starter: No special handling for left|rightsubnet, just pass it on as string.
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
18
19 #include <freeswan.h>
20 #include "../pluto/constants.h"
21 #include <kernel/kernel_ipsec.h>
22
23 #include "ipsec-parser.h"
24
25 /** to mark seen keywords */
26 typedef u_int64_t seen_t;
27 #define SEEN_NONE 0;
28 #define SEEN_KW(kw, base) ((seen_t)1 << ((kw) - (base)))
29
30 typedef enum {
31 STARTUP_NO,
32 STARTUP_ADD,
33 STARTUP_ROUTE,
34 STARTUP_START
35 } startup_t;
36
37 typedef enum {
38 STATE_IGNORE,
39 STATE_TO_ADD,
40 STATE_ADDED,
41 STATE_REPLACED,
42 STATE_INVALID
43 } starter_state_t;
44
45 typedef enum {
46 /* shared with ike_version_t */
47 KEY_EXCHANGE_IKE = 0,
48 KEY_EXCHANGE_IKEV1 = 1,
49 KEY_EXCHANGE_IKEV2 = 2,
50 } keyexchange_t;
51
52 typedef enum {
53 STRICT_NO,
54 STRICT_YES,
55 STRICT_IFURI
56 } strict_t;
57
58 typedef struct starter_end starter_end_t;
59
60 struct starter_end {
61 seen_t seen;
62 char *auth;
63 char *auth2;
64 char *id;
65 char *id2;
66 char *rsakey;
67 char *cert;
68 char *cert2;
69 char *ca;
70 char *ca2;
71 char *groups;
72 char *cert_policy;
73 char *host;
74 u_int ikeport;
75 char *subnet;
76 bool has_port_wildcard;
77 bool has_natip;
78 bool modecfg;
79 certpolicy_t sendcert;
80 bool firewall;
81 bool hostaccess;
82 bool allow_any;
83 char *updown;
84 u_int16_t port;
85 u_int8_t protocol;
86 char *sourceip;
87 int sourceip_mask;
88 };
89
90 typedef struct also also_t;
91
92 struct also {
93 char *name;
94 bool included;
95 also_t *next;
96 };
97
98 typedef struct starter_conn starter_conn_t;
99
100 struct starter_conn {
101 seen_t seen;
102 char *name;
103 also_t *also;
104 kw_list_t *kw;
105 u_int visit;
106 startup_t startup;
107 starter_state_t state;
108
109 keyexchange_t keyexchange;
110 char *eap_identity;
111 char *aaa_identity;
112 char *xauth_identity;
113 char *authby;
114 ipsec_mode_t mode;
115 bool proxy_mode;
116 lset_t policy;
117 time_t sa_ike_life_seconds;
118 time_t sa_ipsec_life_seconds;
119 time_t sa_rekey_margin;
120 u_int64_t sa_ipsec_life_bytes;
121 u_int64_t sa_ipsec_margin_bytes;
122 u_int64_t sa_ipsec_life_packets;
123 u_int64_t sa_ipsec_margin_packets;
124 unsigned long sa_keying_tries;
125 unsigned long sa_rekey_fuzz;
126 u_int32_t reqid;
127 mark_t mark_in;
128 mark_t mark_out;
129 u_int32_t tfc;
130 bool install_policy;
131 bool aggressive;
132 starter_end_t left, right;
133
134 unsigned long id;
135
136 char *esp;
137 char *ike;
138
139 time_t dpd_delay;
140 time_t dpd_timeout;
141 dpd_action_t dpd_action;
142 int dpd_count;
143
144 dpd_action_t close_action;
145
146 time_t inactivity;
147
148 bool me_mediation;
149 char *me_mediated_by;
150 char *me_peerid;
151
152 starter_conn_t *next;
153 };
154
155 typedef struct starter_ca starter_ca_t;
156
157 struct starter_ca {
158 seen_t seen;
159 char *name;
160 also_t *also;
161 kw_list_t *kw;
162 u_int visit;
163 startup_t startup;
164 starter_state_t state;
165
166 char *cacert;
167 char *ldaphost;
168 char *ldapbase;
169 char *crluri;
170 char *crluri2;
171 char *ocspuri;
172 char *ocspuri2;
173 char *certuribase;
174
175 bool strict;
176
177 starter_ca_t *next;
178 };
179
180 typedef struct starter_config starter_config_t;
181
182 struct starter_config {
183 struct {
184 seen_t seen;
185 char **interfaces;
186 char *dumpdir;
187 bool charonstart;
188 bool plutostart;
189
190 /* pluto/charon keywords */
191 char **plutodebug;
192 char *charondebug;
193 char *prepluto;
194 char *postpluto;
195 char *plutostderrlog;
196 bool uniqueids;
197 u_int overridemtu;
198 time_t crlcheckinterval;
199 bool cachecrls;
200 strict_t strictcrlpolicy;
201 bool nocrsend;
202 bool nat_traversal;
203 time_t keep_alive;
204 u_int force_keepalive;
205 char *virtual_private;
206 char *pkcs11module;
207 char *pkcs11initargs;
208 bool pkcs11keepstate;
209 bool pkcs11proxy;
210
211 /* KLIPS keywords */
212 char **klipsdebug;
213 bool fragicmp;
214 char *packetdefault;
215 bool hidetos;
216 } setup;
217
218 /* number of encountered parsing errors */
219 u_int err;
220 u_int non_fatal_err;
221
222 /* do we parse also statements */
223 bool parse_also;
224
225 /* ca %default */
226 starter_ca_t ca_default;
227
228 /* connections list (without %default) */
229 starter_ca_t *ca_first, *ca_last;
230
231 /* conn %default */
232 starter_conn_t conn_default;
233
234 /* connections list (without %default) */
235 starter_conn_t *conn_first, *conn_last;
236 };
237
238 extern starter_config_t *confread_load(const char *file);
239 extern void confread_free(starter_config_t *cfg);
240
241 #endif /* _IPSEC_CONFREAD_H_ */
242