Don't attach to actual Java threads (or already attached ones)
[strongswan.git] / src / stroke / stroke_msg.h
1 /**
2 * @file stroke_msg.h
3 *
4 * @brief Definition of stroke_msg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef STROKE_MSG_H_
24 #define STROKE_MSG_H_
25
26 #include <sys/types.h>
27
28 #include <library.h>
29
30 /**
31 * Socket which is used to communicate between charon and stroke
32 */
33 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
34
35 #define STROKE_BUF_LEN 2048
36
37 typedef enum list_flag_t list_flag_t;
38
39 /**
40 * Definition of the LIST flags, used for
41 * the various stroke list* commands.
42 */
43 enum list_flag_t {
44 /** don't list anything */
45 LIST_NONE = 0x0000,
46 /** list all raw public keys */
47 LIST_PUBKEYS = 0x0001,
48 /** list all host/user certs */
49 LIST_CERTS = 0x0002,
50 /** list all ca certs */
51 LIST_CACERTS = 0x0004,
52 /** list all ocsp signer certs */
53 LIST_OCSPCERTS = 0x0008,
54 /** list all aa certs */
55 LIST_AACERTS = 0x0010,
56 /** list all attribute certs */
57 LIST_ACERTS = 0x0020,
58 /** list all access control groups */
59 LIST_GROUPS = 0x0040,
60 /** list all ca information records */
61 LIST_CAINFOS = 0x0080,
62 /** list all crls */
63 LIST_CRLS = 0x0100,
64 /** list all ocsp cache entries */
65 LIST_OCSP = 0x0200,
66 /** list all supported algorithms */
67 LIST_ALGS = 0x0400,
68 /** list plugin information */
69 LIST_PLUGINS = 0x0800,
70 /** all list options */
71 LIST_ALL = 0x0FFF,
72 };
73
74 typedef enum reread_flag_t reread_flag_t;
75
76 /**
77 * Definition of the REREAD flags, used for
78 * the various stroke reread* commands.
79 */
80 enum reread_flag_t {
81 /** don't reread anything */
82 REREAD_NONE = 0x0000,
83 /** reread all secret keys */
84 REREAD_SECRETS = 0x0001,
85 /** reread all ca certs */
86 REREAD_CACERTS = 0x0002,
87 /** reread all ocsp signer certs */
88 REREAD_OCSPCERTS = 0x0004,
89 /** reread all aa certs */
90 REREAD_AACERTS = 0x0008,
91 /** reread all attribute certs */
92 REREAD_ACERTS = 0x0010,
93 /** reread all crls */
94 REREAD_CRLS = 0x0020,
95 /** all reread options */
96 REREAD_ALL = 0x003F,
97 };
98
99 typedef enum purge_flag_t purge_flag_t;
100
101 /**
102 * Definition of the PURGE flags, currently used for
103 * the stroke purgeocsp command.
104 */
105 enum purge_flag_t {
106 /** don't purge anything */
107 PURGE_NONE = 0x0000,
108 /** purge ocsp cache entries */
109 PURGE_OCSP = 0x0001,
110 /** purge CRL cache entries */
111 PURGE_CRLS = 0x0002,
112 /** purge X509 cache entries */
113 PURGE_CERTS = 0x0004,
114 /** purge IKE_SAs without a CHILD_SA */
115 PURGE_IKE = 0x0008,
116 };
117
118 typedef enum export_flag_t export_flag_t;
119
120 /**
121 * Definition of the export flags
122 */
123 enum export_flag_t {
124 /** export an X509 certificate */
125 EXPORT_X509 = 0x0001,
126 };
127
128 /**
129 * CRL certificate validation policy
130 */
131 typedef enum {
132 CRL_STRICT_NO,
133 CRL_STRICT_YES,
134 CRL_STRICT_IFURI,
135 } crl_policy_t;
136
137
138 typedef struct stroke_end_t stroke_end_t;
139
140 /**
141 * definition of a peer in a stroke message
142 */
143 struct stroke_end_t {
144 char *auth;
145 char *auth2;
146 char *id;
147 char *id2;
148 char *eap_id;
149 char *rsakey;
150 char *cert;
151 char *cert2;
152 char *ca;
153 char *ca2;
154 char *groups;
155 char *groups2;
156 char *cert_policy;
157 char *updown;
158 char *address;
159 u_int16_t ikeport;
160 char *sourceip;
161 int sourceip_mask;
162 char *subnets;
163 int sendcert;
164 int hostaccess;
165 int tohost;
166 int allow_any;
167 u_int8_t protocol;
168 u_int16_t port;
169 };
170
171 typedef struct stroke_msg_t stroke_msg_t;
172
173 /**
174 * @brief A stroke message sent over the unix socket.
