1 /* strongSwan IPsec config file parser
2 * Copyright (C) 2001-2002 Mathieu Lafon
3 * Arkoon Network Security
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 #ifndef _IPSEC_CONFREAD_H_
17 #define _IPSEC_CONFREAD_H_
19 #include <kernel/kernel_ipsec.h>
21 #include "ipsec-parser.h"
23 /** to mark seen keywords */
24 typedef u_int64_t seen_t
;
26 #define SEEN_KW(kw, base) ((seen_t)1 << ((kw) - (base)))
44 /* shared with ike_version_t */
46 KEY_EXCHANGE_IKEV1
= 1,
47 KEY_EXCHANGE_IKEV2
= 2,
60 CERT_YES_SEND
, /* synonym for CERT_ALWAYS_SEND */
61 CERT_NO_SEND
, /* synonym for CERT_NEVER_SEND */
73 /* same as in ike_cfg.h */
81 SA_OPTION_AUTHENTICATE
= 1 << 0, /* use AH instead of ESP? */
82 SA_OPTION_COMPRESS
= 1 << 1, /* use IPComp */
84 /* IKE and other other options */
85 SA_OPTION_DONT_REKEY
= 1 << 2, /* don't rekey state either Phase */
86 SA_OPTION_DONT_REAUTH
= 1 << 3, /* don't reauthenticate on rekeying, IKEv2 only */
87 SA_OPTION_MODECFG_PUSH
= 1 << 4, /* is modecfg pushed by server? */
88 SA_OPTION_XAUTH_SERVER
= 1 << 5, /* are we an XAUTH server? */
89 SA_OPTION_MOBIKE
= 1 << 6, /* enable MOBIKE for IKEv2 */
90 SA_OPTION_FORCE_ENCAP
= 1 << 7, /* force UDP encapsulation */
93 typedef struct starter_end starter_end_t
;
113 certpolicy_t sendcert
;
124 typedef struct also also_t
;
132 typedef struct starter_conn starter_conn_t
;
134 struct starter_conn
{
141 starter_state_t state
;
143 keyexchange_t keyexchange
;
146 char *xauth_identity
;
150 fragmentation_t fragmentation
;
152 time_t sa_ike_life_seconds
;
153 time_t sa_ipsec_life_seconds
;
154 time_t sa_rekey_margin
;
155 u_int64_t sa_ipsec_life_bytes
;
156 u_int64_t sa_ipsec_margin_bytes
;
157 u_int64_t sa_ipsec_life_packets
;
158 u_int64_t sa_ipsec_margin_packets
;
159 unsigned long sa_keying_tries
;
160 unsigned long sa_rekey_fuzz
;
167 starter_end_t left
, right
;
176 dpd_action_t dpd_action
;
179 dpd_action_t close_action
;
184 char *me_mediated_by
;
187 starter_conn_t
*next
;
190 typedef struct starter_ca starter_ca_t
;
199 starter_state_t state
;
213 typedef struct starter_config starter_config_t
;
215 struct starter_config
{
222 strict_t strictcrlpolicy
;
225 /* number of encountered parsing errors */
229 /* do we parse also statements */
233 starter_ca_t ca_default
;
235 /* connections list (without %default) */
236 starter_ca_t
*ca_first
, *ca_last
;
239 starter_conn_t conn_default
;
241 /* connections list (without %default) */
242 starter_conn_t
*conn_first
, *conn_last
;
245 extern starter_config_t
*confread_load(const char *file
);
246 extern void confread_free(starter_config_t
*cfg
);
248 #endif /* _IPSEC_CONFREAD_H_ */