]>
Commit | Line | Data |
---|---|---|
997358a6 MW |
1 | /* strongSwan IPsec config file parser |
2 | * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or modify it | |
5 | * under the terms of the GNU General Public License as published by the | |
6 | * Free Software Foundation; either version 2 of the License, or (at your | |
7 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
8 | * | |
9 | * This program is distributed in the hope that it will be useful, but | |
10 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
11 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
12 | * for more details. | |
13 | * | |
14 | * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $ | |
15 | */ | |
16 | ||
17 | #ifndef _IPSEC_CONFREAD_H_ | |
18 | #define _IPSEC_CONFREAD_H_ | |
19 | ||
20 | #ifndef _FREESWAN_H | |
21 | #include <freeswan.h> | |
22 | #include "../pluto/constants.h" | |
23 | #endif | |
24 | ||
25 | #include "parser.h" | |
26 | #include "interfaces.h" | |
27 | ||
28 | typedef enum { | |
29 | STARTUP_NO, | |
30 | STARTUP_ADD, | |
31 | STARTUP_ROUTE, | |
32 | STARTUP_START | |
33 | } startup_t; | |
34 | ||
35 | typedef enum { | |
36 | STATE_IGNORE, | |
37 | STATE_TO_ADD, | |
38 | STATE_ADDED, | |
39 | STATE_REPLACED, | |
40 | STATE_INVALID | |
41 | } starter_state_t; | |
42 | ||
9820c0e2 MW |
43 | typedef enum { |
44 | KEY_EXCHANGE_IKE, | |
45 | KEY_EXCHANGE_IKEV1, | |
46 | KEY_EXCHANGE_IKEV2 | |
47 | } keyexchange_t; | |
48 | ||
997358a6 MW |
49 | typedef struct starter_end starter_end_t; |
50 | ||
51 | struct starter_end { | |
52 | lset_t seen; | |
53 | char *id; | |
54 | char *rsakey; | |
55 | char *cert; | |
56 | char *ca; | |
57 | char *groups; | |
58 | char *iface; | |
59 | ip_address addr; | |
60 | ip_address nexthop; | |
61 | ip_address srcip; | |
62 | ip_subnet subnet; | |
63 | bool has_client; | |
64 | bool has_client_wildcard; | |
65 | bool has_port_wildcard; | |
66 | bool has_srcip; | |
67 | bool modecfg; | |
68 | certpolicy_t sendcert; | |
69 | bool firewall; | |
70 | bool hostaccess; | |
71 | char *updown; | |
72 | u_int16_t port; | |
73 | u_int8_t protocol; | |
997358a6 | 74 | char *virt; |
997358a6 MW |
75 | }; |
76 | ||
77 | typedef struct also also_t; | |
78 | ||
79 | struct also { | |
80 | char *name; | |
81 | bool included; | |
82 | also_t *next; | |
83 | }; | |
84 | ||
85 | typedef struct starter_conn starter_conn_t; | |
86 | ||
87 | struct starter_conn { | |
88 | lset_t seen; | |
89 | char *name; | |
90 | also_t *also; | |
91 | kw_list_t *kw; | |
92 | u_int visit; | |
93 | startup_t startup; | |
94 | starter_state_t state; | |
95 | ||
9820c0e2 | 96 | keyexchange_t keyexchange; |
997358a6 MW |
97 | lset_t policy; |
98 | time_t sa_ike_life_seconds; | |
99 | time_t sa_ipsec_life_seconds; | |
100 | time_t sa_rekey_margin; | |
101 | unsigned long sa_keying_tries; | |
102 | unsigned long sa_rekey_fuzz; | |
103 | sa_family_t addr_family; | |
104 | sa_family_t tunnel_addr_family; | |
105 | ||
106 | starter_end_t left, right; | |
107 | ||
108 | unsigned long id; | |
109 | ||
110 | char *esp; | |
111 | char *ike; | |
112 | char *pfsgroup; | |
113 | ||
114 | time_t dpd_delay; | |
115 | time_t dpd_timeout; | |
116 | dpd_action_t dpd_action; | |
117 | int dpd_count; | |
118 | ||
119 | starter_conn_t *next; | |
120 | }; | |
121 | ||
122 | typedef struct starter_ca starter_ca_t; | |
123 | ||
124 | struct starter_ca { | |
125 | lset_t seen; | |
126 | char *name; | |
127 | also_t *also; | |
128 | kw_list_t *kw; | |
129 | u_int visit; | |
130 | startup_t startup; | |
131 | starter_state_t state; | |
132 | ||
133 | char *cacert; | |
134 | char *ldaphost; | |
135 | char *ldapbase; | |
136 | char *crluri; | |
137 | char *crluri2; | |
138 | char *ocspuri; | |
139 | ||
140 | bool strict; | |
141 | ||
142 | starter_ca_t *next; | |
143 | }; | |
144 | ||
145 | typedef struct starter_config starter_config_t; | |
146 | ||
147 | struct starter_config { | |
148 | struct { | |
149 | lset_t seen; | |
150 | char **interfaces; | |
151 | char *dumpdir; | |
65cf07ac MW |
152 | bool charonstart; |
153 | bool plutostart; | |
997358a6 MW |
154 | |
155 | /* pluto keywords */ | |
156 | char **plutodebug; | |
157 | char *prepluto; | |
158 | char *postpluto; | |
159 | bool uniqueids; | |
160 | u_int overridemtu; | |
161 | u_int crlcheckinterval; | |
162 | bool cachecrls; | |
163 | bool strictcrlpolicy; | |
164 | bool nocrsend; | |
165 | bool nat_traversal; | |
166 | u_int keep_alive; | |
167 | char *virtual_private; | |
168 | char *pkcs11module; | |
169 | bool pkcs11keepstate; | |
170 | bool pkcs11proxy; | |
171 | ||
172 | /* KLIPS keywords */ | |
173 | char **klipsdebug; | |
174 | bool fragicmp; | |
175 | char *packetdefault; | |
176 | bool hidetos; | |
177 | } setup; | |
178 | ||
179 | /* information about the default route */ | |
180 | defaultroute_t defaultroute; | |
181 | ||
182 | /* number of encountered parsing errors */ | |
183 | u_int err; | |
184 | ||
185 | /* do we parse also statements */ | |
186 | bool parse_also; | |
187 | ||
188 | /* ca %default */ | |
189 | starter_ca_t ca_default; | |
190 | ||
191 | /* connections list (without %default) */ | |
192 | starter_ca_t *ca_first, *ca_last; | |
193 | ||
194 | /* conn %default */ | |
195 | starter_conn_t conn_default; | |
196 | ||
197 | /* connections list (without %default) */ | |
198 | starter_conn_t *conn_first, *conn_last; | |
199 | }; | |
200 | ||
201 | extern starter_config_t *confread_load(const char *file); | |
202 | extern void confread_free(starter_config_t *cfg); | |
203 | ||
204 | #endif /* _IPSEC_CONFREAD_H_ */ | |
205 |