Hi Vadim, > I'd like to implement the equivalent of commands "strongswan up > <connectionname>" and "strongswan down <connectionname>" using SMP > plugin.
The "smp" plugin was an early attempt for a generic XML based management interface. However, it is incomplete and didn't get much love since its initial inception, I don't recommend to use it in new applications. Instead, we recently introduced the vici interface [1], which is much more complete and gives you more flexibility. It uses its own binary protocol, but it is rather simple and comes with a C client library. The swanctl tool [2] uses this protocol, and is a mostly complete backend to configure, control and monitor the IKE daemon. It probably serves as a good starting point for implementing your own client in C. > It works fine, but I'm still not sure is that the complete equivalent? For initiation, you usually just reference the CHILD_SA. The associated IKE_SA gets automatically established. To close a IKE_SA/CHILD_SA pair, you can usually just terminate the IKE_SA, as that implicitly closes all associated CHILD_SAs. > 1) What happens to strongSwan server if my program would be terminated > unexpectedly > before sending the second message? Only the first message gets processed. But as said, to initiate a CHILD_SA/IKE_SA pair, you usually need just one command. > 2) Are these SMP messages synchronous? Do they guarantee that the > current action (IKE/child initiation or termination) is complete (with > or without error)? Yes, this is true for both SMP and vici. With vici you can use multiple connections/threads for concurrent or asynchronous commands. The initiate command can detach after a timeout. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/Vici [2]https://wiki.strongswan.org/projects/strongswan/wiki/Swanctl _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
