starter: Store mode of the IPsec SA/policy in a separate member.
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
18
19 #include <freeswan.h>
20 #include "../pluto/constants.h"
21 #include <kernel/kernel_ipsec.h>
22
23 #include "ipsec-parser.h"
24
25 /** to mark seen keywords */
26 typedef u_int64_t seen_t;
27 #define SEEN_NONE 0;
28 #define SEEN_KW(kw, base) ((seen_t)1 << ((kw) - (base)))
29
30 typedef enum {
31 STARTUP_NO,
32 STARTUP_ADD,
33 STARTUP_ROUTE,
34 STARTUP_START
35 } startup_t;
36
37 typedef enum {
38 STATE_IGNORE,
39 STATE_TO_ADD,
40 STATE_ADDED,
41 STATE_REPLACED,
42 STATE_INVALID
43 } starter_state_t;
44
45 typedef enum {
46 /* shared with ike_version_t */
47 KEY_EXCHANGE_IKE = 0,
48 KEY_EXCHANGE_IKEV1 = 1,
49 KEY_EXCHANGE_IKEV2 = 2,
50 } keyexchange_t;
51
52 typedef enum {
53 STRICT_NO,
54 STRICT_YES,
55 STRICT_IFURI
56 } strict_t;
57
58 typedef struct starter_end starter_end_t;
59
60 struct starter_end {
61 seen_t seen;
62 char *auth;
63 char *auth2;
64 char *id;
65 char *id2;
66 char *rsakey;
67 char *cert;
68 char *cert2;
69 char *ca;
70 char *ca2;
71 char *groups;
72 char *cert_policy;
73 char *iface;
74 char *host;
75 ip_address addr;
76 u_int ikeport;
77 char *subnet;
78 bool has_client;
79 bool has_client_wildcard;
80 bool has_port_wildcard;
81 bool has_natip;
82 bool has_virt;
83 bool modecfg;
84 certpolicy_t sendcert;
85 bool firewall;
86 bool hostaccess;
87 bool allow_any;
88 bool dns_failed;
89 char *updown;
90 u_int16_t port;
91 u_int8_t protocol;
92 char *sourceip;
93 int sourceip_mask;
94 };
95
96 typedef struct also also_t;
97
98 struct also {
99 char *name;
100 bool included;
101 also_t *next;
102 };
103
104 typedef struct starter_conn starter_conn_t;
105
106 struct starter_conn {
107 seen_t seen;
108 char *name;
109 also_t *also;
110 kw_list_t *kw;
111 u_int visit;
112 startup_t startup;
113 starter_state_t state;
114
115 keyexchange_t keyexchange;
116 char *eap_identity;
117 char *aaa_identity;
118 char *xauth_identity;
119 char *authby;
120 ipsec_mode_t mode;
121 bool proxy_mode;
122 lset_t policy;
123 time_t sa_ike_life_seconds;
124 time_t sa_ipsec_life_seconds;
125 time_t sa_rekey_margin;
126 u_int64_t sa_ipsec_life_bytes;
127 u_int64_t sa_ipsec_margin_bytes;
128 u_int64_t sa_ipsec_life_packets;
129 u_int64_t sa_ipsec_margin_packets;
130 unsigned long sa_keying_tries;
131 unsigned long sa_rekey_fuzz;
132 u_int32_t reqid;
133 mark_t mark_in;
134 mark_t mark_out;
135 u_int32_t tfc;
136 sa_family_t addr_family;
137 sa_family_t tunnel_addr_family;
138 bool install_policy;
139 bool aggressive;
140 starter_end_t left, right;
141
142 unsigned long id;
143
144 char *esp;
145 char *ike;
146 char *pfsgroup;
147
148 time_t dpd_delay;
149 time_t dpd_timeout;
150 dpd_action_t dpd_action;
151 int dpd_count;
152
153 dpd_action_t close_action;
154
155 time_t inactivity;
156
157 bool me_mediation;
158 char *me_mediated_by;
159 char *me_peerid;
160
161 starter_conn_t *next;
162 };
163
164 typedef struct starter_ca starter_ca_t;
165
166 struct starter_ca {
167 seen_t seen;
168 char *name;
169 also_t *also;
170 kw_list_t *kw;
171 u_int visit;
172 startup_t startup;
173 starter_state_t state;
174
175 char *cacert;
176 char *ldaphost;
177 char *ldapbase;
178 char *crluri;
179 char *crluri2;
180 char *ocspuri;
181 char *ocspuri2;
182 char *certuribase;
183
184 bool strict;
185
186 starter_ca_t *next;
187 };
188
189 typedef struct starter_config starter_config_t;
190
191 struct starter_config {
192 struct {
193 seen_t seen;
194 char **interfaces;
195 char *dumpdir;
196 bool charonstart;
197 bool plutostart;
198
199 /* pluto/charon keywords */
200 char **plutodebug;
201 char *charondebug;
202 char *prepluto;
203 char *postpluto;
204 char *plutostderrlog;
205 bool uniqueids;
206 u_int overridemtu;
207 time_t crlcheckinterval;
208 bool cachecrls;
209 strict_t strictcrlpolicy;
210 bool nocrsend;
211 bool nat_traversal;
212 time_t keep_alive;
213 u_int force_keepalive;
214 char *virtual_private;
215 char *pkcs11module;
216 char *pkcs11initargs;
217 bool pkcs11keepstate;
218 bool pkcs11proxy;
219
220 /* KLIPS keywords */
221 char **klipsdebug;
222 bool fragicmp;
223 char *packetdefault;
224 bool hidetos;
225 } setup;
226
227 /* number of encountered parsing errors */
228 u_int err;
229 u_int non_fatal_err;
230
231 /* do we parse also statements */
232 bool parse_also;
233
234 /* ca %default */
235 starter_ca_t ca_default;
236
237 /* connections list (without %default) */
238 starter_ca_t *ca_first, *ca_last;
239
240 /* conn %default */
241 starter_conn_t conn_default;
242
243 /* connections list (without %default) */
244 starter_conn_t *conn_first, *conn_last;
245 };
246
247 extern starter_config_t *confread_load(const char *file);
248 extern void confread_free(starter_config_t *cfg);
249
250 #endif /* _IPSEC_CONFREAD_H_ */
251