projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
added CERT_ROOF
[strongswan.git] / src / stroke / stroke.h
1 /**
2 * @file stroke.h
3 *
4 * @brief Definition of stroke_msg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef STROKE_H_
24 #define STROKE_H_
25
26 #include <sys/types.h>
27
28 /**
29 * Socket which is used to communicate between charon and stroke
30 */
31 #define STROKE_SOCKET "/var/run/charon.ctl"
32
33 #define STROKE_BUF_LEN 2048
34
35 typedef enum list_flag_t list_flag_t;
36
37 /**
38 * Definition of the LIST flags, used for
39 * the various stroke list* commands.
40 */
41 enum list_flag_t {
42 /** don't list anything */
43 LIST_NONE = 0x0000,
44 /** list all host/user certs */
45 LIST_CERTS = 0x0001,
46 /** list all ca certs */
47 LIST_CACERTS = 0x0002,
48 /** list all ocsp signer certs */
49 LIST_OCSPCERTS = 0x0004,
50 /** list all ca information records */
51 LIST_CAINFOS = 0x0008,
52 /** list all crls */
53 LIST_CRLS = 0x0010,
54 /** list all ocsp cache entries */
55 LIST_OCSP = 0x0020,
56 /** all list options */
57 LIST_ALL = 0x003F,
58 };
59
60 typedef enum reread_flag_t reread_flag_t;
61
62 /**
63 * Definition of the REREAD flags, used for
64 * the various stroke reread* commands.
65 */
66 enum reread_flag_t {
67 /** don't reread anything */
68 REREAD_NONE = 0x0000,
69 /** reread all ca certs */
70 REREAD_CACERTS = 0x0001,
71 /** reread all ocsp signer certs */
72 REREAD_OCSPCERTS = 0x0002,
73 /** reread all crls */
74 REREAD_CRLS = 0x0004,
75 /** all reread options */
76 REREAD_ALL = 0x0007,
77 };
78
79 typedef enum purge_flag_t purge_flag_t;
80
81 /**
82 * Definition of the PURGE flags, currently used for
83 * the stroke purgeocsp command.
84 */
85 enum purge_flag_t {
86 /** don't purge anything */
87 PURGE_NONE = 0x0000,
88 /** purge ocsp cache entries */
89 PURGE_OCSP = 0x0001,
90 };
91
92 typedef struct stroke_end_t stroke_end_t;
93
94 /**
95 * definition of a peer in a stroke message
96 */
97 struct stroke_end_t {
98 char *id;
99 char *cert;
100 char *ca;
101 char *updown;
102 char *address;
103 char *sourceip;
104 u_int8_t virtual_ip;
105 char *subnet;
106 int subnet_mask;
107 int sendcert;
108 int hostaccess;
109 int tohost;
110 u_int8_t protocol;
111 u_int16_t port;
112 };
113
114 typedef struct stroke_msg_t stroke_msg_t;
115
116 /**
117 * @brief A stroke message sent over the unix socket.
118 */
119 struct stroke_msg_t {
120 /* length of this message with all strings */
121 u_int16_t length;
122
123 /* type of the message */
124 enum {
125 /* initiate a connection */
126 STR_INITIATE,
127 /* install SPD entries for a policy */
128 STR_ROUTE,
129 /* uninstall SPD entries for a policy */
130 STR_UNROUTE,
131 /* add a connection */
132 STR_ADD_CONN,
133 /* delete a connection */
134 STR_DEL_CONN,
135 /* terminate connection */
136 STR_TERMINATE,
137 /* show connection status */
138 STR_STATUS,
139 /* show verbose connection status */
140 STR_STATUS_ALL,
141 /* add a ca information record */
142 STR_ADD_CA,
143 /* delete ca information record */
144 STR_DEL_CA,
145 /* set a log type to log/not log */
146 STR_LOGLEVEL,
147 /* list various objects */
148 STR_LIST,
149 /* reread various objects */
150 STR_REREAD,
151 /* purge various objects */
152 STR_PURGE
153 /* more to come */
154 } type;
155
156 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
157 int output_verbosity;
158
159 union {
160 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
161 struct {
162 char *name;
163 } initiate, route, unroute, terminate, status, del_conn, del_ca;
164
165 /* data for STR_ADD_CONN */
166 struct {
167 char *name;
168 int ikev2;
169 int auth_method;
170 int eap_type;
171 int mode;
172 struct {
173 char *ike;
174 char *esp;
175 } algorithms;
176 struct {
177 int reauth;
178 time_t ipsec_lifetime;
179 time_t ike_lifetime;
180 time_t margin;
181 unsigned long tries;
182 unsigned long fuzz;
183 } rekey;
184 struct {
185 time_t delay;
186 int action;
187 } dpd;
188 stroke_end_t me, other;
189 } add_conn;
190
191 /* data for STR_ADD_CA */
192 struct {
193 char *name;
194 char *cacert;
195 char *crluri;
196 char *crluri2;
197 char *ocspuri;
198 char *ocspuri2;
199 } add_ca;
200
201 /* data for STR_LOGLEVEL */
202 struct {
203 char *type;
204 int level;
205 } loglevel;
206
207 /* data for STR_LIST */
208 struct {
209 list_flag_t flags;
210 int utc;
211 } list;
212
213 /* data for STR_REREAD */
214 struct {
215 reread_flag_t flags;
216 } reread;
217
218 /* data for STR_PURGE */
219 struct {
220 purge_flag_t flags;
221 } purge;
222 };
223 char buffer[STROKE_BUF_LEN];
224 };
225
226 #endif /* STROKE_H_ */
strongSwan - IPsec VPN