Project

General

Profile

An XML based management protocol for strongSwan (SMP) » History » Version 2

Martin Willi, 05.07.2007 11:06

1 1 Martin Willi
= An XML based management protocol for strongSwan (SMP) =
2 1 Martin Willi
3 2 Martin Willi
We are developing a flexible configuration interface based non XML. It is based on a the diploma thesis of Andreas Eigenmann and Joël Stillhart. The protocol is called SMP. It needs some changes, as the hole configuration management of the daemon has changed in the meantime.
4 2 Martin Willi
5 1 Martin Willi
== Overview ==
6 1 Martin Willi
The currently implemented communication interface to [wiki:charon] is called stroke. It's a simple protocol with it's own binary format. Only the input format is specified, output is redirected to the console.
7 1 Martin Willi
8 1 Martin Willi
While this protocol is usable for console applications (ipsec/starter), we need a better protocol to get feedback for an operation, query the status of the daemon, ...
9 1 Martin Willi
10 1 Martin Willi
== Requirements ==
11 1 Martin Willi
  * Querying
12 1 Martin Willi
    * IKE_SA list
13 1 Martin Willi
    * Daemon status
14 1 Martin Willi
    * ...
15 1 Martin Willi
  * Control
16 1 Martin Willi
    * initiate connection
17 1 Martin Willi
    * terminate connection
18 1 Martin Willi
    * ...
19 1 Martin Willi
  * Get notifications
20 1 Martin Willi
    * client connected
21 1 Martin Willi
    * client connect attempt failed
22 1 Martin Willi
    * ...
23 1 Martin Willi
24 1 Martin Willi
== Protocol ==
25 1 Martin Willi
To get an universal usable and easy to implement protocol, SMP is based on a XML. There are five different kind of messages:
26 1 Martin Willi
  * [wiki:SMPQueryRequest QueryRequest]: Request to query information from the daemon
27 1 Martin Willi
  * [wiki:SMPQueryResponse QueryResponse]: The response from the daemon to a !QueryResponse
28 1 Martin Willi
  * [wiki:SMPControlRequest ControlRequest]: Request to control the daemon
29 1 Martin Willi
  * [wiki:SMPControlResponse ControlResponse]: Response to a !ControlRequest
30 1 Martin Willi
  * [wiki:SMPNotification Notification]: Daemon raised notification
31 2 Martin Willi
32 2 Martin Willi
== Security ==
33 2 Martin Willi
We do not implement any security (encryption/authentication) in the first iteration. We will operate on a Unix socket, we enforce security with file permissions.
34 2 Martin Willi
35 2 Martin Willi
Further development iterations will support for remote administration (over TCP), and then we need authentication, encryption and integrity checks.