summaryrefslogtreecommitdiff
path: root/src/starter/confread.h
blob: 2c6e4598422abc957fc222b36bd38d5a78dac82d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
/* strongSwan IPsec config file parser
 * Copyright (C) 2001-2002 Mathieu Lafon
 * Arkoon Network Security
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * RCSID $Id: confread.h 4276 2008-08-22 10:44:51Z martin $
 */

#ifndef _IPSEC_CONFREAD_H_
#define _IPSEC_CONFREAD_H_

#ifndef _FREESWAN_H
#include <freeswan.h>
#include "../pluto/constants.h"
#endif

#include "parser.h"
#include "interfaces.h"

typedef enum {
	STARTUP_NO,
	STARTUP_ADD,
	STARTUP_ROUTE,
	STARTUP_START
} startup_t;

typedef enum {
	STATE_IGNORE,
	STATE_TO_ADD,
	STATE_ADDED,
	STATE_REPLACED,
	STATE_INVALID
} starter_state_t;

typedef enum {
	KEY_EXCHANGE_IKE,
	KEY_EXCHANGE_IKEV1,
	KEY_EXCHANGE_IKEV2
} keyexchange_t;

typedef enum {
	STRICT_NO,
	STRICT_YES,
	STRICT_IFURI
} strict_t;

typedef struct starter_end starter_end_t;

struct starter_end {
	lset_t		seen;
	char		*id;
	char		*rsakey;
	char		*cert;
	char		*ca;
	char		*groups;
	char		*iface;
	ip_address	addr;
	ip_address	nexthop;
	char 		*subnet;
	bool		has_client;
	bool		has_client_wildcard;
	bool		has_port_wildcard;
	bool		has_natip;
	bool		has_virt;
	bool		modecfg;
	certpolicy_t	sendcert;
	bool		firewall;
	bool		hostaccess;
	bool		allow_any;
	bool		dns_failed;
	char 		*updown;
	u_int16_t	port;
	u_int8_t	protocol;
	char		*srcip;
};

typedef struct also also_t;

struct also {
	char		*name;
	bool		included;
	also_t		*next;
};

typedef struct starter_conn starter_conn_t;

struct starter_conn {
	lset_t		seen;
	char		*name;
	also_t		*also;
	kw_list_t	*kw;
	u_int		visit;
	startup_t	startup;
	starter_state_t	state;

	keyexchange_t	keyexchange;
	u_int32_t	eap_type;
	u_int32_t	eap_vendor;
	char		*eap_identity;
	lset_t 		policy;
	time_t 		sa_ike_life_seconds;
	time_t		sa_ipsec_life_seconds;
	time_t		sa_rekey_margin;
	unsigned long	sa_keying_tries;
	unsigned long	sa_rekey_fuzz;
	sa_family_t	addr_family;
	sa_family_t	tunnel_addr_family;
	
	starter_end_t	left, right;

	unsigned long	id;

	char		*esp;
	char 		*ike;
	char 		*pfsgroup;
	
	time_t		dpd_delay;
	time_t		dpd_timeout;
	dpd_action_t	dpd_action;
	int		dpd_count;
	
	bool		me_mediation;
	char		*me_mediated_by;
	char		*me_peerid;

	starter_conn_t *next;
};

typedef struct starter_ca starter_ca_t;

struct starter_ca {
	lset_t		seen;
	char 		*name;
	also_t		*also;
	kw_list_t	*kw;
	u_int		visit;
	startup_t	startup;
	starter_state_t	state;

	char		*cacert;
	char		*ldaphost;
	char		*ldapbase;
	char		*crluri;
	char		*crluri2;
	char		*ocspuri;
	char		*ocspuri2;
	char        *certuribase;

	bool		strict;

	starter_ca_t	*next;
};

typedef struct starter_config starter_config_t;

struct starter_config {
	struct {
		lset_t	seen;
		char	**interfaces;
		char	*dumpdir;
		bool	charonstart;
		bool	plutostart;

		/* pluto/charon keywords */
		char	 **plutodebug;
		char	 *charondebug;
		char	 *prepluto;
		char	 *postpluto;
		char	 *plutostderrlog;
		bool	 uniqueids;
		u_int	 overridemtu;
		u_int	 crlcheckinterval;
		bool	 cachecrls;
		strict_t strictcrlpolicy;
		bool	 nocrsend;
		bool	 nat_traversal;
		u_int	 keep_alive;
		u_int	 force_keepalive;
		char	 *virtual_private;
		char	 *pkcs11module;
		char	 *pkcs11initargs;
		bool	 pkcs11keepstate;
		bool	 pkcs11proxy;

		/* KLIPS keywords */
		char	**klipsdebug;
		bool	fragicmp;
		char	*packetdefault;
		bool	hidetos;
	} setup;

	/* information about the default route */
	defaultroute_t defaultroute;

	/* number of encountered parsing errors */
	u_int err;
	u_int non_fatal_err;

	/* do we parse also statements */
	bool parse_also;

	/* ca %default */
	starter_ca_t ca_default;

	/* connections list (without %default) */
	starter_ca_t *ca_first, *ca_last;

	/* conn %default */
	starter_conn_t conn_default;

	/* connections list (without %default) */
	starter_conn_t *conn_first, *conn_last;
};

extern starter_config_t *confread_load(const char *file);
extern void confread_free(starter_config_t *cfg);

#endif /* _IPSEC_CONFREAD_H_ */