0b303c5bfcb709b29246eb57ee1c1c720d4afe83
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
15 */
16
17 #ifndef _IPSEC_CONFREAD_H_
18 #define _IPSEC_CONFREAD_H_
19
20 #ifndef _FREESWAN_H
21 #include <freeswan.h>
22 #include "../pluto/constants.h"
23 #endif
24
25 #include "parser.h"
26 #include "interfaces.h"
27
28 typedef enum {
29 STARTUP_NO,
30 STARTUP_ADD,
31 STARTUP_ROUTE,
32 STARTUP_START
33 } startup_t;
34
35 typedef enum {
36 STATE_IGNORE,
37 STATE_TO_ADD,
38 STATE_ADDED,
39 STATE_REPLACED,
40 STATE_INVALID
41 } starter_state_t;
42
43 typedef enum {
44 KEY_EXCHANGE_IKE,
45 KEY_EXCHANGE_IKEV1,
46 KEY_EXCHANGE_IKEV2
47 } keyexchange_t;
48
49 typedef struct starter_end starter_end_t;
50
51 struct starter_end {
52 lset_t seen;
53 char *id;
54 char *rsakey;
55 char *cert;
56 char *ca;
57 char *groups;
58 char *iface;
59 ip_address addr;
60 ip_address nexthop;
61 ip_address srcip;
62 ip_subnet subnet;
63 bool has_client;
64 bool has_client_wildcard;
65 bool has_port_wildcard;
66 bool has_srcip;
67 bool has_natip;
68 bool modecfg;
69 certpolicy_t sendcert;
70 bool firewall;
71 bool hostaccess;
72 char *updown;
73 u_int16_t port;
74 u_int8_t protocol;
75 char *virt;
76 };
77
78 typedef struct also also_t;
79
80 struct also {
81 char *name;
82 bool included;
83 also_t *next;
84 };
85
86 typedef struct starter_conn starter_conn_t;
87
88 struct starter_conn {
89 lset_t seen;
90 char *name;
91 also_t *also;
92 kw_list_t *kw;
93 u_int visit;
94 startup_t startup;
95 starter_state_t state;
96
97 keyexchange_t keyexchange;
98 int eap;
99 lset_t policy;
100 time_t sa_ike_life_seconds;
101 time_t sa_ipsec_life_seconds;
102 time_t sa_rekey_margin;
103 unsigned long sa_keying_tries;
104 unsigned long sa_rekey_fuzz;
105 sa_family_t addr_family;
106 sa_family_t tunnel_addr_family;
107
108 starter_end_t left, right;
109
110 unsigned long id;
111
112 char *esp;
113 char *ike;
114 char *pfsgroup;
115
116 time_t dpd_delay;
117 time_t dpd_timeout;
118 dpd_action_t dpd_action;
119 int dpd_count;
120
121 starter_conn_t *next;
122 };
123
124 typedef struct starter_ca starter_ca_t;
125
126 struct starter_ca {
127 lset_t seen;
128 char *name;
129 also_t *also;
130 kw_list_t *kw;
131 u_int visit;
132 startup_t startup;
133 starter_state_t state;
134
135 char *cacert;
136 char *ldaphost;
137 char *ldapbase;
138 char *crluri;
139 char *crluri2;
140 char *ocspuri;
141
142 bool strict;
143
144 starter_ca_t *next;
145 };
146
147 typedef struct starter_config starter_config_t;
148
149 struct starter_config {
150 struct {
151 lset_t seen;
152 char **interfaces;
153 char *dumpdir;
154 bool charonstart;
155 bool plutostart;
156
157 /* pluto/charon keywords */
158 char **plutodebug;
159 char *charondebug;
160 char *prepluto;
161 char *postpluto;
162 bool uniqueids;
163 u_int overridemtu;
164 u_int crlcheckinterval;
165 bool cachecrls;
166 bool strictcrlpolicy;
167 bool nocrsend;
168 bool nat_traversal;
169 u_int keep_alive;
170 char *virtual_private;
171 char *eapdir;
172 char *pkcs11module;
173 bool pkcs11keepstate;
174 bool pkcs11proxy;
175
176 /* KLIPS keywords */
177 char **klipsdebug;
178 bool fragicmp;
179 char *packetdefault;
180 bool hidetos;
181 } setup;
182
183 /* information about the default route */
184 defaultroute_t defaultroute;
185
186 /* number of encountered parsing errors */
187 u_int err;
188
189 /* do we parse also statements */
190 bool parse_also;
191
192 /* ca %default */
193 starter_ca_t ca_default;
194
195 /* connections list (without %default) */
196 starter_ca_t *ca_first, *ca_last;
197
198 /* conn %default */
199 starter_conn_t conn_default;
200
201 /* connections list (without %default) */
202 starter_conn_t *conn_first, *conn_last;
203 };
204
205 extern starter_config_t *confread_load(const char *file);
206 extern void confread_free(starter_config_t *cfg);
207
208 #endif /* _IPSEC_CONFREAD_H_ */
209