5e60ba0dbfdd73c3eda63d07d074d45cc3b51e04
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
18
19 #ifndef _FREESWAN_H
20 #include <freeswan.h>
21 #endif
22
23 #include "parser.h"
24 #include "interfaces.h"
25
26 typedef enum {
27 STARTUP_NO,
28 STARTUP_ADD,
29 STARTUP_ROUTE,
30 STARTUP_START
31 } startup_t;
32
33 typedef enum {
34 STATE_IGNORE,
35 STATE_TO_ADD,
36 STATE_ADDED,
37 STATE_REPLACED,
38 STATE_INVALID
39 } starter_state_t;
40
41 typedef enum {
42 KEY_EXCHANGE_IKE,
43 KEY_EXCHANGE_IKEV1,
44 KEY_EXCHANGE_IKEV2
45 } keyexchange_t;
46
47 typedef enum {
48 STRICT_NO,
49 STRICT_YES,
50 STRICT_IFURI
51 } strict_t;
52
53 typedef struct starter_end starter_end_t;
54
55 struct starter_end {
56 lset_t seen;
57 char *auth;
58 char *auth2;
59 char *id;
60 char *id2;
61 char *rsakey;
62 char *cert;
63 char *cert2;
64 char *ca;
65 char *ca2;
66 char *groups;
67 char *cert_policy;
68 char *iface;
69 char *host;
70 ip_address addr;
71 u_int ikeport;
72 ip_address nexthop;
73 char *subnet;
74 bool has_client;
75 bool has_client_wildcard;
76 bool has_port_wildcard;
77 bool has_natip;
78 bool has_virt;
79 bool modecfg;
80 certpolicy_t sendcert;
81 bool firewall;
82 bool hostaccess;
83 bool allow_any;
84 bool dns_failed;
85 char *updown;
86 u_int16_t port;
87 u_int8_t protocol;
88 char *sourceip;
89 int sourceip_mask;
90 };
91
92 typedef struct also also_t;
93
94 struct also {
95 char *name;
96 bool included;
97 also_t *next;
98 };
99
100 typedef struct starter_conn starter_conn_t;
101
102 struct starter_conn {
103 lset_t seen;
104 char *name;
105 also_t *also;
106 kw_list_t *kw;
107 u_int visit;
108 startup_t startup;
109 starter_state_t state;
110
111 keyexchange_t keyexchange;
112 u_int32_t eap_type;
113 u_int32_t eap_vendor;
114 char *eap_identity;
115 char *aaa_identity;
116 char *xauth_identity;
117 lset_t policy;
118 time_t sa_ike_life_seconds;
119 time_t sa_ipsec_life_seconds;
120 time_t sa_rekey_margin;
121 u_int64_t sa_ipsec_life_bytes;
122 u_int64_t sa_ipsec_margin_bytes;
123 u_int64_t sa_ipsec_life_packets;
124 u_int64_t sa_ipsec_margin_packets;
125 unsigned long sa_keying_tries;
126 unsigned long sa_rekey_fuzz;
127 u_int32_t reqid;
128 mark_t mark_in;
129 mark_t mark_out;
130 u_int32_t tfc;
131 sa_family_t addr_family;
132 sa_family_t tunnel_addr_family;
133 bool install_policy;
134 starter_end_t left, right;
135
136 unsigned long id;
137
138 char *esp;
139 char *ike;
140 char *pfsgroup;
141
142 time_t dpd_delay;
143 time_t dpd_timeout;
144 dpd_action_t dpd_action;
145 int dpd_count;
146
147 dpd_action_t close_action;
148
149 time_t inactivity;
150
151 bool me_mediation;
152 char *me_mediated_by;
153 char *me_peerid;
154
155 starter_conn_t *next;
156 };
157
158 typedef struct starter_ca starter_ca_t;
159
160 struct starter_ca {
161 lset_t seen;
162 char *name;
163 also_t *also;
164 kw_list_t *kw;
165 u_int visit;
166 startup_t startup;
167 starter_state_t state;
168
169 char *cacert;
170 char *ldaphost;
171 char *ldapbase;
172 char *crluri;
173 char *crluri2;
174 char *ocspuri;
175 char *ocspuri2;
176 char *certuribase;
177
178 bool strict;
179
180 starter_ca_t *next;
181 };
182
183 typedef struct starter_config starter_config_t;
184
185 struct starter_config {
186 struct {
187 lset_t seen;
188 char **interfaces;
189 char *dumpdir;
190 bool charonstart;
191 bool plutostart;
192
193 /* pluto/charon keywords */
194 char **plutodebug;
195 char *charondebug;
196 char *prepluto;
197 char *postpluto;
198 char *plutostderrlog;
199 bool uniqueids;
200 u_int overridemtu;
201 u_int crlcheckinterval;
202 bool cachecrls;
203 strict_t strictcrlpolicy;
204 bool nocrsend;
205 bool nat_traversal;
206 u_int keep_alive;
207 u_int force_keepalive;
208 char *virtual_private;
209 char *pkcs11module;
210 char *pkcs11initargs;
211 bool pkcs11keepstate;
212 bool pkcs11proxy;
213
214 /* KLIPS keywords */
215 char **klipsdebug;
216 bool fragicmp;
217 char *packetdefault;
218 bool hidetos;
219 } setup;
220
221 /* information about the default route */
222 defaultroute_t defaultroute;
223
224 /* number of encountered parsing errors */
225 u_int err;
226 u_int non_fatal_err;
227
228 /* do we parse also statements */
229 bool parse_also;
230
231 /* ca %default */
232 starter_ca_t ca_default;
233
234 /* connections list (without %default) */
235 starter_ca_t *ca_first, *ca_last;
236
237 /* conn %default */
238 starter_conn_t conn_default;
239
240 /* connections list (without %default) */
241 starter_conn_t *conn_first, *conn_last;
242 };
243
244 extern starter_config_t *confread_load(const char *file);
245 extern void confread_free(starter_config_t *cfg);
246
247 #endif /* _IPSEC_CONFREAD_H_ */
248