diff options
Diffstat (limited to 'src/stroke/stroke_msg.h')
-rw-r--r-- | src/stroke/stroke_msg.h | 269 |
1 files changed, 269 insertions, 0 deletions
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h new file mode 100644 index 000000000..6aa5d8a49 --- /dev/null +++ b/src/stroke/stroke_msg.h @@ -0,0 +1,269 @@ +/** + * @file stroke_msg.h + * + * @brief Definition of stroke_msg_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: stroke_msg.h 3920 2008-05-08 16:19:11Z tobias $ + */ + +#ifndef STROKE_MSG_H_ +#define STROKE_MSG_H_ + +#include <sys/types.h> + +/** + * Socket which is used to communicate between charon and stroke + */ +#define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl" + +#define STROKE_BUF_LEN 2048 + +typedef enum list_flag_t list_flag_t; + +/** + * Definition of the LIST flags, used for + * the various stroke list* commands. + */ +enum list_flag_t { + /** don't list anything */ + LIST_NONE = 0x0000, + /** list all host/user certs */ + LIST_CERTS = 0x0001, + /** list all ca certs */ + LIST_CACERTS = 0x0002, + /** list all ocsp signer certs */ + LIST_OCSPCERTS = 0x0004, + /** list all aa certs */ + LIST_AACERTS = 0x0008, + /** list all attribute certs */ + LIST_ACERTS = 0x0010, + /** list all access control groups */ + LIST_GROUPS = 0x0020, + /** list all ca information records */ + LIST_CAINFOS = 0x0040, + /** list all crls */ + LIST_CRLS = 0x0080, + /** list all ocsp cache entries */ + LIST_OCSP = 0x0100, + /** all list options */ + LIST_ALL = 0x01FF, +}; + +typedef enum reread_flag_t reread_flag_t; + +/** + * Definition of the REREAD flags, used for + * the various stroke reread* commands. + */ +enum reread_flag_t { + /** don't reread anything */ + REREAD_NONE = 0x0000, + /** reread all secret keys */ + REREAD_SECRETS = 0x0001, + /** reread all ca certs */ + REREAD_CACERTS = 0x0002, + /** reread all ocsp signer certs */ + REREAD_OCSPCERTS = 0x0004, + /** reread all aa certs */ + REREAD_AACERTS = 0x0008, + /** reread all attribute certs */ + REREAD_ACERTS = 0x0010, + /** reread all crls */ + REREAD_CRLS = 0x0020, + /** all reread options */ + REREAD_ALL = 0x003F, +}; + +typedef enum purge_flag_t purge_flag_t; + +/** + * Definition of the PURGE flags, currently used for + * the stroke purgeocsp command. + */ +enum purge_flag_t { + /** don't purge anything */ + PURGE_NONE = 0x0000, + /** purge ocsp cache entries */ + PURGE_OCSP = 0x0001, +}; + +/** + * CRL certificate validation policy + */ +typedef enum { + CRL_STRICT_NO, + CRL_STRICT_YES, + CRL_STRICT_IFURI, +} crl_policy_t; + + +typedef struct stroke_end_t stroke_end_t; + +/** + * definition of a peer in a stroke message + */ +struct stroke_end_t { + char *id; + char *cert; + char *ca; + char *groups; + char *updown; + char *address; + char *sourceip; + int sourceip_size; + char *subnets; + int sendcert; + int hostaccess; + int tohost; + u_int8_t protocol; + u_int16_t port; +}; + +typedef struct stroke_msg_t stroke_msg_t; + +/** + * @brief A stroke message sent over the unix socket. + */ +struct stroke_msg_t { + /* length of this message with all strings */ + u_int16_t length; + + /* type of the message */ + enum { + /* initiate a connection */ + STR_INITIATE, + /* install SPD entries for a policy */ + STR_ROUTE, + /* uninstall SPD entries for a policy */ + STR_UNROUTE, + /* add a connection */ + STR_ADD_CONN, + /* delete a connection */ + STR_DEL_CONN, + /* terminate connection */ + STR_TERMINATE, + /* show connection status */ + STR_STATUS, + /* show verbose connection status */ + STR_STATUS_ALL, + /* add a ca information record */ + STR_ADD_CA, + /* delete ca information record */ + STR_DEL_CA, + /* set a log type to log/not log */ + STR_LOGLEVEL, + /* configure global options for stroke */ + STR_CONFIG, + /* list various objects */ + STR_LIST, + /* reread various objects */ + STR_REREAD, + /* purge various objects */ + STR_PURGE + /* more to come */ + } type; + + /* verbosity of output returned from charon (-from -1=silent to 4=private)*/ + int output_verbosity; + + union { + /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */ + struct { + char *name; + } initiate, route, unroute, terminate, status, del_conn, del_ca; + + /* data for STR_ADD_CONN */ + struct { + char *name; + int ikev2; + int auth_method; + u_int32_t eap_type; + u_int32_t eap_vendor; + int mode; + int mobike; + int force_encap; + int ipcomp; + crl_policy_t crl_policy; + int unique; + struct { + char *ike; + char *esp; + } algorithms; + struct { + int reauth; + time_t ipsec_lifetime; + time_t ike_lifetime; + time_t margin; + unsigned long tries; + unsigned long fuzz; + } rekey; + struct { + time_t delay; + int action; + } dpd; + struct { + int mediation; + char *mediated_by; + char *peerid; + } ikeme; + stroke_end_t me, other; + } add_conn; + + /* data for STR_ADD_CA */ + struct { + char *name; + char *cacert; + char *crluri; + char *crluri2; + char *ocspuri; + char *ocspuri2; + char *certuribase; + } add_ca; + + /* data for STR_LOGLEVEL */ + struct { + char *type; + int level; + } loglevel; + + /* data for STR_CONFIG */ + struct { + int cachecrl; + } config; + + /* data for STR_LIST */ + struct { + list_flag_t flags; + int utc; + } list; + + /* data for STR_REREAD */ + struct { + reread_flag_t flags; + } reread; + + /* data for STR_PURGE */ + struct { + purge_flag_t flags; + } purge; + }; + char buffer[STROKE_BUF_LEN]; +}; + +#endif /* STROKE_MSG_H_ */ |