11ca29d86798d16959b318e1b9c68b3067c41800
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2007 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 * Copyright (C) 2001-2002 Mathieu Lafon
5 * Arkoon Network Security
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * RCSID $Id$
18 */
19
20 #ifndef _IPSEC_CONFREAD_H_
21 #define _IPSEC_CONFREAD_H_
22
23 #ifndef _FREESWAN_H
24 #include <freeswan.h>
25 #include "../pluto/constants.h"
26 #endif
27
28 #include "parser.h"
29 #include "interfaces.h"
30
31 typedef enum {
32 STARTUP_NO,
33 STARTUP_ADD,
34 STARTUP_ROUTE,
35 STARTUP_START
36 } startup_t;
37
38 typedef enum {
39 STATE_IGNORE,
40 STATE_TO_ADD,
41 STATE_ADDED,
42 STATE_REPLACED,
43 STATE_INVALID
44 } starter_state_t;
45
46 typedef enum {
47 KEY_EXCHANGE_IKE,
48 KEY_EXCHANGE_IKEV1,
49 KEY_EXCHANGE_IKEV2
50 } keyexchange_t;
51
52 typedef enum {
53 STRICT_NO,
54 STRICT_YES,
55 STRICT_IFURI
56 } strict_t;
57
58 typedef struct starter_end starter_end_t;
59
60 struct starter_end {
61 lset_t seen;
62 char *id;
63 char *rsakey;
64 char *cert;
65 char *ca;
66 char *groups;
67 char *iface;
68 ip_address addr;
69 ip_address nexthop;
70 ip_address srcip;
71 ip_subnet subnet;
72 bool has_client;
73 bool has_client_wildcard;
74 bool has_port_wildcard;
75 bool has_srcip;
76 bool has_natip;
77 bool modecfg;
78 certpolicy_t sendcert;
79 bool firewall;
80 bool hostaccess;
81 bool allow_any;
82 bool dns_failed;
83 char *updown;
84 u_int16_t port;
85 u_int8_t protocol;
86 char *virt;
87 };
88
89 typedef struct also also_t;
90
91 struct also {
92 char *name;
93 bool included;
94 also_t *next;
95 };
96
97 typedef struct starter_conn starter_conn_t;
98
99 struct starter_conn {
100 lset_t seen;
101 char *name;
102 also_t *also;
103 kw_list_t *kw;
104 u_int visit;
105 startup_t startup;
106 starter_state_t state;
107
108 keyexchange_t keyexchange;
109 int eap;
110 lset_t policy;
111 time_t sa_ike_life_seconds;
112 time_t sa_ipsec_life_seconds;
113 time_t sa_rekey_margin;
114 unsigned long sa_keying_tries;
115 unsigned long sa_rekey_fuzz;
116 sa_family_t addr_family;
117 sa_family_t tunnel_addr_family;
118
119 starter_end_t left, right;
120
121 unsigned long id;
122
123 char *esp;
124 char *ike;
125 char *pfsgroup;
126
127 time_t dpd_delay;
128 time_t dpd_timeout;
129 dpd_action_t dpd_action;
130 int dpd_count;
131
132 bool p2p_mediation;
133 char *p2p_mediated_by;
134 char *p2p_peerid;
135
136 starter_conn_t *next;
137 };
138
139 typedef struct starter_ca starter_ca_t;
140
141 struct starter_ca {
142 lset_t seen;
143 char *name;
144 also_t *also;
145 kw_list_t *kw;
146 u_int visit;
147 startup_t startup;
148 starter_state_t state;
149
150 char *cacert;
151 char *ldaphost;
152 char *ldapbase;
153 char *crluri;
154 char *crluri2;
155 char *ocspuri;
156 char *ocspuri2;
157
158 bool strict;
159
160 starter_ca_t *next;
161 };
162
163 typedef struct starter_config starter_config_t;
164
165 struct starter_config {
166 struct {
167 lset_t seen;
168 char **interfaces;
169 char *dumpdir;
170 bool charonstart;
171 bool plutostart;
172
173 /* pluto/charon keywords */
174 char **plutodebug;
175 char *charondebug;
176 char *prepluto;
177 char *postpluto;
178 bool uniqueids;
179 u_int overridemtu;
180 u_int crlcheckinterval;
181 bool cachecrls;
182 strict_t strictcrlpolicy;
183 bool nocrsend;
184 bool nat_traversal;
185 u_int keep_alive;
186 char *virtual_private;
187 char *eapdir;
188 char *pkcs11module;
189 char *pkcs11initargs;
190 bool pkcs11keepstate;
191 bool pkcs11proxy;
192
193 /* KLIPS keywords */
194 char **klipsdebug;
195 bool fragicmp;
196 char *packetdefault;
197 bool hidetos;
198 } setup;
199
200 /* information about the default route */
201 defaultroute_t defaultroute;
202
203 /* number of encountered parsing errors */
204 u_int err;
205 u_int non_fatal_err;
206
207 /* do we parse also statements */
208 bool parse_also;
209
210 /* ca %default */
211 starter_ca_t ca_default;
212
213 /* connections list (without %default) */
214 starter_ca_t *ca_first, *ca_last;
215
216 /* conn %default */
217 starter_conn_t conn_default;
218
219 /* connections list (without %default) */
220 starter_conn_t *conn_first, *conn_last;
221 };
222
223 extern starter_config_t *confread_load(const char *file);
224 extern void confread_free(starter_config_t *cfg);
225
226 #endif /* _IPSEC_CONFREAD_H_ */
227