[people/ms/strongswan.git] / src / starter / confread.h

/* strongSwan IPsec config file parser
 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
 */

#ifndef _IPSEC_CONFREAD_H_
#define _IPSEC_CONFREAD_H_

#ifndef _FREESWAN_H
#include <freeswan.h>
#include "../pluto/constants.h"
#endif

#include "parser.h"
#include "interfaces.h"

typedef enum {
	STARTUP_NO,
	STARTUP_ADD,
	STARTUP_ROUTE,
	STARTUP_START
} startup_t;

typedef enum {
	STATE_IGNORE,
	STATE_TO_ADD,
	STATE_ADDED,
	STATE_REPLACED,
	STATE_INVALID
} starter_state_t;

typedef enum {
	KEY_EXCHANGE_IKE,
	KEY_EXCHANGE_IKEV1,
	KEY_EXCHANGE_IKEV2
} keyexchange_t;

typedef struct starter_end starter_end_t;

struct starter_end {
	lset_t		seen;
	char		*id;
	char		*rsakey;
	char		*cert;
	char		*ca;
	char		*groups;
	char            *iface;
	ip_address	addr;
	ip_address	nexthop;
	ip_address	srcip;
	ip_subnet       subnet;
	bool		has_client;
	bool		has_client_wildcard;
        bool		has_port_wildcard;
	bool		has_srcip;
	bool		modecfg;
	certpolicy_t	sendcert;
	bool		firewall;
	bool		hostaccess;
	char 		*updown;
	u_int16_t	port;
	u_int8_t	protocol;
	char		*virt;
};

typedef struct also also_t;

struct also {
	char		*name;
	bool		included;
	also_t		*next;
};

typedef struct starter_conn starter_conn_t;

struct starter_conn {
	lset_t		seen;
	char		*name;
	also_t		*also;
	kw_list_t	*kw;
	u_int		visit;
	startup_t	startup;
	starter_state_t	state;

	keyexchange_t	keyexchange;
	lset_t 		policy;
	time_t 		sa_ike_life_seconds;
	time_t		sa_ipsec_life_seconds;
	time_t		sa_rekey_margin;
	unsigned long	sa_keying_tries;
	unsigned long	sa_rekey_fuzz;
	sa_family_t	addr_family;
	sa_family_t	tunnel_addr_family;
	
	starter_end_t	left, right;

	unsigned long	id;

	char		*esp;
	char 		*ike;
	char 		*pfsgroup;
	
	time_t		dpd_delay;
	time_t		dpd_timeout;
	dpd_action_t	dpd_action;
	int		dpd_count;

	starter_conn_t *next;
};

typedef struct starter_ca starter_ca_t;

struct starter_ca {
	lset_t		seen;
	char 		*name;
	also_t		*also;
	kw_list_t	*kw;
	u_int		visit;
	startup_t	startup;
	starter_state_t	state;

	char		*cacert;
	char		*ldaphost;
	char		*ldapbase;
	char		*crluri;
	char		*crluri2;
	char		*ocspuri;

	bool		strict;

	starter_ca_t	*next;
};

typedef struct starter_config starter_config_t;

struct starter_config {
	struct {
		lset_t	seen;
		char	**interfaces;
		char	*dumpdir;
		bool	charonstart;
		bool	plutostart;

		/* pluto keywords */
		char	**plutodebug;
		char	*prepluto;
		char	*postpluto;
		bool	uniqueids;
		u_int	overridemtu;
		u_int	crlcheckinterval;
		bool	cachecrls;
		bool	strictcrlpolicy;
		bool	nocrsend;
		bool	nat_traversal;
		u_int	keep_alive;
		char	*virtual_private;
		char	*pkcs11module;
		bool	pkcs11keepstate;
		bool	pkcs11proxy;

		/* KLIPS keywords */
		char	**klipsdebug;
		bool	fragicmp;
		char	*packetdefault;
		bool	hidetos;
	} setup;

	/* information about the default route */
	defaultroute_t defaultroute;

	/* number of encountered parsing errors */
	u_int err;	

	/* do we parse also statements */
	bool parse_also;

	/* ca %default */
	starter_ca_t ca_default;

	/* connections list (without %default) */
	starter_ca_t *ca_first, *ca_last;

	/* conn %default */
	starter_conn_t conn_default;

	/* connections list (without %default) */
	starter_conn_t *conn_first, *conn_last;
};

extern starter_config_t *confread_load(const char *file);
extern void confread_free(starter_config_t *cfg);

