An XML based management protocol for strongSwan (SMP) » History » Version 2

« Previous - Version 2/10 (diff) - Next » - Current version
Martin Willi, 05.07.2007 11:06

= An XML based management protocol for strongSwan (SMP) =

We are developing a flexible configuration interface based non XML. It is based on a the diploma thesis of Andreas Eigenmann and Joël Stillhart. The protocol is called SMP. It needs some changes, as the hole configuration management of the daemon has changed in the meantime.

The currently implemented communication interface to [wiki:charon] is called stroke. It's a simple protocol with it's own binary format. Only the input format is specified, output is redirected to the console.

While this protocol is usable for console applications (ipsec/starter), we need a better protocol to get feedback for an operation, query the status of the daemon, ...

Requirements * Querying * IKE_SA list * Daemon status * ... * Control * initiate connection * terminate connection * ... * Get notifications * client connected * client connect attempt failed * ... Protocol
To get an universal usable and easy to implement protocol, SMP is based on a XML. There are five different kind of messages: * [wiki:SMPQueryRequest QueryRequest]: Request to query information from the daemon * [wiki:SMPQueryResponse QueryResponse]: The response from the daemon to a !QueryResponse * [wiki:SMPControlRequest ControlRequest]: Request to control the daemon * [wiki:SMPControlResponse ControlResponse]: Response to a !ControlRequest * [wiki:SMPNotification Notification]: Daemon raised notification Security
We do not implement any security (encryption/authentication) in the first iteration. We will operate on a Unix socket, we enforce security with file permissions.

Further development iterations will support for remote administration (over TCP), and then we need authentication, encryption and integrity checks.