projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
(no commit message)
[strongswan.git] / src / starter / confread.h
1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
15 */
16
17 #ifndef _IPSEC_CONFREAD_H_
18 #define _IPSEC_CONFREAD_H_
19
20 #ifndef _FREESWAN_H
21 #include <freeswan.h>
22 #include "../pluto/constants.h"
23 #endif
24
25 #include "parser.h"
26 #include "interfaces.h"
27
28 typedef enum {
29 STARTUP_NO,
30 STARTUP_ADD,
31 STARTUP_ROUTE,
32 STARTUP_START
33 } startup_t;
34
35 typedef enum {
36 STATE_IGNORE,
37 STATE_TO_ADD,
38 STATE_ADDED,
39 STATE_REPLACED,
40 STATE_INVALID
41 } starter_state_t;
42
43 typedef struct starter_end starter_end_t;
44
45 struct starter_end {
46 lset_t seen;
47 char *id;
48 char *rsakey;
49 char *cert;
50 char *ca;
51 char *groups;
52 char *iface;
53 ip_address addr;
54 ip_address nexthop;
55 ip_address srcip;
56 ip_subnet subnet;
57 bool has_client;
58 bool has_client_wildcard;
59 bool has_port_wildcard;
60 bool has_srcip;
61 bool modecfg;
62 certpolicy_t sendcert;
63 bool firewall;
64 bool hostaccess;
65 char *updown;
66 u_int16_t port;
67 u_int8_t protocol;
68 #ifdef VIRTUAL_IP
69 char *virt;
70 #endif
71 };
72
73 typedef struct also also_t;
74
75 struct also {
76 char *name;
77 bool included;
78 also_t *next;
79 };
80
81 typedef struct starter_conn starter_conn_t;
82
83 struct starter_conn {
84 lset_t seen;
85 char *name;
86 also_t *also;
87 kw_list_t *kw;
88 u_int visit;
89 startup_t startup;
90 starter_state_t state;
91
92 int keyexchange;
93 lset_t policy;
94 time_t sa_ike_life_seconds;
95 time_t sa_ipsec_life_seconds;
96 time_t sa_rekey_margin;
97 unsigned long sa_keying_tries;
98 unsigned long sa_rekey_fuzz;
99 sa_family_t addr_family;
100 sa_family_t tunnel_addr_family;
101
102 starter_end_t left, right;
103
104 unsigned long id;
105
106 char *esp;
107 char *ike;
108 char *pfsgroup;
109
110 time_t dpd_delay;
111 time_t dpd_timeout;
112 dpd_action_t dpd_action;
113 int dpd_count;
114
115 starter_conn_t *next;
116 };
117
118 typedef struct starter_ca starter_ca_t;
119
120 struct starter_ca {
121 lset_t seen;
122 char *name;
123 also_t *also;
124 kw_list_t *kw;
125 u_int visit;
126 startup_t startup;
127 starter_state_t state;
128
129 char *cacert;
130 char *ldaphost;
131 char *ldapbase;
132 char *crluri;
133 char *crluri2;
134 char *ocspuri;
135
136 bool strict;
137
138 starter_ca_t *next;
139 };
140
141 typedef struct starter_config starter_config_t;
142
143 struct starter_config {
144 struct {
145 lset_t seen;
146 char **interfaces;
147 char *dumpdir;
148
149 /* pluto keywords */
150 char **plutodebug;
151 char *prepluto;
152 char *postpluto;
153 bool uniqueids;
154 u_int overridemtu;
155 u_int crlcheckinterval;
156 bool cachecrls;
157 bool strictcrlpolicy;
158 bool nocrsend;
159 bool nat_traversal;
160 u_int keep_alive;
161 char *virtual_private;
162 char *pkcs11module;
163 bool pkcs11keepstate;
164 bool pkcs11proxy;
165
166 /* KLIPS keywords */
167 char **klipsdebug;
168 bool fragicmp;
169 char *packetdefault;
170 bool hidetos;
171 } setup;
172
173 /* information about the default route */
174 defaultroute_t defaultroute;
175
176 /* number of encountered parsing errors */
177 u_int err;
178
179 /* do we parse also statements */
180 bool parse_also;
181
182 /* ca %default */
183 starter_ca_t ca_default;
184
185 /* connections list (without %default) */
186 starter_ca_t *ca_first, *ca_last;
187
188 /* conn %default */
189 starter_conn_t conn_default;
190
191 /* connections list (without %default) */
192 starter_conn_t *conn_first, *conn_last;
193 };
194
195 extern starter_config_t *confread_load(const char *file);
196 extern void confread_free(starter_config_t *cfg);
197
198 #endif /* _IPSEC_CONFREAD_H_ */
199
strongSwan - IPsec VPN