starter: Use custom type to mark seen keywords.
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
18
19 #include <freeswan.h>
20 #include "../pluto/constants.h"
21
22 #include "ipsec-parser.h"
23
24 /** to mark seen keywords */
25 typedef u_int64_t seen_t;
26 #define SEEN_NONE 0;
27 #define SEEN_KW(kw, base) ((seen_t)1 << ((kw) - (base)))
28
29 typedef enum {
30 STARTUP_NO,
31 STARTUP_ADD,
32 STARTUP_ROUTE,
33 STARTUP_START
34 } startup_t;
35
36 typedef enum {
37 STATE_IGNORE,
38 STATE_TO_ADD,
39 STATE_ADDED,
40 STATE_REPLACED,
41 STATE_INVALID
42 } starter_state_t;
43
44 typedef enum {
45 /* shared with ike_version_t */
46 KEY_EXCHANGE_IKE = 0,
47 KEY_EXCHANGE_IKEV1 = 1,
48 KEY_EXCHANGE_IKEV2 = 2,
49 } keyexchange_t;
50
51 typedef enum {
52 STRICT_NO,
53 STRICT_YES,
54 STRICT_IFURI
55 } strict_t;
56
57 typedef struct starter_end starter_end_t;
58
59 struct starter_end {
60 seen_t seen;
61 char *auth;
62 char *auth2;
63 char *id;
64 char *id2;
65 char *rsakey;
66 char *cert;
67 char *cert2;
68 char *ca;
69 char *ca2;
70 char *groups;
71 char *cert_policy;
72 char *iface;
73 char *host;
74 ip_address addr;
75 u_int ikeport;
76 char *subnet;
77 bool has_client;
78 bool has_client_wildcard;
79 bool has_port_wildcard;
80 bool has_natip;
81 bool has_virt;
82 bool modecfg;
83 certpolicy_t sendcert;
84 bool firewall;
85 bool hostaccess;
86 bool allow_any;
87 bool dns_failed;
88 char *updown;
89 u_int16_t port;
90 u_int8_t protocol;
91 char *sourceip;
92 int sourceip_mask;
93 };
94
95 typedef struct also also_t;
96
97 struct also {
98 char *name;
99 bool included;
100 also_t *next;
101 };
102
103 typedef struct starter_conn starter_conn_t;
104
105 struct starter_conn {
106 seen_t seen;
107 char *name;
108 also_t *also;
109 kw_list_t *kw;
110 u_int visit;
111 startup_t startup;
112 starter_state_t state;
113
114 keyexchange_t keyexchange;
115 char *eap_identity;
116 char *aaa_identity;
117 char *xauth_identity;
118 char *authby;
119 lset_t policy;
120 time_t sa_ike_life_seconds;
121 time_t sa_ipsec_life_seconds;
122 time_t sa_rekey_margin;
123 u_int64_t sa_ipsec_life_bytes;
124 u_int64_t sa_ipsec_margin_bytes;
125 u_int64_t sa_ipsec_life_packets;
126 u_int64_t sa_ipsec_margin_packets;
127 unsigned long sa_keying_tries;
128 unsigned long sa_rekey_fuzz;
129 u_int32_t reqid;
130 mark_t mark_in;
131 mark_t mark_out;
132 u_int32_t tfc;
133 sa_family_t addr_family;
134 sa_family_t tunnel_addr_family;
135 bool install_policy;
136 bool aggressive;
137 starter_end_t left, right;
138
139 unsigned long id;
140
141 char *esp;
142 char *ike;
143 char *pfsgroup;
144
145 time_t dpd_delay;
146 time_t dpd_timeout;
147 dpd_action_t dpd_action;
148 int dpd_count;
149
150 dpd_action_t close_action;
151
152 time_t inactivity;
153
154 bool me_mediation;
155 char *me_mediated_by;
156 char *me_peerid;
157
158 starter_conn_t *next;
159 };
160
161 typedef struct starter_ca starter_ca_t;
162
163 struct starter_ca {
164 seen_t seen;
165 char *name;
166 also_t *also;
167 kw_list_t *kw;
168 u_int visit;
169 startup_t startup;
170 starter_state_t state;
171
172 char *cacert;
173 char *ldaphost;
174 char *ldapbase;
175 char *crluri;
176 char *crluri2;
177 char *ocspuri;
178 char *ocspuri2;
179 char *certuribase;
180
181 bool strict;
182
183 starter_ca_t *next;
184 };
185
186 typedef struct starter_config starter_config_t;
187
188 struct starter_config {
189 struct {
190 seen_t seen;
191 char **interfaces;
192 char *dumpdir;
193 bool charonstart;
194 bool plutostart;
195
196 /* pluto/charon keywords */
197 char **plutodebug;
198 char *charondebug;
199 char *prepluto;
200 char *postpluto;
201 char *plutostderrlog;
202 bool uniqueids;
203 u_int overridemtu;
204 time_t crlcheckinterval;
205 bool cachecrls;
206 strict_t strictcrlpolicy;
207 bool nocrsend;
208 bool nat_traversal;
209 time_t keep_alive;
210 u_int force_keepalive;
211 char *virtual_private;
212 char *pkcs11module;
213 char *pkcs11initargs;
214 bool pkcs11keepstate;
215 bool pkcs11proxy;
216
217 /* KLIPS keywords */
218 char **klipsdebug;
219 bool fragicmp;
220 char *packetdefault;
221 bool hidetos;
222 } setup;
223
224 /* number of encountered parsing errors */
225 u_int err;
226 u_int non_fatal_err;
227
228 /* do we parse also statements */
229 bool parse_also;
230
231 /* ca %default */
232 starter_ca_t ca_default;
233
234 /* connections list (without %default) */
235 starter_ca_t *ca_first, *ca_last;
236
237 /* conn %default */
238 starter_conn_t conn_default;
239
240 /* connections list (without %default) */
241 starter_conn_t *conn_first, *conn_last;
242 };
243
244 extern starter_config_t *confread_load(const char *file);
245 extern void confread_free(starter_config_t *cfg);
246
247 #endif /* _IPSEC_CONFREAD_H_ */
248