[thirdparty/strongswan.git] / src / starter / confread.h

/* strongSwan IPsec config file parser
 * Copyright (C) 2001-2002 Mathieu Lafon
 * Arkoon Network Security
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#ifndef _IPSEC_CONFREAD_H_
#define _IPSEC_CONFREAD_H_

#ifndef _FREESWAN_H
#include <freeswan.h>
#endif

#include "parser.h"
#include "interfaces.h"

typedef enum {
		STARTUP_NO,
		STARTUP_ADD,
		STARTUP_ROUTE,
		STARTUP_START
} startup_t;

typedef enum {
		STATE_IGNORE,
		STATE_TO_ADD,
		STATE_ADDED,
		STATE_REPLACED,
		STATE_INVALID
} starter_state_t;

typedef enum {
		KEY_EXCHANGE_IKE,
		KEY_EXCHANGE_IKEV1,
		KEY_EXCHANGE_IKEV2
} keyexchange_t;

typedef enum {
		STRICT_NO,
		STRICT_YES,
		STRICT_IFURI
} strict_t;

typedef struct starter_end starter_end_t;

struct starter_end {
		lset_t          seen;
		char            *auth;
		char            *auth2;
		char            *id;
		char            *id2;
		char            *rsakey;
		char            *cert;
		char            *cert2;
		char            *ca;
		char            *ca2;
		char            *groups;
		char            *iface;
		ip_address      addr;
		u_int           ikeport;
		ip_address      nexthop;
		char            *subnet;
		bool            has_client;
		bool            has_client_wildcard;
		bool            has_port_wildcard;
		bool            has_natip;
		bool            has_virt;
		bool            modecfg;
		certpolicy_t    sendcert;
		bool            firewall;
		bool            hostaccess;
		bool            allow_any;
		bool            dns_failed;
		char            *updown;
		u_int16_t       port;
		u_int8_t        protocol;
		char            *sourceip;
		int				sourceip_mask;
};

typedef struct also also_t;

struct also {
		char            *name;
		bool            included;
		also_t          *next;
};

typedef struct starter_conn starter_conn_t;

struct starter_conn {
		lset_t          seen;
		char            *name;
		also_t          *also;
		kw_list_t       *kw;
		u_int           visit;
		startup_t       startup;
		starter_state_t state;

		keyexchange_t   keyexchange;
		u_int32_t       eap_type;
		u_int32_t       eap_vendor;
		char            *eap_identity;
		char            *xauth_identity;
		lset_t          policy;
		time_t          sa_ike_life_seconds;
		time_t          sa_ipsec_life_seconds;
		time_t          sa_rekey_margin;
		u_int64_t	sa_ipsec_life_bytes;
		u_int64_t	sa_ipsec_margin_bytes;
		u_int64_t	sa_ipsec_life_packets;
		u_int64_t	sa_ipsec_margin_packets;
		unsigned long   sa_keying_tries;
		unsigned long   sa_rekey_fuzz;
		u_int32_t       reqid;
		u_int32_t		mark_value;
		u_int32_t		mark_mask;
		sa_family_t     addr_family;
		sa_family_t     tunnel_addr_family;
		bool            install_policy;
		starter_end_t   left, right;

		unsigned long   id;

		char            *esp;
		char            *ike;
		char            *pfsgroup;

		time_t          dpd_delay;
		time_t          dpd_timeout;
		dpd_action_t    dpd_action;
		int             dpd_count;

		time_t          inactivity;

		bool            me_mediation;
		char            *me_mediated_by;
		char            *me_peerid;

		starter_conn_t *next;
};

typedef struct starter_ca starter_ca_t;

struct starter_ca {
		lset_t          seen;
		char            *name;
		also_t          *also;
		kw_list_t       *kw;
		u_int           visit;
		startup_t       startup;
		starter_state_t state;

		char            *cacert;
		char            *ldaphost;
		char            *ldapbase;
		char            *crluri;
		char            *crluri2;
		char            *ocspuri;
		char            *ocspuri2;
		char        *certuribase;

		bool            strict;

		starter_ca_t    *next;
};

typedef struct starter_config starter_config_t;

struct starter_config {
		struct {
				lset_t  seen;
				char    **interfaces;
				char    *dumpdir;
				bool    charonstart;
				bool    plutostart;