175 */
176 struct stroke_msg_t {
177 /* length of this message with all strings */
178 u_int16_t length;
179
180 /* type of the message */
181 enum {
182 /* initiate a connection */
183 STR_INITIATE,
184 /* install SPD entries for a policy */
185 STR_ROUTE,
186 /* uninstall SPD entries for a policy */
187 STR_UNROUTE,
188 /* add a connection */
189 STR_ADD_CONN,
190 /* delete a connection */
191 STR_DEL_CONN,
192 /* terminate connection */
193 STR_TERMINATE,
194 /* terminate connection by peers srcip/virtual ip */
195 STR_TERMINATE_SRCIP,
196 /* rekey a connection */
197 STR_REKEY,
198 /* show connection status */
199 STR_STATUS,
200 /* show verbose connection status */
201 STR_STATUS_ALL,
202 /* show verbose connection status, non-blocking variant */
203 STR_STATUS_ALL_NOBLK,
204 /* add a ca information record */
205 STR_ADD_CA,
206 /* delete ca information record */
207 STR_DEL_CA,
208 /* set a log type to log/not log */
209 STR_LOGLEVEL,
210 /* configure global options for stroke */
211 STR_CONFIG,
212 /* list various objects */
213 STR_LIST,
214 /* reread various objects */
215 STR_REREAD,
216 /* purge various objects */
217 STR_PURGE,
218 /* show pool leases */
219 STR_LEASES,
220 /* export credentials */
221 STR_EXPORT,
222 /* print memory usage details */
223 STR_MEMUSAGE,
224 /* set username and password for a connection */
225 STR_USER_CREDS,
226 /* more to come */
227 } type;
228
229 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
230 int output_verbosity;
231
232 union {
233 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
234 struct {
235 char *name;
236 } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
237
238 /* data for STR_TERMINATE_SRCIP */
239 struct {
240 char *start;
241 char *end;
242 } terminate_srcip;
243
244 /* data for STR_ADD_CONN */
245 struct {
246 char *name;
247 int version;
248 char *eap_identity;
249 char *aaa_identity;
250 char *xauth_identity;
251 int mode;
252 int mobike;
253 int aggressive;
254 int force_encap;
255 int ipcomp;
256 time_t inactivity;
257 int proxy_mode;
258 int install_policy;
259 int close_action;
260 u_int32_t reqid;
261 u_int32_t tfc;
262
263 crl_policy_t crl_policy;
264 int unique;
265 struct {
266 char *ike;
267 char *esp;
268 } algorithms;
269 struct {
270 int reauth;
271 time_t ipsec_lifetime;
272 time_t ike_lifetime;
273 time_t margin;
274 u_int64_t life_bytes;
275 u_int64_t margin_bytes;
276 u_int64_t life_packets;
277 u_int64_t margin_packets;
278 unsigned long tries;
279 unsigned long fuzz;
280 } rekey;
281 struct {
282 time_t delay;
283 time_t timeout;
284 int action;
285 } dpd;
286 struct {
287 int mediation;
288 char *mediated_by;
289 char *peerid;
290 } ikeme;
291 struct {
292 u_int32_t value;
293 u_int32_t mask;
294 } mark_in, mark_out;
295 stroke_end_t me, other;
296 } add_conn;
297
298 /* data for STR_ADD_CA */
299 struct {
300 char *name;
301 char *cacert;
302 char *crluri;
303 char *crluri2;
304 char *ocspuri;
305 char *ocspuri2;
306 char *certuribase;
307 } add_ca;
308
309 /* data for STR_LOGLEVEL */
310 struct {
311 char *type;
312 int level;
313 } loglevel;
314
315 /* data for STR_CONFIG */
316 struct {
317 int cachecrl;
318 } config;
319
320 /* data for STR_LIST */
321 struct {
322 list_flag_t flags;
323 int utc;
324 } list;
325
326 /* data for STR_REREAD */
327 struct {
328 reread_flag_t flags;
329 } reread;
330
331 /* data for STR_PURGE */
332 struct {
333 purge_flag_t flags;
334 } purge;
335
336 /* data for STR_EXPORT */
337 struct {
338 export_flag_t flags;
339 char *selector;
340 } export;
341
342 /* data for STR_LEASES */
343 struct {
344 char *pool;
345 char *address;
346 } leases;
347
348 /* data for STR_USER_CREDS */
349 struct {
350 char *name;
351 char *username;
352 char *password;
353 } user_creds;
354 };
355 char buffer[STROKE_BUF_LEN];
356 };
357
358 #endif /* STROKE_MSG_H_ */