added a "purgeike" command to stroke, deleting all IKE_SAs without a CHILD_SA
[strongswan.git] / src / stroke / stroke_msg.h
1 /**
2 * @file stroke_msg.h
3 *
4 * @brief Definition of stroke_msg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef STROKE_MSG_H_
24 #define STROKE_MSG_H_
25
26 #include <sys/types.h>
27
28 /**
29 * Socket which is used to communicate between charon and stroke
30 */
31 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
32
33 #define STROKE_BUF_LEN 2048
34
35 typedef enum list_flag_t list_flag_t;
36
37 /**
38 * Definition of the LIST flags, used for
39 * the various stroke list* commands.
40 */
41 enum list_flag_t {
42 /** don't list anything */
43 LIST_NONE = 0x0000,
44 /** list all raw public keys */
45 LIST_PUBKEYS = 0x0001,
46 /** list all host/user certs */
47 LIST_CERTS = 0x0002,
48 /** list all ca certs */
49 LIST_CACERTS = 0x0004,
50 /** list all ocsp signer certs */
51 LIST_OCSPCERTS = 0x0008,
52 /** list all aa certs */
53 LIST_AACERTS = 0x0010,
54 /** list all attribute certs */
55 LIST_ACERTS = 0x0020,
56 /** list all access control groups */
57 LIST_GROUPS = 0x0040,
58 /** list all ca information records */
59 LIST_CAINFOS = 0x0080,
60 /** list all crls */
61 LIST_CRLS = 0x0100,
62 /** list all ocsp cache entries */
63 LIST_OCSP = 0x0200,
64 /** list all supported algorithms */
65 LIST_ALGS = 0x0400,
66 /** all list options */
67 LIST_ALL = 0x07FF,
68 };
69
70 typedef enum reread_flag_t reread_flag_t;
71
72 /**
73 * Definition of the REREAD flags, used for
74 * the various stroke reread* commands.
75 */
76 enum reread_flag_t {
77 /** don't reread anything */
78 REREAD_NONE = 0x0000,
79 /** reread all secret keys */
80 REREAD_SECRETS = 0x0001,
81 /** reread all ca certs */
82 REREAD_CACERTS = 0x0002,
83 /** reread all ocsp signer certs */
84 REREAD_OCSPCERTS = 0x0004,
85 /** reread all aa certs */
86 REREAD_AACERTS = 0x0008,
87 /** reread all attribute certs */
88 REREAD_ACERTS = 0x0010,
89 /** reread all crls */
90 REREAD_CRLS = 0x0020,
91 /** all reread options */
92 REREAD_ALL = 0x003F,
93 };
94
95 typedef enum purge_flag_t purge_flag_t;
96
97 /**
98 * Definition of the PURGE flags, currently used for
99 * the stroke purgeocsp command.
100 */
101 enum purge_flag_t {
102 /** don't purge anything */
103 PURGE_NONE = 0x0000,
104 /** purge ocsp cache entries */
105 PURGE_OCSP = 0x0001,
106 /** purge IKE_SAs without a CHILD_SA */
107 PURGE_IKE = 0x0002,
108 };
109
110 /**
111 * CRL certificate validation policy
112 */
113 typedef enum {
114 CRL_STRICT_NO,
115 CRL_STRICT_YES,
116 CRL_STRICT_IFURI,
117 } crl_policy_t;
118
119
120 typedef struct stroke_end_t stroke_end_t;
121
122 /**
123 * definition of a peer in a stroke message
124 */
125 struct stroke_end_t {
126 char *auth;
127 char *auth2;
128 char *id;
129 char *id2;
130 char *eap_id;
131 char *cert;
132 char *cert2;
133 char *ca;
134 char *ca2;
135 char *groups;
136 char *updown;
137 char *address;
138 char *sourceip;
139 int sourceip_size;
140 char *subnets;
141 int sendcert;
142 int hostaccess;
143 int tohost;
144 u_int8_t protocol;
145 u_int16_t port;
146 };
147
148 typedef struct stroke_msg_t stroke_msg_t;
149
150 /**
151 * @brief A stroke message sent over the unix socket.
