projects / strongswan.git / blob
? search:


25f37e6330793aa07428f9564d3f83dace7f9e77
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
18
19 #ifndef _FREESWAN_H
20 #include <freeswan.h>
21 #endif
22
23 #include "ipsec-parser.h"
24 #include "interfaces.h"
25
26 typedef enum {
27 STARTUP_NO,
28 STARTUP_ADD,
29 STARTUP_ROUTE,
30 STARTUP_START
31 } startup_t;
32
33 typedef enum {
34 STATE_IGNORE,
35 STATE_TO_ADD,
36 STATE_ADDED,
37 STATE_REPLACED,
38 STATE_INVALID
39 } starter_state_t;
40
41 typedef enum {
42 /* shared with ike_version_t */
43 KEY_EXCHANGE_IKE = 0,
44 KEY_EXCHANGE_IKEV1 = 1,
45 KEY_EXCHANGE_IKEV2 = 2,
46 } keyexchange_t;
47
48 typedef enum {
49 STRICT_NO,
50 STRICT_YES,
51 STRICT_IFURI
52 } strict_t;
53
54 typedef struct starter_end starter_end_t;
55
56 struct starter_end {
57 lset_t seen;
58 char *auth;
59 char *auth2;
60 char *id;
61 char *id2;
62 char *rsakey;
63 char *cert;
64 char *cert2;
65 char *ca;
66 char *ca2;
67 char *groups;
68 char *cert_policy;
69 char *iface;
70 char *host;
71 ip_address addr;
72 u_int ikeport;
73 ip_address nexthop;
74 char *subnet;
75 bool has_client;
76 bool has_client_wildcard;
77 bool has_port_wildcard;
78 bool has_natip;
79 bool has_virt;
80 bool modecfg;
81 certpolicy_t sendcert;
82 bool firewall;
83 bool hostaccess;
84 bool allow_any;
85 bool dns_failed;
86 char *updown;
87 u_int16_t port;
88 u_int8_t protocol;
89 char *sourceip;
90 int sourceip_mask;
91 };
92
93 typedef struct also also_t;
94
95 struct also {
96 char *name;
97 bool included;
98 also_t *next;
99 };
100
101 typedef struct starter_conn starter_conn_t;
102
103 struct starter_conn {
104 lset_t seen;
105 char *name;
106 also_t *also;
107 kw_list_t *kw;
108 u_int visit;
109 startup_t startup;
110 starter_state_t state;
111
112 keyexchange_t keyexchange;
113 u_int32_t eap_type;
114 u_int32_t eap_vendor;
115 char *eap_identity;
116 char *aaa_identity;
117 char *xauth_identity;
118 lset_t policy;
119 time_t sa_ike_life_seconds;
120 time_t sa_ipsec_life_seconds;
121 time_t sa_rekey_margin;
122 u_int64_t sa_ipsec_life_bytes;
123 u_int64_t sa_ipsec_margin_bytes;
124 u_int64_t sa_ipsec_life_packets;
125 u_int64_t sa_ipsec_margin_packets;
126 unsigned long sa_keying_tries;
127 unsigned long sa_rekey_fuzz;
128 u_int32_t reqid;
129 mark_t mark_in;
130 mark_t mark_out;
131 u_int32_t tfc;
132 sa_family_t addr_family;
133 sa_family_t tunnel_addr_family;
134 bool install_policy;
135 bool aggressive;
136 starter_end_t left, right;
137
138 unsigned long id;
139
140 char *esp;
141 char *ike;
142 char *pfsgroup;
143
144 time_t dpd_delay;
145 time_t dpd_timeout;
146 dpd_action_t dpd_action;
147 int dpd_count;
148
149 dpd_action_t close_action;
150
151 time_t inactivity;
152
153 bool me_mediation;
154 char *me_mediated_by;
155 char *me_peerid;
156
157 starter_conn_t *next;
158 };
159
160 typedef struct starter_ca starter_ca_t;
161
162 struct starter_ca {
163 lset_t seen;
164 char *name;
165 also_t *also;
166 kw_list_t *kw;
167 u_int visit;
168 startup_t startup;
169 starter_state_t state;
170
171 char *cacert;
172 char *ldaphost;
173 char *ldapbase;
174 char *crluri;
175 char *crluri2;
176 char *ocspuri;
177 char *ocspuri2;
178 char *certuribase;
179
180 bool strict;
181
182 starter_ca_t *next;
183 };
184
185 typedef struct starter_config starter_config_t;
186
187 struct starter_config {
188 struct {
189 lset_t seen;
190 char **interfaces;
191 char *dumpdir;
192 bool charonstart;
193 bool plutostart;
194
195 /* pluto/charon keywords */
196 char **plutodebug;
197 char *charondebug;
198 char *prepluto;
199 char *postpluto;
200 char *plutostderrlog;
201 bool uniqueids;
202 u_int overridemtu;
203 u_int crlcheckinterval;
204 bool cachecrls;
205 strict_t strictcrlpolicy;
206 bool nocrsend;
207 bool nat_traversal;
208 u_int keep_alive;
209 u_int force_keepalive;
210 char *virtual_private;
211 char *pkcs11module;
212 char *pkcs11initargs;
213 bool pkcs11keepstate;
214 bool pkcs11proxy;
215
216 /* KLIPS keywords */
217 char **klipsdebug;
218 bool fragicmp;
219 char *packetdefault;
220 bool hidetos;
221 } setup;
222
223 /* information about the default route */
224 defaultroute_t defaultroute;
225
226 /* number of encountered parsing errors */
227 u_int err;
228 u_int non_fatal_err;
229
230 /* do we parse also statements */
231 bool parse_also;
232
233 /* ca %default */
234 starter_ca_t ca_default;
235
236 /* connections list (without %default) */
237 starter_ca_t *ca_first, *ca_last;
238
239 /* conn %default */
240 starter_conn_t conn_default;
241
242 /* connections list (without %default) */
243 starter_conn_t *conn_first, *conn_last;
244 };
245
246 extern starter_config_t *confread_load(const char *file);
247 extern void confread_free(starter_config_t *cfg);
248
249 #endif /* _IPSEC_CONFREAD_H_ */
250
strongSwan - IPsec VPN