support of PKCS#11 init arguments required by NSS softoken, patch contributed by...
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
15 */
16
17 #ifndef _IPSEC_CONFREAD_H_
18 #define _IPSEC_CONFREAD_H_
19
20 #ifndef _FREESWAN_H
21 #include <freeswan.h>
22 #include "../pluto/constants.h"
23 #endif
24
25 #include "parser.h"
26 #include "interfaces.h"
27
28 typedef enum {
29 STARTUP_NO,
30 STARTUP_ADD,
31 STARTUP_ROUTE,
32 STARTUP_START
33 } startup_t;
34
35 typedef enum {
36 STATE_IGNORE,
37 STATE_TO_ADD,
38 STATE_ADDED,
39 STATE_REPLACED,
40 STATE_INVALID
41 } starter_state_t;
42
43 typedef enum {
44 KEY_EXCHANGE_IKE,
45 KEY_EXCHANGE_IKEV1,
46 KEY_EXCHANGE_IKEV2
47 } keyexchange_t;
48
49 typedef enum {
50 STRICT_NO,
51 STRICT_YES,
52 STRICT_IFURI
53 } strict_t;
54
55 typedef struct starter_end starter_end_t;
56
57 struct starter_end {
58 lset_t seen;
59 char *id;
60 char *rsakey;
61 char *cert;
62 char *ca;
63 char *groups;
64 char *iface;
65 ip_address addr;
66 ip_address nexthop;
67 ip_address srcip;
68 ip_subnet subnet;
69 bool has_client;
70 bool has_client_wildcard;
71 bool has_port_wildcard;
72 bool has_srcip;
73 bool has_natip;
74 bool modecfg;
75 certpolicy_t sendcert;
76 bool firewall;
77 bool hostaccess;
78 bool allow_any;
79 char *updown;
80 u_int16_t port;
81 u_int8_t protocol;
82 char *virt;
83 };
84
85 typedef struct also also_t;
86
87 struct also {
88 char *name;
89 bool included;
90 also_t *next;
91 };
92
93 typedef struct starter_conn starter_conn_t;
94
95 struct starter_conn {
96 lset_t seen;
97 char *name;
98 also_t *also;
99 kw_list_t *kw;
100 u_int visit;
101 startup_t startup;
102 starter_state_t state;
103
104 keyexchange_t keyexchange;
105 int eap;
106 lset_t policy;
107 time_t sa_ike_life_seconds;
108 time_t sa_ipsec_life_seconds;
109 time_t sa_rekey_margin;
110 unsigned long sa_keying_tries;
111 unsigned long sa_rekey_fuzz;
112 sa_family_t addr_family;
113 sa_family_t tunnel_addr_family;
114
115 starter_end_t left, right;
116
117 unsigned long id;
118
119 char *esp;
120 char *ike;
121 char *pfsgroup;
122
123 time_t dpd_delay;
124 time_t dpd_timeout;
125 dpd_action_t dpd_action;
126 int dpd_count;
127
128 starter_conn_t *next;
129 };
130
131 typedef struct starter_ca starter_ca_t;
132
133 struct starter_ca {
134 lset_t seen;
135 char *name;
136 also_t *also;
137 kw_list_t *kw;
138 u_int visit;
139 startup_t startup;
140 starter_state_t state;
141
142 char *cacert;
143 char *ldaphost;
144 char *ldapbase;
145 char *crluri;
146 char *crluri2;
147 char *ocspuri;
148 char *ocspuri2;
149
150 bool strict;
151
152 starter_ca_t *next;
153 };
154
155 typedef struct starter_config starter_config_t;
156
157 struct starter_config {
158 struct {
159 lset_t seen;
160 char **interfaces;
161 char *dumpdir;
162 bool charonstart;
163 bool plutostart;
164
165 /* pluto/charon keywords */
166 char **plutodebug;
167 char *charondebug;
168 char *prepluto;
169 char *postpluto;
170 bool uniqueids;
171 u_int overridemtu;
172 u_int crlcheckinterval;
173 bool cachecrls;
174 strict_t strictcrlpolicy;
175 bool nocrsend;
176 bool nat_traversal;
177 u_int keep_alive;
178 char *virtual_private;
179 char *eapdir;
180 char *pkcs11module;
181 char *pkcs11initargs;
182 bool pkcs11keepstate;
183 bool pkcs11proxy;
184
185 /* KLIPS keywords */
186 char **klipsdebug;
187 bool fragicmp;
188 char *packetdefault;
189 bool hidetos;
190 } setup;
191
192 /* information about the default route */
193 defaultroute_t defaultroute;
194
195 /* number of encountered parsing errors */
196 u_int err;
197 u_int non_fatal_err;
198
199 /* do we parse also statements */
200 bool parse_also;
201
202 /* ca %default */
203 starter_ca_t ca_default;
204
205 /* connections list (without %default) */
206 starter_ca_t *ca_first, *ca_last;
207
208 /* conn %default */
209 starter_conn_t conn_default;
210
211 /* connections list (without %default) */
212 starter_conn_t *conn_first, *conn_last;
213 };
214
215 extern starter_config_t *confread_load(const char *file);
216 extern void confread_free(starter_config_t *cfg);
217
218 #endif /* _IPSEC_CONFREAD_H_ */
219