From db67c87db3c9089ea8d2e14f617bf3d9e2af261f Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Wed, 9 Jul 2008 21:02:41 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.2.4) --- src/stroke/Makefile.am | 3 +- src/stroke/Makefile.in | 40 ++++--- src/stroke/stroke.c | 54 ++------- src/stroke/stroke.h | 249 --------------------------------------- src/stroke/stroke_keywords.c | 5 +- src/stroke/stroke_msg.h | 269 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 304 insertions(+), 316 deletions(-) delete mode 100644 src/stroke/stroke.h create mode 100644 src/stroke/stroke_msg.h (limited to 'src/stroke') diff --git a/src/stroke/Makefile.am b/src/stroke/Makefile.am index 6ea64753c..aaedfc787 100644 --- a/src/stroke/Makefile.am +++ b/src/stroke/Makefile.am @@ -1,9 +1,10 @@ ipsec_PROGRAMS = stroke -stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h +stroke_SOURCES = stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h INCLUDES = -I$(top_srcdir)/src/libstrongswan EXTRA_DIST = stroke_keywords.txt MAINTAINERCLEANFILES = stroke_keywords.c +AM_CFLAGS = -DIPSEC_PIDDIR=\"${piddir}\" stroke_keywords.c: stroke_keywords.txt stroke_keywords.h $(GPERF) -C -G -t < stroke_keywords.txt > stroke_keywords.c diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index ad3df98d5..4f3373d23 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.10.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -83,6 +83,7 @@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ @@ -112,6 +113,7 @@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ @@ -142,7 +144,6 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ -backenddir = @backenddir@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -153,12 +154,11 @@ builddir = @builddir@ confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ -dbus_CFLAGS = @dbus_CFLAGS@ -dbus_LIBS = @dbus_LIBS@ docdir = @docdir@ dvidir = @dvidir@ -eapdir = @eapdir@ exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -168,12 +168,12 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -interfacedir = @interfacedir@ ipsecdir = @ipsecdir@ -ipsecgid = @ipsecgid@ -ipsecuid = @ipsecuid@ +ipsecgroup = @ipsecgroup@ +ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ linuxdir = @linuxdir@ localedir = @localedir@ localstatedir = @localstatedir@ @@ -186,20 +186,23 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +resolv_conf = @resolv_conf@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ simreader = @simreader@ srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -stroke_SOURCES = stroke.c stroke.h stroke_keywords.c stroke_keywords.h +stroke_SOURCES = stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h INCLUDES = -I$(top_srcdir)/src/libstrongswan EXTRA_DIST = stroke_keywords.txt MAINTAINERCLEANFILES = stroke_keywords.c +AM_CFLAGS = -DIPSEC_PIDDIR=\"${piddir}\" all: all-am .SUFFIXES: @@ -242,8 +245,8 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS) || test -f $$p1 \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ else :; fi; \ done @@ -306,8 +309,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS @@ -319,8 +322,8 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ @@ -330,13 +333,12 @@ ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index af06c8890..55f98f751 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: stroke.c 3271 2007-10-08 20:12:25Z andreas $ + * RCSID $Id: stroke.c 3875 2008-04-25 12:41:37Z martin $ */ #include @@ -28,7 +28,7 @@ #include #include -#include "stroke.h" +#include "stroke_msg.h" #include "stroke_keywords.h" struct stroke_token { @@ -100,66 +100,30 @@ static int send_stroke_msg (stroke_msg_t *msg) static int add_connection(char *name, char *my_id, char *other_id, char *my_addr, char *other_addr, - char *my_net, char *other_net, - u_int my_netmask, u_int other_netmask) + char *my_nets, char *other_nets) { stroke_msg_t msg; + memset(&msg, 0, sizeof(msg)); msg.length = offsetof(stroke_msg_t, buffer); msg.type = STR_ADD_CONN; msg.add_conn.name = push_string(&msg, name); msg.add_conn.ikev2 = 1; msg.add_conn.auth_method = 2; - msg.add_conn.eap_type = 0; msg.add_conn.mode = 1; msg.add_conn.mobike = 1; - msg.add_conn.force_encap = 0; - - msg.add_conn.rekey.reauth = 0; - msg.add_conn.rekey.ipsec_lifetime = 0; - msg.add_conn.rekey.ike_lifetime = 0; - msg.add_conn.rekey.margin = 0; - msg.add_conn.rekey.tries = 0; - msg.add_conn.rekey.fuzz = 0; - - msg.add_conn.algorithms.ike = NULL; - msg.add_conn.algorithms.esp = NULL; - - msg.add_conn.dpd.delay = 0; msg.add_conn.dpd.action = 1; - msg.add_conn.p2p.mediation = 0; - msg.add_conn.p2p.mediated_by = NULL; - msg.add_conn.p2p.peerid = NULL; - msg.add_conn.me.id = push_string(&msg, my_id); msg.add_conn.me.address = push_string(&msg, my_addr); - msg.add_conn.me.subnet = push_string(&msg, my_net); - msg.add_conn.me.subnet_mask = my_netmask; - msg.add_conn.me.sourceip = NULL; - msg.add_conn.me.virtual_ip = 0; - msg.add_conn.me.cert = NULL; - msg.add_conn.me.ca = NULL; + msg.add_conn.me.subnets = push_string(&msg, my_nets); msg.add_conn.me.sendcert = 1; - msg.add_conn.me.hostaccess = 0; - msg.add_conn.me.tohost = 0; - msg.add_conn.me.protocol = 0; - msg.add_conn.me.port = 0; msg.add_conn.other.id = push_string(&msg, other_id); msg.add_conn.other.address = push_string(&msg, other_addr); - msg.add_conn.other.subnet = push_string(&msg, other_net); - msg.add_conn.other.subnet_mask = other_netmask; - msg.add_conn.other.sourceip = NULL; - msg.add_conn.other.virtual_ip = 0; - msg.add_conn.other.cert = NULL; - msg.add_conn.other.ca = NULL; + msg.add_conn.other.subnets = push_string(&msg, other_nets); msg.add_conn.other.sendcert = 1; - msg.add_conn.other.hostaccess = 0; - msg.add_conn.other.tohost = 0; - msg.add_conn.other.protocol = 0; - msg.add_conn.other.port = 0; return send_stroke_msg(&msg); } @@ -310,8 +274,7 @@ static void exit_usage(char *error) printf(" MY_NET OTHER_NET MY_NETBITS OTHER_NETBITS\n"); printf(" where: ID is any IKEv2 ID \n"); printf(" ADDR is a IPv4 address\n"); - printf(" NET is a IPv4 address of the subnet to tunnel\n"); - printf(" NETBITS is the size of the subnet, as the \"24\" in 192.168.0.0/24\n"); + printf(" NET is a IPv4 subnet in CIDR notation\n"); printf(" Delete a connection:\n"); printf(" stroke delete NAME\n"); printf(" where: NAME is a connection name added with \"stroke add\"\n"); @@ -367,8 +330,7 @@ int main(int argc, char *argv[]) res = add_connection(argv[2], argv[3], argv[4], argv[5], argv[6], - argv[7], argv[8], - atoi(argv[9]), atoi(argv[10])); + argv[7], argv[8]); break; case STROKE_DELETE: case STROKE_DEL: diff --git a/src/stroke/stroke.h b/src/stroke/stroke.h deleted file mode 100644 index ca4e397e4..000000000 --- a/src/stroke/stroke.h +++ /dev/null @@ -1,249 +0,0 @@ -/** - * @file stroke.h - * - * @brief Definition of stroke_msg_t. - * - */ - -/* - * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: stroke.h 3394 2007-12-13 17:31:21Z martin $ - */ - -#ifndef STROKE_H_ -#define STROKE_H_ - -#include - -/** - * Socket which is used to communicate between charon and stroke - */ -#define STROKE_SOCKET "/var/run/charon.ctl" - -#define STROKE_BUF_LEN 2048 - -typedef enum list_flag_t list_flag_t; - -/** - * Definition of the LIST flags, used for - * the various stroke list* commands. - */ -enum list_flag_t { - /** don't list anything */ - LIST_NONE = 0x0000, - /** list all host/user certs */ - LIST_CERTS = 0x0001, - /** list all ca certs */ - LIST_CACERTS = 0x0002, - /** list all ocsp signer certs */ - LIST_OCSPCERTS = 0x0004, - /** list all aa certs */ - LIST_AACERTS = 0x0008, - /** list all attribute certs */ - LIST_ACERTS = 0x0010, - /** list all access control groups */ - LIST_GROUPS = 0x0020, - /** list all ca information records */ - LIST_CAINFOS = 0x0040, - /** list all crls */ - LIST_CRLS = 0x0080, - /** list all ocsp cache entries */ - LIST_OCSP = 0x0100, - /** all list options */ - LIST_ALL = 0x01FF, -}; - -typedef enum reread_flag_t reread_flag_t; - -/** - * Definition of the REREAD flags, used for - * the various stroke reread* commands. - */ -enum reread_flag_t { - /** don't reread anything */ - REREAD_NONE = 0x0000, - /** reread all secret keys */ - REREAD_SECRETS = 0x0001, - /** reread all ca certs */ - REREAD_CACERTS = 0x0002, - /** reread all ocsp signer certs */ - REREAD_OCSPCERTS = 0x0004, - /** reread all aa certs */ - REREAD_AACERTS = 0x0008, - /** reread all attribute certs */ - REREAD_ACERTS = 0x0010, - /** reread all crls */ - REREAD_CRLS = 0x0020, - /** all reread options */ - REREAD_ALL = 0x003F, -}; - -typedef enum purge_flag_t purge_flag_t; - -/** - * Definition of the PURGE flags, currently used for - * the stroke purgeocsp command. - */ -enum purge_flag_t { - /** don't purge anything */ - PURGE_NONE = 0x0000, - /** purge ocsp cache entries */ - PURGE_OCSP = 0x0001, -}; - -typedef struct stroke_end_t stroke_end_t; - -/** - * definition of a peer in a stroke message - */ -struct stroke_end_t { - char *id; - char *cert; - char *ca; - char *groups; - char *updown; - char *address; - char *sourceip; - u_int8_t virtual_ip; - char *subnet; - int subnet_mask; - int sendcert; - int hostaccess; - int tohost; - u_int8_t protocol; - u_int16_t port; -}; - -typedef struct stroke_msg_t stroke_msg_t; - -/** - * @brief A stroke message sent over the unix socket. - */ -struct stroke_msg_t { - /* length of this message with all strings */ - u_int16_t length; - - /* type of the message */ - enum { - /* initiate a connection */ - STR_INITIATE, - /* install SPD entries for a policy */ - STR_ROUTE, - /* uninstall SPD entries for a policy */ - STR_UNROUTE, - /* add a connection */ - STR_ADD_CONN, - /* delete a connection */ - STR_DEL_CONN, - /* terminate connection */ - STR_TERMINATE, - /* show connection status */ - STR_STATUS, - /* show verbose connection status */ - STR_STATUS_ALL, - /* add a ca information record */ - STR_ADD_CA, - /* delete ca information record */ - STR_DEL_CA, - /* set a log type to log/not log */ - STR_LOGLEVEL, - /* list various objects */ - STR_LIST, - /* reread various objects */ - STR_REREAD, - /* purge various objects */ - STR_PURGE - /* more to come */ - } type; - - /* verbosity of output returned from charon (-from -1=silent to 4=private)*/ - int output_verbosity; - - union { - /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */ - struct { - char *name; - } initiate, route, unroute, terminate, status, del_conn, del_ca; - - /* data