support of plutostderrlog keyword
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * RCSID $Id$
16 */
17
18 #ifndef _IPSEC_CONFREAD_H_
19 #define _IPSEC_CONFREAD_H_
20
21 #ifndef _FREESWAN_H
22 #include <freeswan.h>
23 #include "../pluto/constants.h"
24 #endif
25
26 #include "parser.h"
27 #include "interfaces.h"
28
29 typedef enum {
30 STARTUP_NO,
31 STARTUP_ADD,
32 STARTUP_ROUTE,
33 STARTUP_START
34 } startup_t;
35
36 typedef enum {
37 STATE_IGNORE,
38 STATE_TO_ADD,
39 STATE_ADDED,
40 STATE_REPLACED,
41 STATE_INVALID
42 } starter_state_t;
43
44 typedef enum {
45 KEY_EXCHANGE_IKE,
46 KEY_EXCHANGE_IKEV1,
47 KEY_EXCHANGE_IKEV2
48 } keyexchange_t;
49
50 typedef enum {
51 STRICT_NO,
52 STRICT_YES,
53 STRICT_IFURI
54 } strict_t;
55
56 typedef struct starter_end starter_end_t;
57
58 struct starter_end {
59 lset_t seen;
60 char *id;
61 char *rsakey;
62 char *cert;
63 char *ca;
64 char *groups;
65 char *iface;
66 ip_address addr;
67 ip_address nexthop;
68 char *subnet;
69 bool has_client;
70 bool has_client_wildcard;
71 bool has_port_wildcard;
72 bool has_natip;
73 bool has_virt;
74 bool modecfg;
75 certpolicy_t sendcert;
76 bool firewall;
77 bool hostaccess;
78 bool allow_any;
79 bool dns_failed;
80 char *updown;
81 u_int16_t port;
82 u_int8_t protocol;
83 char *srcip;
84 };
85
86 typedef struct also also_t;
87
88 struct also {
89 char *name;
90 bool included;
91 also_t *next;
92 };
93
94 typedef struct starter_conn starter_conn_t;
95
96 struct starter_conn {
97 lset_t seen;
98 char *name;
99 also_t *also;
100 kw_list_t *kw;
101 u_int visit;
102 startup_t startup;
103 starter_state_t state;
104
105 keyexchange_t keyexchange;
106 u_int32_t eap_type;
107 u_int32_t eap_vendor;
108 lset_t policy;
109 time_t sa_ike_life_seconds;
110 time_t sa_ipsec_life_seconds;
111 time_t sa_rekey_margin;
112 unsigned long sa_keying_tries;
113 unsigned long sa_rekey_fuzz;
114 sa_family_t addr_family;
115 sa_family_t tunnel_addr_family;
116
117 starter_end_t left, right;
118
119 unsigned long id;
120
121 char *esp;
122 char *ike;
123 char *pfsgroup;
124
125 time_t dpd_delay;
126 time_t dpd_timeout;
127 dpd_action_t dpd_action;
128 int dpd_count;
129
130 bool me_mediation;
131 char *me_mediated_by;
132 char *me_peerid;
133
134 starter_conn_t *next;
135 };
136
137 typedef struct starter_ca starter_ca_t;
138
139 struct starter_ca {
140 lset_t seen;
141 char *name;
142 also_t *also;
143 kw_list_t *kw;
144 u_int visit;
145 startup_t startup;
146 starter_state_t state;
147
148 char *cacert;
149 char *ldaphost;
150 char *ldapbase;
151 char *crluri;
152 char *crluri2;
153 char *ocspuri;
154 char *ocspuri2;
155 char *certuribase;
156
157 bool strict;
158
159 starter_ca_t *next;
160 };
161
162 typedef struct starter_config starter_config_t;
163
164 struct starter_config {
165 struct {
166 lset_t seen;
167 char **interfaces;
168 char *dumpdir;
169 bool charonstart;
170 bool plutostart;
171
172 /* pluto/charon keywords */
173 char **plutodebug;
174 char *charondebug;
175 char *prepluto;
176 char *postpluto;
177 bool plutostderrlog;
178 bool uniqueids;
179 u_int overridemtu;
180 u_int crlcheckinterval;
181 bool cachecrls;
182 strict_t strictcrlpolicy;
183 bool nocrsend;
184 bool nat_traversal;
185 u_int keep_alive;
186 u_int force_keepalive;
187 char *virtual_private;
188 char *pkcs11module;
189 char *pkcs11initargs;
190 bool pkcs11keepstate;
191 bool pkcs11proxy;
192
193 /* KLIPS keywords */
194 char **klipsdebug;
195 bool fragicmp;
196 char *packetdefault;
197 bool hidetos;
198 } setup;
199
200 /* information about the default route */
201 defaultroute_t defaultroute;
202
203 /* number of encountered parsing errors */
204 u_int err;
205 u_int non_fatal_err;
206
207 /* do we parse also statements */
208 bool parse_also;
209
210 /* ca %default */
211 starter_ca_t ca_default;
212
213 /* connections list (without %default) */
214 starter_ca_t *ca_first, *ca_last;
215
216 /* conn %default */
217 starter_conn_t conn_default;
218
219 /* connections list (without %default) */
220 starter_conn_t *conn_first, *conn_last;
221 };
222
223 extern starter_config_t *confread_load(const char *file);
224 extern void confread_free(starter_config_t *cfg);
225
226 #endif /* _IPSEC_CONFREAD_H_ */
227