				/* pluto/charon keywords */
				char     **plutodebug;
				char     *charondebug;
				char     *prepluto;
				char     *postpluto;
				char     *plutostderrlog;
				bool     uniqueids;
				u_int    overridemtu;
				u_int    crlcheckinterval;
				bool     cachecrls;
				strict_t strictcrlpolicy;
				bool     nocrsend;
				bool     nat_traversal;
				u_int    keep_alive;
				u_int    force_keepalive;
				char     *virtual_private;
				char     *pkcs11module;
				char     *pkcs11initargs;
				bool     pkcs11keepstate;
				bool     pkcs11proxy;

				/* KLIPS keywords */
				char    **klipsdebug;
				bool    fragicmp;
				char    *packetdefault;
				bool    hidetos;
		} setup;

		/* information about the default route */
		defaultroute_t defaultroute;

		/* number of encountered parsing errors */
		u_int err;
		u_int non_fatal_err;

		/* do we parse also statements */
		bool parse_also;

		/* ca %default */
		starter_ca_t ca_default;

		/* connections list (without %default) */
		starter_ca_t *ca_first, *ca_last;

		/* conn %default */
		starter_conn_t conn_default;

		/* connections list (without %default) */
		starter_conn_t *conn_first, *conn_last;
};

extern starter_config_t *confread_load(const char *file);
extern void confread_free(starter_config_t *cfg);