for STR_ADD_CONN */ - struct { - char *name; - int ikev2; - int auth_method; - u_int32_t eap_type; - u_int32_t eap_vendor; - int mode; - int mobike; - int force_encap; - struct { - char *ike; - char *esp; - } algorithms; - struct { - int reauth; - time_t ipsec_lifetime; - time_t ike_lifetime; - time_t margin; - unsigned long tries; - unsigned long fuzz; - } rekey; - struct { - time_t delay; - int action; - } dpd; - struct { - int mediation; - char *mediated_by; - char *peerid; - } p2p; - stroke_end_t me, other; - } add_conn; - - /* data for STR_ADD_CA */ - struct { - char *name; - char *cacert; - char *crluri; - char *crluri2; - char *ocspuri; - char *ocspuri2; - } add_ca; - - /* data for STR_LOGLEVEL */ - struct { - char *type; - int level; - } loglevel; - - /* data for STR_LIST */ - struct { - list_flag_t flags; - int utc; - } list; - - /* data for STR_REREAD */ - struct { - reread_flag_t flags; - } reread; - - /* data for STR_PURGE */ - struct { - purge_flag_t flags; - } purge; - }; - char buffer[STROKE_BUF_LEN]; -}; - -#endif /* STROKE_H_ */ diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c index 5143cba2e..ad37732fa 100644 --- a/src/stroke/stroke_keywords.c +++ b/src/stroke/stroke_keywords.c @@ -1,4 +1,4 @@ -/* C code produced by gperf version 3.0.1 */ +/* C code produced by gperf version 3.0.3 */ /* Command-line: /usr/bin/gperf -C -G -t */ /* Computed positions: -k'1,5,7' */ @@ -169,6 +169,9 @@ static const struct stroke_token wordlist[] = #ifdef __GNUC__ __inline +#ifdef __GNUC_STDC_INLINE__ +__attribute__ ((__gnu_inline__)) +#endif #endif const struct stroke_token * in_word_set (str, len) diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h new file mode 100644 index 000000000..6aa5d8a49 --- /dev/null +++ b/src/stroke/stroke_msg.h @@ -0,0 +1,269 @@ +/** + * @file stroke_msg.h + * + * @brief Definition of stroke_msg_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: stroke_msg.h 3920 2008-05-08 16:19:11Z tobias $ + */ + +#ifndef STROKE_MSG_H_ +#define STROKE_MSG_H_ + +#include + +/** + * Socket which is used to communicate between charon and stroke + */ +#define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl" + +#define STROKE_BUF_LEN 2048 + +typedef enum list_flag_t list_flag_t; + +/** + * Definition of the LIST flags, used for + * the various stroke list* commands. + */ +enum list_flag_t { + /** don't list anything */ + LIST_NONE = 0x0000, + /** list all host/user certs */ + LIST_CERTS = 0x0001, + /** list all ca certs */ + LIST_CACERTS = 0x0002, + /** list all ocsp signer certs */ + LIST_OCSPCERTS = 0x0004, + /** list all aa certs */ + LIST_AACERTS = 0x0008, + /** list all attribute certs */ + LIST_ACERTS = 0x0010, + /** list all access control groups */ + LIST_GROUPS = 0x0020, + /** list all ca information records */ + LIST_CAINFOS = 0x0040, + /** list all crls */ + LIST_CRLS = 0x0080, + /** list all ocsp cache entries */ + LIST_OCSP = 0x0100, + /** all list options */ + LIST_ALL = 0x01FF, +}; + +typedef enum reread_flag_t reread_flag_t; + +/** + * Definition of the REREAD flags, used for + * the various stroke reread* commands. + */ +enum reread_flag_t { + /** don't reread anything */ + REREAD_NONE = 0x0000, + /** reread all secret keys */ + REREAD_SECRETS = 0x0001, + /** reread all ca certs */ + REREAD_CACERTS = 0x0002, + /** reread all ocsp signer certs */ + REREAD_OCSPCERTS = 0x0004, + /** reread all aa certs */ + REREAD_AACERTS = 