]>
Commit | Line | Data |
---|---|---|
997358a6 | 1 | /* strongSwan IPsec config file parser |
d5cc1758 TB |
2 | * Copyright (C) 2001-2002 Mathieu Lafon |
3 | * Arkoon Network Security | |
997358a6 MW |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
997358a6 MW |
14 | */ |
15 | ||
16 | #ifndef _IPSEC_CONFREAD_H_ | |
17 | #define _IPSEC_CONFREAD_H_ | |
18 | ||
19 | #ifndef _FREESWAN_H | |
20 | #include <freeswan.h> | |
997358a6 MW |
21 | #endif |
22 | ||
23 | #include "parser.h" | |
24 | #include "interfaces.h" | |
25 | ||
26 | typedef enum { | |
3d7a244b AS |
27 | STARTUP_NO, |
28 | STARTUP_ADD, | |
29 | STARTUP_ROUTE, | |
30 | STARTUP_START | |
997358a6 MW |
31 | } startup_t; |
32 | ||
33 | typedef enum { | |
3d7a244b AS |
34 | STATE_IGNORE, |
35 | STATE_TO_ADD, | |
36 | STATE_ADDED, | |
37 | STATE_REPLACED, | |
38 | STATE_INVALID | |
997358a6 MW |
39 | } starter_state_t; |
40 | ||
9820c0e2 | 41 | typedef enum { |
3d7a244b AS |
42 | KEY_EXCHANGE_IKE, |
43 | KEY_EXCHANGE_IKEV1, | |
44 | KEY_EXCHANGE_IKEV2 | |
9820c0e2 MW |
45 | } keyexchange_t; |
46 | ||
4841189b | 47 | typedef enum { |
3d7a244b AS |
48 | STRICT_NO, |
49 | STRICT_YES, | |
50 | STRICT_IFURI | |
4841189b AS |
51 | } strict_t; |
52 | ||
997358a6 MW |
53 | typedef struct starter_end starter_end_t; |
54 | ||
55 | struct starter_end { | |
3d7a244b AS |
56 | lset_t seen; |
57 | char *auth; | |
58 | char *auth2; | |
59 | char *id; | |
60 | char *id2; | |
61 | char *rsakey; | |
62 | char *cert; | |
63 | char *cert2; | |
64 | char *ca; | |
65 | char *ca2; | |
66 | char *groups; | |
67 | char *iface; | |
68 | ip_address addr; | |
da2303ca | 69 | u_int ikeport; |
3d7a244b AS |
70 | ip_address nexthop; |
71 | char *subnet; | |
72 | bool has_client; | |
73 | bool has_client_wildcard; | |
74 | bool has_port_wildcard; | |
75 | bool has_natip; | |
76 | bool has_virt; | |
77 | bool modecfg; | |
78 | certpolicy_t sendcert; | |
79 | bool firewall; | |
80 | bool hostaccess; | |
81 | bool allow_any; | |
82 | bool dns_failed; | |
83 | char *updown; | |
84 | u_int16_t port; | |
85 | u_int8_t protocol; | |
270bb348 AS |
86 | char *sourceip; |
87 | int sourceip_mask; | |
997358a6 MW |
88 | }; |
89 | ||
90 | typedef struct also also_t; | |
91 | ||
92 | struct also { | |
3d7a244b AS |
93 | char *name; |
94 | bool included; | |
95 | also_t *next; | |
997358a6 MW |
96 | }; |
97 | ||
98 | typedef struct starter_conn starter_conn_t; | |
99 | ||
100 | struct starter_conn { | |
3d7a244b AS |
101 | lset_t seen; |
102 | char *name; | |
103 | also_t *also; | |
104 | kw_list_t *kw; | |
105 | u_int visit; | |
106 | startup_t startup; | |
107 | starter_state_t state; | |
108 | ||
109 | keyexchange_t keyexchange; | |
110 | u_int32_t eap_type; | |
111 | u_int32_t eap_vendor; | |
112 | char *eap_identity; | |
8143f109 | 113 | char *xauth_identity; |
3d7a244b AS |
114 | lset_t policy; |
115 | time_t sa_ike_life_seconds; | |
116 | time_t sa_ipsec_life_seconds; | |
117 | time_t sa_rekey_margin; | |
ca41aa06 TB |
118 | u_int64_t sa_ipsec_life_bytes; |
119 | u_int64_t sa_ipsec_margin_bytes; | |
120 | u_int64_t sa_ipsec_life_packets; | |
121 | u_int64_t sa_ipsec_margin_packets; | |
3d7a244b AS |
122 | unsigned long sa_keying_tries; |
123 | unsigned long sa_rekey_fuzz; | |
2b26a9c3 | 124 | u_int32_t reqid; |
