Project

General

Profile

SQLite HOWTO » History » Version 18

Version 17 (Andreas Steffen, 11.02.2011 20:15) → Version 18/28 (Andreas Steffen, 11.02.2011 20:26)

h1. SQLite HOWTO

SQLite tables defined in source:testing/hosts/default/etc/ipsec.d/tables.sql

h2. TABLE identities

*type* defined in source:src/libstrongswan/utils/identification.h#L58

| 0|ID_ANY |matches any id |rightid=%any |
| 1|ID_IPV4_ADDR |IPv4 address |rightid=192.168.0.1 |
| 2|ID_FQDN |fully qualified domain name |rightid=@moon.strongswan.org |
| 3|ID_RFC822_ADDR |RFC822 email address |rightid=carol@strongswan.org |
| 5|ID_IPV6_ADDR |IPv6 address |rightid=fec0::1 |
| 9|ID_DER_ASN1_DN |ASN.1 distinguished name |rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" |
| 11|ID_KEY_ID |opaque octet string |rightid=@#e5e410876c2ac4bead854942a6de7658303a9fc1 |

*ID_ANY*: scripts/id2sql "%any"

<pre>
INSERT INTO identities (
type, data
) VALUES (
0, X_
);
</pre>

*ID_IPV4_ADDR*: scripts/id2sql "192.168.0.1"

<pre>
INSERT INTO identities (
type, data
) VALUES (
1, X'c0a80001'
);
</pre>

*ID_FQDN*: scripts/id2sql "@moon.strongswan.org"

<pre>
INSERT INTO identities (
type, data
) VALUES (
2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
);
</pre>

*ID_RFC822_ADDR*: scripts/id2sql "carol@strongswan.org"

<pre>
INSERT INTO identities (
type, data
) VALUES (
3, X'6361726f6c407374726f6e677377616e2e6f7267'
);
</pre>

*ID_IPV6_ADDR*: scripts/id2sql "fec0::1"

<pre>
INSERT INTO identities (
type, data
) VALUES (
5, X'fec00000000000000000000000000001'
);
</pre>

*ID_DER_ASN1_DN*: scripts/id2sql "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

<pre>
INSERT INTO identities (
type, data
) VALUES (
9, X'3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f7267'
);
</pre>

*ID_KEY_ID*: scripts/id2sql "@#e5:e4:10:87:6c:2a:c4:be:ad:85:49:42:a6:de:76:58:30:3a:9f:c1"

<pre>
INSERT INTO identities (
type, data
) VALUES (
11, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
);
</pre>

*ID_PUBKEY_INFO_SHA1*: scripts/key2keyid < moonKey.der

<pre>
INSERT INTO identities (
type, data
) VALUES (
11, X'd70dbd46d5133519064f12f100525ead0802ca95'
);
</pre>

*ID_PUBKEY_SHA1*: scripts/key2keyid < moonKey.der

<pre>
INSERT INTO identities (
type, data
) VALUES (
11, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
);
</pre>

h2. TABLE private_keys

*type* defined in source:src/libstrongswan/credentials/keys/public_key.h#L35

|1 |KEY_RSA |RSA key in PKCS!#1 format |
|2 |KEY_ECDSA |ECDSA key in ANSI X9.62 format |

h2. TABLE certificates

*type* defined in source:src/libstrongswan/credentials/certificates/certificate.h#L35

|1 |CERT_X509 |X.509 certificate |
|2 |CERT_X509_CRL |X.509 certificate revocation list |
|5 |CERT_X509_AC |X.509 attribute certificate |
|6 |CERT_TRUSTED_PUBKEY |trusted public key |

h2. TABLE shared_secrets

*type* defined in source:src/libstrongswan/credentials/keys/shared_key.h#L33

|1 |SHARED_IKE |: PSK <secret> |
|2 |SHARED_EAP |: EAP <secret> |
|3 |SHARED_PRIVATE_KEY_PASS |: RSA <keyfile> <secret> |
|4 |SHARED_PIN |: PIN <secret> |

h2. TABLE peer_configs

*auth_method* defined in source:src/libcharon/config/peer_cfg.h#L87

|1 |CONF_AUTH_PUBKEY |authentication using public key |authby=rsasig, authby=ecdsasig |
|2 |CONF_AUTH_PSK |authentication using pre-shared secret |authby=psk |
|3 |CONF_AUTH_EAP |authentication using EAP |authby=eap |

*eap_type* defined in source:src/libstrongswan/eap/eap.h#L51 source:src/libcharon/sa/authenticators/eap/eap_method.h#L48

| 4 |EAP_MD5 |
| 6 |EAP_GTC |
| 13 |EAP_TLS |
| 18
|18 |EAP_SIM |
| 21 |EAP_TTLS |
| 23
|23 |EAP_AKA |
| 26 |EAP_MSCHAPV2 |
| 38 |EAP_TNC |
|253 |EAP_RADIUS
|

h2. TABLE child_configs

*start_action*, *dpd_action*, and *close_action* defined in source:src/libcharon/config/child_cfg.h#L34

|0 |ACTION_NONE | no action or clear |
|1 |ACTION_ROUTE | install or retain an ipsec policy |
|2 |ACTION_RESTART | start or restart a CHILD_SA |

h2. TABLE traffic_selectors

*type* defined in source:src/libstrongswan/selectors/traffic_selector.h#L35

|7 |TS_IPV4_ADDR_RANGE |
|8 |TS_IPV6_ADDR_RANGE |