 0x0002,
84: /** reread all ocsp signer certs */
85: REREAD_OCSPCERTS = 0x0004,
86: /** reread all aa certs */
87: REREAD_AACERTS = 0x0008,
88: /** reread all attribute certs */
89: REREAD_ACERTS = 0x0010,
90: /** reread all crls */
91: REREAD_CRLS = 0x0020,
92: /** all reread options */
93: REREAD_ALL = 0x003F,
94: };
95:
96: typedef enum purge_flag_t purge_flag_t;
97:
98: /**
99: * Definition of the PURGE flags, currently used for
100: * the stroke purgeocsp command.
101: */
102: enum purge_flag_t {
103: /** don't purge anything */
104: PURGE_NONE = 0x0000,
105: /** purge ocsp cache entries */
106: PURGE_OCSP = 0x0001,
107: /** purge CRL cache entries */
108: PURGE_CRLS = 0x0002,
109: /** purge X509 cache entries */
110: PURGE_CERTS = 0x0004,
111: /** purge IKE_SAs without a CHILD_SA */
112: PURGE_IKE = 0x0008,
113: };
114:
115: typedef enum export_flag_t export_flag_t;
116:
117: /**
118: * Definition of the export flags
119: */
120: enum export_flag_t {
121: /** export an X509 certificate */
122: EXPORT_X509 = 0x0001,
123: /** export an X509 end entity certificate for a connection */
124: EXPORT_CONN_CERT = 0x0002,
125: /** export the complete trust chain of a connection */
126: EXPORT_CONN_CHAIN = 0x0004,
127: };
128:
129: /**
130: * CRL certificate validation policy
131: */
132: typedef enum {
133: CRL_STRICT_NO,
134: CRL_STRICT_YES,
135: CRL_STRICT_IFURI,
136: } crl_policy_t;
137:
138:
139: typedef struct stroke_end_t stroke_end_t;
140:
141: /**
142: * definition of a peer in a stroke message
143: */
144: struct stroke_end_t {
145: char *auth;
146: char *auth2;
147: char *id;
148: char *id2;
149: char *eap_id;
150: char *rsakey;
151: char *cert;
152: char *cert2;
153: char *ca;
154: char *ca2;
155: char *groups;
156: char *groups2;
157: char *cert_policy;
158: char *updown;
159: char *address;
160: uint16_t ikeport;
161: char *sourceip;
162: char *dns;
163: char *subnets;
164: int sendcert;
165: int hostaccess;
166: int tohost;
167: int allow_any;
168: uint8_t protocol;
169: uint16_t from_port;
170: uint16_t to_port;
171: };
172:
173: typedef struct stroke_msg_t stroke_msg_t;
174:
175: /**
176: * @brief A stroke message sent over the unix socket.
