projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
added charondebug config parameter to set debug level at startup
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
15 */
16
17 #ifndef _IPSEC_CONFREAD_H_
18 #define _IPSEC_CONFREAD_H_
19
20 #ifndef _FREESWAN_H
21 #include <freeswan.h>
22 #include "../pluto/constants.h"
23 #endif
24
25 #include "parser.h"
26 #include "interfaces.h"
27
28 typedef enum {
29 STARTUP_NO,
30 STARTUP_ADD,
31 STARTUP_ROUTE,
32 STARTUP_START
33 } startup_t;
34
35 typedef enum {
36 STATE_IGNORE,
37 STATE_TO_ADD,
38 STATE_ADDED,
39 STATE_REPLACED,
40 STATE_INVALID
41 } starter_state_t;
42
43 typedef enum {
44 KEY_EXCHANGE_IKE,
45 KEY_EXCHANGE_IKEV1,
46 KEY_EXCHANGE_IKEV2
47 } keyexchange_t;
48
49 typedef struct starter_end starter_end_t;
50
51 struct starter_end {
52 lset_t seen;
53 char *id;
54 char *rsakey;
55 char *cert;
56 char *ca;
57 char *groups;
58 char *iface;
59 ip_address addr;
60 ip_address nexthop;
61 ip_address srcip;
62 ip_subnet subnet;
63 bool has_client;
64 bool has_client_wildcard;
65 bool has_port_wildcard;
66 bool has_srcip;
67 bool modecfg;
68 certpolicy_t sendcert;
69 bool firewall;
70 bool hostaccess;
71 char *updown;
72 u_int16_t port;
73 u_int8_t protocol;
74 char *virt;
75 };
76
77 typedef struct also also_t;
78
79 struct also {
80 char *name;
81 bool included;
82 also_t *next;
83 };
84
85 typedef struct starter_conn starter_conn_t;
86
87 struct starter_conn {
88 lset_t seen;
89 char *name;
90 also_t *also;
91 kw_list_t *kw;
92 u_int visit;
93 startup_t startup;
94 starter_state_t state;
95
96 keyexchange_t keyexchange;
97 lset_t policy;
98 time_t sa_ike_life_seconds;
99 time_t sa_ipsec_life_seconds;
100 time_t sa_rekey_margin;
101 unsigned long sa_keying_tries;
102 unsigned long sa_rekey_fuzz;
103 sa_family_t addr_family;
104 sa_family_t tunnel_addr_family;
105
106 starter_end_t left, right;
107
108 unsigned long id;
109
110 char *esp;
111 char *ike;
112 char *pfsgroup;
113
114 time_t dpd_delay;
115 time_t dpd_timeout;
116 dpd_action_t dpd_action;
117 int dpd_count;
118
119 starter_conn_t *next;
120 };
121
122 typedef struct starter_ca starter_ca_t;
123
124 struct starter_ca {
125 lset_t seen;
126 char *name;
127 also_t *also;
128 kw_list_t *kw;
129 u_int visit;
130 startup_t startup;
131 starter_state_t state;
132
133 char *cacert;
134 char *ldaphost;
135 char *ldapbase;
136 char *crluri;
137 char *crluri2;
138 char *ocspuri;
139
140 bool strict;
141
142 starter_ca_t *next;
143 };
144
145 typedef struct starter_config starter_config_t;
146
147 struct starter_config {
148 struct {
149 lset_t seen;
150 char **interfaces;
151 char *dumpdir;
152 bool charonstart;
153 bool plutostart;
154
155 /* pluto/charon keywords */
156 char **plutodebug;
157 char *charondebug;
158 char *prepluto;
159 char *postpluto;
160 bool uniqueids;
161 u_int overridemtu;
162 u_int crlcheckinterval;
163 bool cachecrls;
164 bool strictcrlpolicy;
165 bool nocrsend;
166 bool nat_traversal;
167 u_int keep_alive;
168 char *virtual_private;
169 char *pkcs11module;
170 bool pkcs11keepstate;
171 bool pkcs11proxy;
172
173 /* KLIPS keywords */
174 char **klipsdebug;
175 bool fragicmp;
176 char *packetdefault;
177 bool hidetos;
178 } setup;
179
180 /* information about the default route */
181 defaultroute_t defaultroute;
182
183 /* number of encountered parsing errors */
184 u_int err;
185
186 /* do we parse also statements */
187 bool parse_also;
188
189 /* ca %default */
190 starter_ca_t ca_default;
191
192 /* connections list (without %default) */
193 starter_ca_t *ca_first, *ca_last;
194
195 /* conn %default */
196 starter_conn_t conn_default;
197
198 /* connections list (without %default) */
199 starter_conn_t *conn_first, *conn_last;
200 };
201
202 extern starter_config_t *confread_load(const char *file);
203 extern void confread_free(starter_config_t *cfg);
204
205 #endif /* _IPSEC_CONFREAD_H_ */
206
strongSwan - IPsec VPN