0x0008, + /** reread all attribute certs */ + REREAD_ACERTS = 0x0010, + /** reread all crls */ + REREAD_CRLS = 0x0020, + /** all reread options */ + REREAD_ALL = 0x003F, +}; + +typedef enum purge_flag_t purge_flag_t; + +/** + * Definition of the PURGE flags, currently used for + * the stroke purgeocsp command. + */ +enum purge_flag_t { + /** don't purge anything */ + PURGE_NONE = 0x0000, + /** purge ocsp cache entries */ + PURGE_OCSP = 0x0001, +}; + +/** + * CRL certificate validation policy + */ +typedef enum { + CRL_STRICT_NO, + CRL_STRICT_YES, + CRL_STRICT_IFURI, +} crl_policy_t; + + +typedef struct stroke_end_t stroke_end_t; + +/** + * definition of a peer in a stroke message + */ +struct stroke_end_t { + char *id; + char *cert; + char *ca; + char *groups; + char *updown; + char *address; + char *sourceip; + int sourceip_size; + char *subnets; + int sendcert; + int hostaccess; + int tohost; + u_int8_t protocol; + u_int16_t port; +}; + +typedef struct stroke_msg_t stroke_msg_t; + +/** + * @brief A stroke message sent over the unix socket. + */ +struct stroke_msg_t { + /* length of this message with all strings */ + u_int16_t length; + + /* type of the message */ + enum { + /* initiate a connection */ + STR_INITIATE, + /* install SPD entries for a policy */ + STR_ROUTE, + /* uninstall SPD entries for a policy */ + STR_UNROUTE, + /* add a connection */ + STR_ADD_CONN, + /* delete a connection */ + STR_DEL_CONN, + /* terminate connection */ + STR_TERMINATE, + /* show connection status */ + STR_STATUS, + /* show verbose connection status */ + STR_STATUS_ALL, + /* add a ca information record */ + STR_ADD_CA, + /* delete ca information record */ + STR_DEL_CA, + /* set a log type to log/not log */ + STR_LOGLEVEL, + /* configure global options for stroke */ + STR_CONFIG, + /* list various objects */ + STR_LIST, + /* reread various objects */ + STR_REREAD, + /* purge various objects */ + STR_PURGE + /* more to come */ + } type; + + /* verbosity of output returned from charon (-from -1=silent to 4=private)*/ + int output_verbosity; + + union { + /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */ + struct { + char *name; + } initiate, route, unroute, terminate, status, del_conn, del_ca; + + /* data for STR_ADD_CONN */ + struct { + char *name; + int ikev2; + int auth_method; + u_int32_t eap_type; + u_int32_t eap_vendor; + int mode; + int mobike; + int force_encap; + int ipcomp; + crl_policy_t crl_policy; + int unique; + struct { + char *ike; + char *esp; + } algorithms; + struct { + int reauth; + time_t ipsec_lifetime; + time_t ike_lifetime; + time_t margin; + unsigned long tries; + unsigned long fuzz; + } rekey; + struct { + time_t delay; + int action; + } dpd; + struct { + int mediation; + char *mediated_by; + char *peerid; + } ikeme; + stroke_end_t me, other; + } add_conn; + + /* data for STR_ADD_CA */ + struct { + char *name; + char *cacert; + char *crluri; + char *crluri2; + char *ocspuri; + char *ocspuri2; + char *certuribase; + } add_ca; + + /* data for STR_LOGLEVEL */ + struct { + char *type; + int level; + } loglevel; + + /* data for STR_CONFIG */ + struct { + int cachecrl; + } config; + + /* data for STR_LIST */ + struct { + list_flag_t flags; + int utc; + } list; + + /* data for STR_REREAD */ + struct { + reread_flag_t flags; + } reread; + + /* data for STR_PURGE */ + struct { + purge_flag_t flags; + } purge; + }; + char buffer[STROKE_BUF_LEN]; +}; + +#endif /* STROKE_MSG_H_ */ -- cgit v1.2.3