c142961b3846aae9fd2529410e34f2834e131502
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
18
19 #include <freeswan.h>
20 #include "../pluto/constants.h"
21
22 #include "ipsec-parser.h"
23
24 typedef enum {
25 STARTUP_NO,
26 STARTUP_ADD,
27 STARTUP_ROUTE,
28 STARTUP_START
29 } startup_t;
30
31 typedef enum {
32 STATE_IGNORE,
33 STATE_TO_ADD,
34 STATE_ADDED,
35 STATE_REPLACED,
36 STATE_INVALID
37 } starter_state_t;
38
39 typedef enum {
40 /* shared with ike_version_t */
41 KEY_EXCHANGE_IKE = 0,
42 KEY_EXCHANGE_IKEV1 = 1,
43 KEY_EXCHANGE_IKEV2 = 2,
44 } keyexchange_t;
45
46 typedef enum {
47 STRICT_NO,
48 STRICT_YES,
49 STRICT_IFURI
50 } strict_t;
51
52 typedef struct starter_end starter_end_t;
53
54 struct starter_end {
55 lset_t seen;
56 char *auth;
57 char *auth2;
58 char *id;
59 char *id2;
60 char *rsakey;
61 char *cert;
62 char *cert2;
63 char *ca;
64 char *ca2;
65 char *groups;
66 char *cert_policy;
67 char *iface;
68 char *host;
69 ip_address addr;
70 u_int ikeport;
71 ip_address nexthop;
72 char *subnet;
73 bool has_client;
74 bool has_client_wildcard;
75 bool has_port_wildcard;
76 bool has_natip;
77 bool has_virt;
78 bool modecfg;
79 certpolicy_t sendcert;
80 bool firewall;
81 bool hostaccess;
82 bool allow_any;
83 bool dns_failed;
84 char *updown;
85 u_int16_t port;
86 u_int8_t protocol;
87 char *sourceip;
88 int sourceip_mask;
89 };
90
91 typedef struct also also_t;
92
93 struct also {
94 char *name;
95 bool included;
96 also_t *next;
97 };
98
99 typedef struct starter_conn starter_conn_t;
100
101 struct starter_conn {
102 lset_t seen;
103 char *name;
104 also_t *also;
105 kw_list_t *kw;
106 u_int visit;
107 startup_t startup;
108 starter_state_t state;
109
110 keyexchange_t keyexchange;
111 char *eap_identity;
112 char *aaa_identity;
113 char *xauth_identity;
114 lset_t policy;
115 time_t sa_ike_life_seconds;
116 time_t sa_ipsec_life_seconds;
117 time_t sa_rekey_margin;
118 u_int64_t sa_ipsec_life_bytes;
119 u_int64_t sa_ipsec_margin_bytes;
120 u_int64_t sa_ipsec_life_packets;
121 u_int64_t sa_ipsec_margin_packets;
122 unsigned long sa_keying_tries;
123 unsigned long sa_rekey_fuzz;
124 u_int32_t reqid;
125 mark_t mark_in;
126 mark_t mark_out;
127 u_int32_t tfc;
128 sa_family_t addr_family;
129 sa_family_t tunnel_addr_family;
130 bool install_policy;
131 bool aggressive;
132 starter_end_t left, right;
133
134 unsigned long id;
135
136 char *esp;
137 char *ike;
138 char *pfsgroup;
139
140 time_t dpd_delay;
141 time_t dpd_timeout;
142 dpd_action_t dpd_action;
143 int dpd_count;
144
145 dpd_action_t close_action;
146
147 time_t inactivity;
148
149 bool me_mediation;
150 char *me_mediated_by;
151 char *me_peerid;
152
153 starter_conn_t *next;
154 };
155
156 typedef struct starter_ca starter_ca_t;
157
158 struct starter_ca {
159 lset_t seen;
160 char *name;
161 also_t *also;
162 kw_list_t *kw;
163 u_int visit;
164 startup_t startup;
165 starter_state_t state;
166
167 char *cacert;
168 char *ldaphost;
169 char *ldapbase;
170 char *crluri;
171 char *crluri2;
172 char *ocspuri;
173 char *ocspuri2;
174 char *certuribase;
175
176 bool strict;
177
178 starter_ca_t *next;
179 };
180
181 typedef struct starter_config starter_config_t;
182
183 struct starter_config {
184 struct {
185 lset_t seen;
186 char **interfaces;
187 char *dumpdir;
188 bool charonstart;
189 bool plutostart;
190
191 /* pluto/charon keywords */
192 char **plutodebug;
193 char *charondebug;
194 char *prepluto;
195 char *postpluto;
196 char *plutostderrlog;
197 bool uniqueids;
198 u_int overridemtu;
199 time_t crlcheckinterval;
200 bool cachecrls;
201 strict_t strictcrlpolicy;
202 bool nocrsend;
203 bool nat_traversal;
204 time_t keep_alive;
205 u_int force_keepalive;
206 char *virtual_private;
207 char *pkcs11module;
208 char *pkcs11initargs;
209 bool pkcs11keepstate;
210 bool pkcs11proxy;
211
212 /* KLIPS keywords */
213 char **klipsdebug;
214 bool fragicmp;
215 char *packetdefault;
216 bool hidetos;
217 } setup;
218
219 /* number of encountered parsing errors */
220 u_int err;
221 u_int non_fatal_err;
222
223 /* do we parse also statements */
224 bool parse_also;
225
226 /* ca %default */
227 starter_ca_t ca_default;
228
229 /* connections list (without %default) */
230 starter_ca_t *ca_first, *ca_last;
231
232 /* conn %default */
233 starter_conn_t conn_default;
234
235 /* connections list (without %default) */
236 starter_conn_t *conn_first, *conn_last;
237 };
238
239 extern starter_config_t *confread_load(const char *file);
240 extern void confread_free(starter_config_t *cfg);
241
242 #endif /* _IPSEC_CONFREAD_H_ */
243