ee26c537 AS |
125 | u_int32_t mark_value; |
126 | u_int32_t mark_mask; | |
3d7a244b AS |
127 | sa_family_t addr_family; |
128 | sa_family_t tunnel_addr_family; | |
129 | bool install_policy; | |
130 | starter_end_t left, right; | |
131 | ||
132 | unsigned long id; | |
133 | ||
134 | char *esp; | |
135 | char *ike; | |
136 | char *pfsgroup; | |
7daf5226 | 137 | |
3d7a244b AS |
138 | time_t dpd_delay; |
139 | time_t dpd_timeout; | |
140 | dpd_action_t dpd_action; | |
141 | int dpd_count; | |
7daf5226 | 142 | |
8015c91c MW |
143 | time_t inactivity; |
144 | ||
3d7a244b AS |
145 | bool me_mediation; |
146 | char *me_mediated_by; | |
147 | char *me_peerid; | |
148 | ||
149 | starter_conn_t *next; | |
997358a6 MW |
150 | }; |
151 | ||
152 | typedef struct starter_ca starter_ca_t; | |
153 | ||
154 | struct starter_ca { | |
3d7a244b AS |
155 | lset_t seen; |
156 | char *name; | |
157 | also_t *also; | |
158 | kw_list_t *kw; | |
159 | u_int visit; | |
160 | startup_t startup; | |
161 | starter_state_t state; | |
162 | ||
163 | char *cacert; | |
164 | char *ldaphost; | |
165 | char *ldapbase; | |
166 | char *crluri; | |
167 | char *crluri2; | |
168 | char *ocspuri; | |
169 | char *ocspuri2; | |
170 | char *certuribase; | |
171 | ||
172 | bool strict; | |
173 | ||
174 | starter_ca_t *next; | |
997358a6 MW |
175 | }; |
176 | ||
177 | typedef struct starter_config starter_config_t; | |
178 | ||
179 | struct starter_config { | |
3d7a244b AS |
180 | struct { |
181 | lset_t seen; | |
182 | char **interfaces; | |
183 | char *dumpdir; | |
184 | bool charonstart; | |
185 | bool plutostart; | |
186 | ||
187 | /* pluto/charon keywords */ | |
188 | char **plutodebug; | |
189 | char *charondebug; | |
190 | char *prepluto; | |
191 | char *postpluto; | |
192 | char *plutostderrlog; | |
193 | bool uniqueids; | |
194 | u_int overridemtu; | |
195 | u_int crlcheckinterval; | |
196 | bool cachecrls; | |
197 | strict_t strictcrlpolicy; | |
198 | bool nocrsend; | |
199 | bool nat_traversal; | |
200 | u_int keep_alive; | |
201 | u_int force_keepalive; | |
202 | char *virtual_private; | |
203 | char *pkcs11module; | |
204 | char *pkcs11initargs; | |
205 | bool pkcs11keepstate; | |
206 | bool pkcs11proxy; | |
207 | ||
208 | /* KLIPS keywords */ | |
209 | char **klipsdebug; | |
210 | bool fragicmp; | |
211 | char *packetdefault; | |
212 | bool hidetos; | |
213 | } setup; | |
214 | ||
215 | /* information about the default route */ | |
216 | defaultroute_t defaultroute; | |
217 | ||
218 | /* number of encountered parsing errors */ | |
219 | u_int err; | |
220 | u_int non_fatal_err; | |
221 | ||
222 | /* do we parse also statements */ | |
223 | bool parse_also; | |
224 | ||
225 | /* ca %default */ | |
226 | starter_ca_t ca_default; | |
227 | ||
228 | /* connections list (without %default) */ | |
229 | starter_ca_t *ca_first, *ca_last; | |
230 | ||
231 | /* conn %default */ | |
232 | starter_conn_t conn_default; | |
233 | ||
234 | /* connections list (without %default) */ | |
235 | starter_conn_t *conn_first, *conn_last; | |
997358a6 MW |
236 | }; |
237 | ||
238 | extern starter_config_t *confread_load(const char *file); | |
239 | extern void confread_free(starter_config_t *cfg); | |
240 | ||
241 | #endif /* _IPSEC_CONFREAD_H_ */ | |
242 |