#endif /* _IPSEC_CONFREAD_H_ */
Commit	Line	Data
997358a6 MW	1	/* strongSwan IPsec config file parser
	2	* Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
	3	*
	4	* This program is free software; you can redistribute it and/or modify it
	5	* under the terms of the GNU General Public License as published by the
	6	* Free Software Foundation; either version 2 of the License, or (at your
	7	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	8	*
	9	* This program is distributed in the hope that it will be useful, but
	10	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	11	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	12	* for more details.
	13	*
	14	* RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
	15	*/
	16
	17	#ifndef _IPSEC_CONFREAD_H_
	18	#define _IPSEC_CONFREAD_H_
	19
	20	#ifndef _FREESWAN_H
	21	#include <freeswan.h>
	22	#include "../pluto/constants.h"
	23	#endif
	24
	25	#include "parser.h"
	26	#include "interfaces.h"
	27
	28	typedef enum {
	29	STARTUP_NO,
	30	STARTUP_ADD,
	31	STARTUP_ROUTE,
	32	STARTUP_START
	33	} startup_t;
	34
	35	typedef enum {
	36	STATE_IGNORE,
	37	STATE_TO_ADD,
	38	STATE_ADDED,
	39	STATE_REPLACED,
	40	STATE_INVALID
	41	} starter_state_t;
	42
9820c0e2 MW	43	typedef enum {
	44	KEY_EXCHANGE_IKE,
	45	KEY_EXCHANGE_IKEV1,
	46	KEY_EXCHANGE_IKEV2
	47	} keyexchange_t;
	48
997358a6 MW	49	typedef struct starter_end starter_end_t;
	50
	51	struct starter_end {
	52	lset_t seen;
	53	char *id;
	54	char *rsakey;
	55	char *cert;
	56	char *ca;
	57	char *groups;
	58	char *iface;
	59	ip_address addr;
	60	ip_address nexthop;
	61	ip_address srcip;
	62	ip_subnet subnet;
	63	bool has_client;
	64	bool has_client_wildcard;
	65	bool has_port_wildcard;
	66	bool has_srcip;
	67	bool modecfg;
	68	certpolicy_t sendcert;
	69	bool firewall;
	70	bool hostaccess;
	71	char *updown;
	72	u_int16_t port;
	73	u_int8_t protocol;
997358a6	74	char *virt;
997358a6 MW	75	};
	76
	77	typedef struct also also_t;
	78
	79	struct also {
	80	char *name;
	81	bool included;
	82	also_t *next;
	83	};
	84
	85	typedef struct starter_conn starter_conn_t;
	86
	87	struct starter_conn {
	88	lset_t seen;
	89	char *name;
	90	also_t *also;
	91	kw_list_t *kw;
	92	u_int visit;
	93	startup_t startup;
	94	starter_state_t state;
	95
9820c0e2	96	keyexchange_t keyexchange;
997358a6 MW	97	lset_t policy;
	98	time_t sa_ike_life_seconds;
	99	time_t sa_ipsec_life_seconds;
	100	time_t sa_rekey_margin;
	101	unsigned long sa_keying_tries;
	102	unsigned long sa_rekey_fuzz;
	103	sa_family_t addr_family;
	104	sa_family_t tunnel_addr_family;
	105
	106	starter_end_t left, right;
	107
	108	unsigned long id;
	109
	110	char *esp;
	111	char *ike;
	112	char *pfsgroup;
	113
	114	time_t dpd_delay;
	115	time_t dpd_timeout;
	116	dpd_action_t dpd_action;
	117	int dpd_count;
	118
	119	starter_conn_t *next;
	120	};
	121
	122	typedef struct starter_ca starter_ca_t;
	123
	124	struct starter_ca {
	125	lset_t seen;
	126	char *name;
	127	also_t *also;
	128	kw_list_t *kw;
	129	u_int visit;
	130	startup_t startup;
	131	starter_state_t state;
	132
	133	char *cacert;
	134	char *ldaphost;
	135	char *ldapbase;
	136	char *crluri;
	137	char *crluri2;
	138	char *ocspuri;
	139
	140	bool strict;
	141
	142	starter_ca_t *next;
	143	};
	144
	145	typedef struct starter_config starter_config_t;
	146
	147	struct starter_config {
	148	struct {
	149	lset_t seen;
	150	char **interfaces;
	151	char *dumpdir;
65cf07ac MW	152	bool charonstart;
65cf07ac MW	153	bool plutostart;
997358a6 MW	154
	155	/* pluto keywords */
	156	char **plutodebug;
	157	char *prepluto;
	158	char *postpluto;
	159	bool uniqueids;
	160	u_int overridemtu;
	161	u_int crlcheckinterval;
	162	bool cachecrls;
	163	bool strictcrlpolicy;
	164	bool nocrsend;
	165	bool nat_traversal;
	166	u_int keep_alive;
	167	char *virtual_private;
	168	char *pkcs11module;
	169	bool pkcs11keepstate;
	170	bool pkcs11proxy;
	171
	172	/* KLIPS keywords */
	173	char **klipsdebug;
	174	bool fragicmp;
	175	char *packetdefault;
	176	bool hidetos;
	177	} setup;
	178
	179	/* information about the default route */
	180	defaultroute_t defaultroute;
	181
	182	/* number of encountered parsing errors */
	183	u_int err;
	184
	185	/* do we parse also statements */
	186	bool parse_also;
	187
	188	/* ca %default */
	189	starter_ca_t ca_default;
	190
	191	/* connections list (without %default) */
	192	starter_ca_t ca_first, ca_last;
	193
	194	/* conn %default */
	195	starter_conn_t conn_default;
	196
	197	/* connections list (without %default) */
	198	starter_conn_t conn_first, conn_last;
	199	};
	200
	201	extern starter_config_t confread_load(const char file);
	202	extern void confread_free(starter_config_t *cfg);
	203
	204	#endif /* _IPSEC_CONFREAD_H_ */
	205