177: */
178: struct stroke_msg_t {
179: /* length of this message with all strings */
180: uint16_t length;
181:
182: /* type of the message */
183: enum {
184: /* initiate a connection */
185: STR_INITIATE,
186: /* install SPD entries for a policy */
187: STR_ROUTE,
188: /* uninstall SPD entries for a policy */
189: STR_UNROUTE,
190: /* add a connection */
191: STR_ADD_CONN,
192: /* delete a connection */
193: STR_DEL_CONN,
194: /* terminate connection */
195: STR_TERMINATE,
196: /* terminate connection by peers srcip/virtual ip */
197: STR_TERMINATE_SRCIP,
198: /* rekey a connection */
199: STR_REKEY,
200: /* show connection status */
201: STR_STATUS,
202: /* show verbose connection status */
203: STR_STATUS_ALL,
204: /* show verbose connection status, non-blocking variant */
205: STR_STATUS_ALL_NOBLK,
206: /* add a ca information record */
207: STR_ADD_CA,
208: /* delete ca information record */
209: STR_DEL_CA,
210: /* set a log type to log/not log */
211: STR_LOGLEVEL,
212: /* configure global options for stroke */
213: STR_CONFIG,
214: /* list various objects */
215: STR_LIST,
216: /* reread various objects */
217: STR_REREAD,
218: /* purge various objects */
219: STR_PURGE,
220: /* show pool leases */
221: STR_LEASES,
222: /* export credentials */
223: STR_EXPORT,
224: /* print memory usage details */
225: STR_MEMUSAGE,
226: /* set username and password for a connection */
227: STR_USER_CREDS,
228: /* print/reset counters */
229: STR_COUNTERS,
230: /* more to come */
231: } type;
232:
233: /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
234: int output_verbosity;
235:
236: union {
237: /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
238: struct {
239: char *name;
240: } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
241:
242: /* data for STR_TERMINATE_SRCIP */
243: struct {
244: char *start;
245: char *end;
246: } terminate_srcip;
247:
248: /* data for STR_ADD_CONN */
249: struct {
250: char *name;
251: int version;
252: char *eap_identity;
253: char *aaa_identity;
254: char *xauth_identity;
255: int mode;
256: int mobike;
257: int aggressive;
258: int pushmode;
259: int force_encap;
260: int fragmentation;
261: int ipcomp;
262: time_t inactivity;
263: int proxy_mode;
264: int install_policy;
265: int close_action;
266: uint32_t reqid;
267: uint32_t tfc;
268: uint8_t ikedscp;
269:
270: crl_policy_t crl_policy;
271: int unique;
272: struct {
273: char *ike;
274: char *esp;
275: char *ah;
276: } algorithms;
277: struct {
278: int reauth;
279: time_t ipsec_lifetime;
280: time_t ike_lifetime;
281: time_t margin;
282: uint64_t life_bytes;
283: uint64_t margin_bytes;
284: uint64_t life_packets;
285: uint64_t margin_packets;
286: unsigned long tries;
287: unsigned long fuzz;
288: } rekey;
289: struct {
290: time_t delay;
291: time_t timeout;
292: int action;
293: } dpd;
294: struct {
295: int mediation;
296: char *mediated_by;
297: char *peerid;
298: } ikeme;
299: struct {
300: uint32_t value;
301: uint32_t mask;
302: } mark_in, mark_out;
303: stroke_end_t me, other;
304: uint32_t replay_window;
305: bool sha256_96;
306: } add_conn;
307:
308: /* data for STR_ADD_CA */
309: struct {
310: char *name;
311: char *cacert;
312: char *crluri;
313: char *crluri2;
314: char *ocspuri;
315: char *ocspuri2;
316: char *certuribase;
317: } add_ca;
318:
319: /* data for STR_LOGLEVEL */
320: struct {
321: char *type;
322: int level;
323: } loglevel;
324:
325: /* data for STR_CONFIG */
326: struct {
327: int cachecrl;
328: } config;
329:
330: /* data for STR_LIST */
331: struct {
332: list_flag_t flags;
333: int utc;
334: } list;
335:
336: /* data for STR_REREAD */
337: struct {
338: reread_flag_t flags;
339: } reread;
340:
341: /* data for STR_PURGE */
342: struct {
343: purge_flag_t flags;
344: } purge;
345:
346: /* data for STR_EXPORT */
347: struct {
348: export_flag_t flags;
349: char *selector;
350: } export;
351:
352: /* data for STR_LEASES */
353: struct {
354: char *pool;
355: char *address;
356: } leases;
357:
358: /* data for STR_USER_CREDS */
359: struct {
360: char *name;
361: char *username;
362: char *password;
363: } user_creds;
364:
365: /* data for STR_COUNTERS */
366: struct {
367: /* reset or print counters? */
368: int reset;
369: char *name;
370: } counters;
371: };
372: /* length of the string buffer */
373: uint16_t buflen;
374: /* string buffer */
375: char buffer[];
376: };
377:
378: #endif /* STROKE_MSG_H_ */