summaryrefslogtreecommitdiff
path: root/src/starter/confread.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter/confread.h')
-rw-r--r--src/starter/confread.h210
1 files changed, 210 insertions, 0 deletions
diff --git a/src/starter/confread.h b/src/starter/confread.h
new file mode 100644
index 000000000..e0de68376
--- /dev/null
+++ b/src/starter/confread.h
@@ -0,0 +1,210 @@
+/* strongSwan IPsec config file parser
+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
+ */
+
+#ifndef _IPSEC_CONFREAD_H_
+#define _IPSEC_CONFREAD_H_
+
+#ifndef _FREESWAN_H
+#include <freeswan.h>
+#include "../pluto/constants.h"
+#endif
+
+#include "parser.h"
+#include "interfaces.h"
+
+typedef enum {
+ STARTUP_NO,
+ STARTUP_ADD,
+ STARTUP_ROUTE,
+ STARTUP_START
+} startup_t;
+
+typedef enum {
+ STATE_IGNORE,
+ STATE_TO_ADD,
+ STATE_ADDED,
+ STATE_REPLACED,
+ STATE_INVALID
+} starter_state_t;
+
+typedef enum {
+ KEY_EXCHANGE_IKE,
+ KEY_EXCHANGE_IKEV1,
+ KEY_EXCHANGE_IKEV2
+} keyexchange_t;
+
+typedef struct starter_end starter_end_t;
+
+struct starter_end {
+ lset_t seen;
+ char *id;
+ char *rsakey;
+ char *cert;
+ char *ca;
+ char *groups;
+ char *iface;
+ ip_address addr;
+ ip_address nexthop;
+ ip_address srcip;
+ ip_subnet subnet;
+ bool has_client;
+ bool has_client_wildcard;
+ bool has_port_wildcard;
+ bool has_srcip;
+ bool has_natip;
+ bool modecfg;
+ certpolicy_t sendcert;
+ bool firewall;
+ bool hostaccess;
+ char *updown;
+ u_int16_t port;
+ u_int8_t protocol;
+ char *virt;
+};
+
+typedef struct also also_t;
+
+struct also {
+ char *name;
+ bool included;
+ also_t *next;
+};
+
+typedef struct starter_conn starter_conn_t;
+
+struct starter_conn {
+ lset_t seen;
+ char *name;
+ also_t *also;
+ kw_list_t *kw;
+ u_int visit;
+ startup_t startup;
+ starter_state_t state;
+
+ keyexchange_t keyexchange;
+ int eap;
+ lset_t policy;
+ time_t sa_ike_life_seconds;
+ time_t sa_ipsec_life_seconds;
+ time_t sa_rekey_margin;
+ unsigned long sa_keying_tries;
+ unsigned long sa_rekey_fuzz;
+ sa_family_t addr_family;
+ sa_family_t tunnel_addr_family;
+
+ starter_end_t left, right;
+
+ unsigned long id;
+
+ char *esp;
+ char *ike;
+ char *pfsgroup;
+
+ time_t dpd_delay;
+ time_t dpd_timeout;
+ dpd_action_t dpd_action;
+ int dpd_count;
+
+ starter_conn_t *next;
+};
+
+typedef struct starter_ca starter_ca_t;
+
+struct starter_ca {
+ lset_t seen;
+ char *name;
+ also_t *also;
+ kw_list_t *kw;
+ u_int visit;
+ startup_t startup;
+ starter_state_t state;
+
+ char *cacert;
+ char *ldaphost;
+ char *ldapbase;
+ char *crluri;
+ char *crluri2;
+ char *ocspuri;
+ char *ocspuri2;
+
+ bool strict;
+
+ starter_ca_t *next;
+};
+
+typedef struct starter_config starter_config_t;
+
+struct starter_config {
+ struct {
+ lset_t seen;
+ char **interfaces;
+ char *dumpdir;
+ bool charonstart;
+ bool plutostart;
+
+ /* pluto/charon keywords */
+ char **plutodebug;
+ char *charondebug;
+ char *prepluto;
+ char *postpluto;
+ bool uniqueids;
+ u_int overridemtu;
+ u_int crlcheckinterval;
+ bool cachecrls;
+ bool strictcrlpolicy;
+ bool nocrsend;
+ bool nat_traversal;
+ u_int keep_alive;
+ char *virtual_private;
+ char *eapdir;
+ char *pkcs11module;
+ bool pkcs11keepstate;
+ bool pkcs11proxy;
+
+ /* KLIPS keywords */
+ char **klipsdebug;
+ bool fragicmp;
+ char *packetdefault;
+ bool hidetos;
+ } setup;
+
+ /* information about the default route */
+ defaultroute_t defaultroute;
+
+ /* number of encountered parsing errors */
+ u_int err;
+
+ /* do we parse also statements */
+ bool parse_also;
+
+ /* ca %default */
+ starter_ca_t ca_default;
+
+ /* connections list (without %default) */
+ starter_ca_t *ca_first, *ca_last;
+
+ /* conn %default */
+ starter_conn_t conn_default;
+
+ /* connections list (without %default) */
+ starter_conn_t *conn_first, *conn_last;
+};
+
+extern starter_config_t *confread_load(const char *file);
+extern void confread_free(starter_config_t *cfg);
+
+#endif /* _IPSEC_CONFREAD_H_ */
+