respecting ipsec.conf cachecrls= option
[strongswan.git] / src / stroke / stroke_msg.h
1 /**
2 * @file stroke_msg.h
3 *
4 * @brief Definition of stroke_msg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 *
22 * RCSID $Id$
23 */
24
25 #ifndef STROKE_MSG_H_
26 #define STROKE_MSG_H_
27
28 #include <sys/types.h>
29
30 /**
31 * Socket which is used to communicate between charon and stroke
32 */
33 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
34
35 #define STROKE_BUF_LEN 2048
36
37 typedef enum list_flag_t list_flag_t;
38
39 /**
40 * Definition of the LIST flags, used for
41 * the various stroke list* commands.
42 */
43 enum list_flag_t {
44 /** don't list anything */
45 LIST_NONE = 0x0000,
46 /** list all host/user certs */
47 LIST_CERTS = 0x0001,
48 /** list all ca certs */
49 LIST_CACERTS = 0x0002,
50 /** list all ocsp signer certs */
51 LIST_OCSPCERTS = 0x0004,
52 /** list all aa certs */
53 LIST_AACERTS = 0x0008,
54 /** list all attribute certs */
55 LIST_ACERTS = 0x0010,
56 /** list all access control groups */
57 LIST_GROUPS = 0x0020,
58 /** list all ca information records */
59 LIST_CAINFOS = 0x0040,
60 /** list all crls */
61 LIST_CRLS = 0x0080,
62 /** list all ocsp cache entries */
63 LIST_OCSP = 0x0100,
64 /** all list options */
65 LIST_ALL = 0x01FF,
66 };
67
68 typedef enum reread_flag_t reread_flag_t;
69
70 /**
71 * Definition of the REREAD flags, used for
72 * the various stroke reread* commands.
73 */
74 enum reread_flag_t {
75 /** don't reread anything */
76 REREAD_NONE = 0x0000,
77 /** reread all secret keys */
78 REREAD_SECRETS = 0x0001,
79 /** reread all ca certs */
80 REREAD_CACERTS = 0x0002,
81 /** reread all ocsp signer certs */
82 REREAD_OCSPCERTS = 0x0004,
83 /** reread all aa certs */
84 REREAD_AACERTS = 0x0008,
85 /** reread all attribute certs */
86 REREAD_ACERTS = 0x0010,
87 /** reread all crls */
88 REREAD_CRLS = 0x0020,
89 /** all reread options */
90 REREAD_ALL = 0x003F,
91 };
92
93 typedef enum purge_flag_t purge_flag_t;
94
95 /**
96 * Definition of the PURGE flags, currently used for
97 * the stroke purgeocsp command.
98 */
99 enum purge_flag_t {
100 /** don't purge anything */
101 PURGE_NONE = 0x0000,
102 /** purge ocsp cache entries */
103 PURGE_OCSP = 0x0001,
104 };
105
106 /**
107 * CRL certificate validation policy
108 */
109 typedef enum {
110 CRL_STRICT_NO,
111 CRL_STRICT_YES,
112 CRL_STRICT_IFURI,
113 } crl_policy_t;
114
115
116 typedef struct stroke_end_t stroke_end_t;
117
118 /**
119 * definition of a peer in a stroke message
120 */
121 struct stroke_end_t {
122 char *id;
123 char *cert;
124 char *ca;
125 char *groups;
126 char *updown;
127 char *address;
128 char *sourceip;
129 int sourceip_size;
130 char *subnet;
131 int subnet_mask;
132 int sendcert;
133 int hostaccess;
134 int tohost;
135 u_int8_t protocol;
136 u_int16_t port;
137 };
138
139 typedef struct stroke_msg_t stroke_msg_t;
140
141 /**
142 * @brief A stroke message sent over the unix socket.
143 */
144 struct stroke_msg_t {
145 /* length of this message with all strings */
146 u_int16_t length;
147
148 /* type of the message */
149 enum {
150 /* initiate a connection */
151 STR_INITIATE,
152 /* install SPD entries for a policy */
153 STR_ROUTE,
154 /* uninstall SPD entries for a policy */
155 STR_UNROUTE,
156 /* add a connection */
157 STR_ADD_CONN,
158 /* delete a connection */
159 STR_DEL_CONN,
160 /* terminate connection */
161 STR_TERMINATE,
162 /* show connection status */
163 STR_STATUS,
164 /* show verbose connection status */
165 STR_STATUS_ALL,
166 /* add a ca information record */
167 STR_ADD_CA,
168 /* delete ca information record */
169 STR_DEL_CA,
170 /* set a log type to log/not log */
171 STR_LOGLEVEL,
172 /* configure global options for stroke */
173 STR_CONFIG,
174 /* list various objects */
175 STR_LIST,
176 /* reread various objects */
177 STR_REREAD,
178 /* purge various objects */
179 STR_PURGE
180 /* more to come */
181 } type;
182
183 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
184 int output_verbosity;
185
186 union {
187 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
188 struct {
189 char *name;
190 } initiate, route, unroute, terminate, status, del_conn, del_ca;
191
192 /* data for STR_ADD_CONN */
193 struct {
194 char *name;
195 int ikev2;
196 int auth_method;
197 u_int32_t eap_type;
198 u_int32_t eap_vendor;
199 int mode;
200 int mobike;
201 int force_encap;
202 crl_policy_t crl_policy;
203 int unique;
204 struct {
205 char *ike;
206 char *esp;
207 } algorithms;
208 struct {
209 int reauth;
210 time_t ipsec_lifetime;
211 time_t ike_lifetime;
212 time_t margin;
213 unsigned long tries;
214 unsigned long fuzz;
215 } rekey;
216 struct {
217 time_t delay;
218 int action;
219 } dpd;
220 struct {
221 int mediation;
222 char *mediated_by;
223 char *peerid;
224 } ikeme;
225 stroke_end_t me, other;
226 } add_conn;
227
228 /* data for STR_ADD_CA */
229 struct {
230 char *name;
231 char *cacert;
232 char *crluri;
233 char *crluri2;
234 char *ocspuri;
235 char *ocspuri2;
236 } add_ca;
237
238 /* data for STR_LOGLEVEL */
239 struct {
240 char *type;
241 int level;
242 } loglevel;
243
244 /* data for STR_CONFIG */
245 struct {
246 int cachecrl;
247 } config;
248
249 /* data for STR_LIST */
250 struct {
251 list_flag_t flags;
252 int utc;
253 } list;
254
255 /* data for STR_REREAD */
256 struct {
257 reread_flag_t flags;
258 } reread;
259
260 /* data for STR_PURGE */
261 struct {
262 purge_flag_t flags;
263 } purge;
264 };
265 char buffer[STROKE_BUF_LEN];
266 };
267
268 #endif /* STROKE_MSG_H_ */