#endif /* _IPSEC_CONFREAD_H_ */
Commit	Line	Data
997358a6	1	/* strongSwan IPsec config file parser
d5cc1758 TB	2	* Copyright (C) 2001-2002 Mathieu Lafon
d5cc1758 TB	3	* Arkoon Network Security
997358a6 MW	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
997358a6 MW	14	*/
	15
	16	#ifndef _IPSEC_CONFREAD_H_
	17	#define _IPSEC_CONFREAD_H_
	18
	19	#ifndef _FREESWAN_H
	20	#include <freeswan.h>
997358a6 MW	21	#endif
	22
	23	#include "parser.h"
	24	#include "interfaces.h"
	25
	26	typedef enum {
3d7a244b AS	27	STARTUP_NO,
	28	STARTUP_ADD,
	29	STARTUP_ROUTE,
	30	STARTUP_START
997358a6 MW	31	} startup_t;
	32
	33	typedef enum {
3d7a244b AS	34	STATE_IGNORE,
	35	STATE_TO_ADD,
	36	STATE_ADDED,
	37	STATE_REPLACED,
	38	STATE_INVALID
997358a6 MW	39	} starter_state_t;
997358a6 MW	40
9820c0e2	41	typedef enum {
3d7a244b AS	42	KEY_EXCHANGE_IKE,
	43	KEY_EXCHANGE_IKEV1,
	44	KEY_EXCHANGE_IKEV2
9820c0e2 MW	45	} keyexchange_t;
9820c0e2 MW	46
4841189b	47	typedef enum {
3d7a244b AS	48	STRICT_NO,
	49	STRICT_YES,
	50	STRICT_IFURI
4841189b AS	51	} strict_t;
4841189b AS	52
997358a6 MW	53	typedef struct starter_end starter_end_t;
	54
	55	struct starter_end {
3d7a244b AS	56	lset_t seen;
	57	char *auth;
	58	char *auth2;
	59	char *id;
	60	char *id2;
	61	char *rsakey;
	62	char *cert;
	63	char *cert2;
	64	char *ca;
	65	char *ca2;
	66	char *groups;
	67	char *iface;
	68	ip_address addr;
da2303ca	69	u_int ikeport;
3d7a244b AS	70	ip_address nexthop;
	71	char *subnet;
	72	bool has_client;
	73	bool has_client_wildcard;
	74	bool has_port_wildcard;
	75	bool has_natip;
	76	bool has_virt;
	77	bool modecfg;
	78	certpolicy_t sendcert;
	79	bool firewall;
	80	bool hostaccess;
	81	bool allow_any;
	82	bool dns_failed;
	83	char *updown;
	84	u_int16_t port;
	85	u_int8_t protocol;
270bb348 AS	86	char *sourceip;
270bb348 AS	87	int sourceip_mask;
997358a6 MW	88	};
	89
	90	typedef struct also also_t;
	91
	92	struct also {
3d7a244b AS	93	char *name;
	94	bool included;
	95	also_t *next;
997358a6 MW	96	};
	97
	98	typedef struct starter_conn starter_conn_t;
	99
	100	struct starter_conn {
3d7a244b AS	101	lset_t seen;
	102	char *name;
	103	also_t *also;
	104	kw_list_t *kw;
	105	u_int visit;
	106	startup_t startup;
	107	starter_state_t state;
	108
	109	keyexchange_t keyexchange;
	110	u_int32_t eap_type;
	111	u_int32_t eap_vendor;
	112	char *eap_identity;
8143f109	113	char *xauth_identity;
3d7a244b AS	114	lset_t policy;
	115	time_t sa_ike_life_seconds;
	116	time_t sa_ipsec_life_seconds;
	117	time_t sa_rekey_margin;
ca41aa06 TB	118	u_int64_t sa_ipsec_life_bytes;
	119	u_int64_t sa_ipsec_margin_bytes;
	120	u_int64_t sa_ipsec_life_packets;
	121	u_int64_t sa_ipsec_margin_packets;
3d7a244b AS	122	unsigned long sa_keying_tries;
3d7a244b AS	123	unsigned long sa_rekey_fuzz;
2b26a9c3	124	u_int32_t reqid;
ee26c537 AS	125	u_int32_t mark_value;
ee26c537 AS	126	u_int32_t mark_mask;
3d7a244b AS	127	sa_family_t addr_family;
	128	sa_family_t tunnel_addr_family;
	129	bool install_policy;
	130	starter_end_t left, right;
	131
	132	unsigned long id;
	133
	134	char *esp;
	135	char *ike;
	136	char *pfsgroup;
7daf5226	137
3d7a244b AS	138	time_t dpd_delay;
	139	time_t dpd_timeout;
	140	dpd_action_t dpd_action;
	141	int dpd_count;
7daf5226	142
8015c91c MW	143	time_t inactivity;
8015c91c MW	144
3d7a244b AS	145	bool me_mediation;
	146	char *me_mediated_by;
	147	char *me_peerid;
	148
	149	starter_conn_t *next;
997358a6 MW	150	};
	151
	152	typedef struct starter_ca starter_ca_t;
	153
	154	struct starter_ca {
3d7a244b AS	155	lset_t seen;
	156	char *name;
	157	also_t *also;
	158	kw_list_t *kw;
	159	u_int visit;
	160	startup_t startup;
	161	starter_state_t state;
	162
	163	char *cacert;
	164	char *ldaphost;
	165	char *ldapbase;
	166	char *crluri;
	167	char *crluri2;
	168	char *ocspuri;
	169	char *ocspuri2;
	170	char *certuribase;
	171
	172	bool strict;
	173
	174	starter_ca_t *next;
997358a6 MW	175	};
	176
	177	typedef struct starter_config starter_config_t;
	178
	179	struct starter_config {
3d7a244b AS	180	struct {
	181	lset_t seen;
	182	char **interfaces;
	183	char *dumpdir;
	184	bool charonstart;
	185	bool plutostart;
	186
	187	/* pluto/charon keywords */
	188	char **plutodebug;
	189	char *charondebug;
	190	char *prepluto;
	191	char *postpluto;
	192	char *plutostderrlog;
	193	bool uniqueids;
	194	u_int overridemtu;
	195	u_int crlcheckinterval;
	196	bool cachecrls;
	197	strict_t strictcrlpolicy;
	198	bool nocrsend;
	199	bool nat_traversal;
	200	u_int keep_alive;
	201	u_int force_keepalive;
	202	char *virtual_private;
	203	char *pkcs11module;
	204	char *pkcs11initargs;
	205	bool pkcs11keepstate;
	206	bool pkcs11proxy;
	207
	208	/* KLIPS keywords */
	209	char **klipsdebug;
	210	bool fragicmp;
	211	char *packetdefault;
	212	bool hidetos;
	213	} setup;
	214
	215	/* information about the default route */
	216	defaultroute_t defaultroute;
	217
	218	/* number of encountered parsing errors */
	219	u_int err;
	220	u_int non_fatal_err;
	221
	222	/* do we parse also statements */
	223	bool parse_also;
	224
	225	/* ca %default */
	226	starter_ca_t ca_default;
	227
	228	/* connections list (without %default) */
	229	starter_ca_t ca_first, ca_last;
	230
	231	/* conn %default */
	232	starter_conn_t conn_default;
	233
	234	/* connections list (without %default) */
	235	starter_conn_t conn_first, conn_last;
997358a6 MW	236	};
	237
	238	extern starter_config_t confread_load(const char file);
	239	extern void confread_free(starter_config_t *cfg);
	240
	241	#endif /* _IPSEC_CONFREAD_H_ */
	242