added missing equals() method assignment for ID_ANY identities
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
18
19 #ifndef _FREESWAN_H
20 #include <freeswan.h>
21 #endif
22
23 #include "parser.h"
24 #include "interfaces.h"
25
26 typedef enum {
27 STARTUP_NO,
28 STARTUP_ADD,
29 STARTUP_ROUTE,
30 STARTUP_START
31 } startup_t;
32
33 typedef enum {
34 STATE_IGNORE,
35 STATE_TO_ADD,
36 STATE_ADDED,
37 STATE_REPLACED,
38 STATE_INVALID
39 } starter_state_t;
40
41 typedef enum {
42 KEY_EXCHANGE_IKE,
43 KEY_EXCHANGE_IKEV1,
44 KEY_EXCHANGE_IKEV2
45 } keyexchange_t;
46
47 typedef enum {
48 STRICT_NO,
49 STRICT_YES,
50 STRICT_IFURI
51 } strict_t;
52
53 typedef struct starter_end starter_end_t;
54
55 struct starter_end {
56 lset_t seen;
57 char *auth;
58 char *auth2;
59 char *id;
60 char *id2;
61 char *rsakey;
62 char *cert;
63 char *cert2;
64 char *ca;
65 char *ca2;
66 char *groups;
67 char *iface;
68 ip_address addr;
69 ip_address nexthop;
70 char *subnet;
71 bool has_client;
72 bool has_client_wildcard;
73 bool has_port_wildcard;
74 bool has_natip;
75 bool has_virt;
76 bool modecfg;
77 certpolicy_t sendcert;
78 bool firewall;
79 bool hostaccess;
80 bool allow_any;
81 bool dns_failed;
82 char *updown;
83 u_int16_t port;
84 u_int8_t protocol;
85 char *srcip;
86 };
87
88 typedef struct also also_t;
89
90 struct also {
91 char *name;
92 bool included;
93 also_t *next;
94 };
95
96 typedef struct starter_conn starter_conn_t;
97
98 struct starter_conn {
99 lset_t seen;
100 char *name;
101 also_t *also;
102 kw_list_t *kw;
103 u_int visit;
104 startup_t startup;
105 starter_state_t state;
106
107 keyexchange_t keyexchange;
108 u_int32_t eap_type;
109 u_int32_t eap_vendor;
110 char *eap_identity;
111 lset_t policy;
112 time_t sa_ike_life_seconds;
113 time_t sa_ipsec_life_seconds;
114 time_t sa_rekey_margin;
115 unsigned long sa_keying_tries;
116 unsigned long sa_rekey_fuzz;
117 sa_family_t addr_family;
118 sa_family_t tunnel_addr_family;
119 bool install_policy;
120 starter_end_t left, right;
121
122 unsigned long id;
123
124 char *esp;
125 char *ike;
126 char *pfsgroup;
127
128 time_t dpd_delay;
129 time_t dpd_timeout;
130 dpd_action_t dpd_action;
131 int dpd_count;
132
133 bool me_mediation;
134 char *me_mediated_by;
135 char *me_peerid;
136
137 starter_conn_t *next;
138 };
139
140 typedef struct starter_ca starter_ca_t;
141
142 struct starter_ca {
143 lset_t seen;
144 char *name;
145 also_t *also;
146 kw_list_t *kw;
147 u_int visit;
148 startup_t startup;
149 starter_state_t state;
150
151 char *cacert;
152 char *ldaphost;
153 char *ldapbase;
154 char *crluri;
155 char *crluri2;
156 char *ocspuri;
157 char *ocspuri2;
158 char *certuribase;
159
160 bool strict;
161
162 starter_ca_t *next;
163 };
164
165 typedef struct starter_config starter_config_t;
166
167 struct starter_config {
168 struct {
169 lset_t seen;
170 char **interfaces;
171 char *dumpdir;
172 bool charonstart;
173 bool plutostart;
174
175 /* pluto/charon keywords */
176 char **plutodebug;
177 char *charondebug;
178 char *prepluto;
179 char *postpluto;
180 char *plutostderrlog;
181 bool uniqueids;
182 u_int overridemtu;
183 u_int crlcheckinterval;
184 bool cachecrls;
185 strict_t strictcrlpolicy;
186 bool nocrsend;
187 bool nat_traversal;
188 u_int keep_alive;
189 u_int force_keepalive;
190 char *virtual_private;
191 char *pkcs11module;
192 char *pkcs11initargs;
193 bool pkcs11keepstate;
194 bool pkcs11proxy;
195
196 /* KLIPS keywords */
197 char **klipsdebug;
198 bool fragicmp;
199 char *packetdefault;
200 bool hidetos;
201 } setup;
202
203 /* information about the default route */
204 defaultroute_t defaultroute;
205
206 /* number of encountered parsing errors */
207 u_int err;
208 u_int non_fatal_err;
209
210 /* do we parse also statements */
211 bool parse_also;
212
213 /* ca %default */
214 starter_ca_t ca_default;
215
216 /* connections list (without %default) */
217 starter_ca_t *ca_first, *ca_last;
218
219 /* conn %default */
220 starter_conn_t conn_default;
221
222 /* connections list (without %default) */
223 starter_conn_t *conn_first, *conn_last;
224 };
225
226 extern starter_config_t *confread_load(const char *file);
227 extern void confread_free(starter_config_t *cfg);
228
229 #endif /* _IPSEC_CONFREAD_H_ */
230