152 */
153 struct stroke_msg_t {
154 /* length of this message with all strings */
155 u_int16_t length;
156
157 /* type of the message */
158 enum {
159 /* initiate a connection */
160 STR_INITIATE,
161 /* install SPD entries for a policy */
162 STR_ROUTE,
163 /* uninstall SPD entries for a policy */
164 STR_UNROUTE,
165 /* add a connection */
166 STR_ADD_CONN,
167 /* delete a connection */
168 STR_DEL_CONN,
169 /* terminate connection */
170 STR_TERMINATE,
171 /* terminate connection by peers srcip/virtual ip */
172 STR_TERMINATE_SRCIP,
173 /* show connection status */
174 STR_STATUS,
175 /* show verbose connection status */
176 STR_STATUS_ALL,
177 /* add a ca information record */
178 STR_ADD_CA,
179 /* delete ca information record */
180 STR_DEL_CA,
181 /* set a log type to log/not log */
182 STR_LOGLEVEL,
183 /* configure global options for stroke */
184 STR_CONFIG,
185 /* list various objects */
186 STR_LIST,
187 /* reread various objects */
188 STR_REREAD,
189 /* purge various objects */
190 STR_PURGE,
191 /* show pool leases */
192 STR_LEASES,
193 /* more to come */
194 } type;
195
196 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
197 int output_verbosity;
198
199 union {
200 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
201 struct {
202 char *name;
203 } initiate, route, unroute, terminate, status, del_conn, del_ca;
204
205 /* data for STR_TERMINATE_SRCIP */
206 struct {
207 char *start;
208 char *end;
209 } terminate_srcip;
210
211 /* data for STR_ADD_CONN */
212 struct {
213 char *name;
214 int ikev2;
215 /* next three are deprecated, use stroke_end_t.auth instead */
216 int auth_method;
217 u_int32_t eap_type;
218 u_int32_t eap_vendor;
219 char *eap_identity;
220 int mode;
221 int mobike;
222 int force_encap;
223 int ipcomp;
224 int proxy_mode;
225 int install_policy;
226
227 crl_policy_t crl_policy;
228 int unique;
229 struct {
230 char *ike;
231 char *esp;
232 } algorithms;
233 struct {
234 int reauth;
235 time_t ipsec_lifetime;
236 time_t ike_lifetime;
237 time_t margin;
238 unsigned long tries;
239 unsigned long fuzz;
240 } rekey;
241 struct {
242 time_t delay;
243 int action;
244 } dpd;
245 struct {
246 int mediation;
247 char *mediated_by;
248 char *peerid;
249 } ikeme;
250 stroke_end_t me, other;
251 } add_conn;
252
253 /* data for STR_ADD_CA */
254 struct {
255 char *name;
256 char *cacert;
257 char *crluri;
258 char *crluri2;
259 char *ocspuri;
260 char *ocspuri2;
261 char *certuribase;
262 } add_ca;
263
264 /* data for STR_LOGLEVEL */
265 struct {
266 char *type;
267 int level;
268 } loglevel;
269
270 /* data for STR_CONFIG */
271 struct {
272 int cachecrl;
273 } config;
274
275 /* data for STR_LIST */
276 struct {
277 list_flag_t flags;
278 int utc;
279 } list;
280
281 /* data for STR_REREAD */
282 struct {
283 reread_flag_t flags;
284 } reread;
285
286 /* data for STR_PURGE */
287 struct {
288 purge_flag_t flags;
289 } purge;
290
291 /* data for STR_LEASES */
292 struct {
293 char *pool;
294 char *address;
295 } leases;
296 };
297 char buffer[STROKE_BUF_LEN];
298 };
299
300 #endif /* STROKE_MSG_H_ */