ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/src/starter/confread.h

206 lines
3.9 KiB
C
Raw Blame History

/* strongSwan IPsec config file parser
* Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: confread.h,v 1.23 2006/04/17 10:32:36 as Exp $
*/
#ifndef _IPSEC_CONFREAD_H_
#define _IPSEC_CONFREAD_H_
#ifndef _FREESWAN_H
#include <freeswan.h>
#include "../pluto/constants.h"
#endif
#include "parser.h"
#include "interfaces.h"
typedef enum {
STARTUP_NO,
STARTUP_ADD,
STARTUP_ROUTE,
STARTUP_START
} startup_t;
typedef enum {
STATE_IGNORE,
STATE_TO_ADD,
STATE_ADDED,
STATE_REPLACED,
STATE_INVALID
} starter_state_t;
typedef enum {
KEY_EXCHANGE_IKE,
KEY_EXCHANGE_IKEV1,
KEY_EXCHANGE_IKEV2
} keyexchange_t;
typedef struct starter_end starter_end_t;
struct starter_end {
lset_t seen;
char *id;
char *rsakey;
char *cert;
char *ca;
char *groups;
char *iface;
ip_address addr;
ip_address nexthop;
ip_address srcip;
ip_subnet subnet;
bool has_client;
bool has_client_wildcard;
bool has_port_wildcard;
bool has_srcip;
bool modecfg;
certpolicy_t sendcert;
bool firewall;
bool hostaccess;
char *updown;
u_int16_t port;
u_int8_t protocol;
char *virt;
};
typedef struct also also_t;
struct also {
char *name;
bool included;
also_t *next;
};
typedef struct starter_conn starter_conn_t;
struct starter_conn {
lset_t seen;
char *name;
also_t *also;
kw_list_t *kw;
u_int visit;
startup_t startup;
starter_state_t state;
keyexchange_t keyexchange;
lset_t policy;
time_t sa_ike_life_seconds;
time_t sa_ipsec_life_seconds;
time_t sa_rekey_margin;
unsigned long sa_keying_tries;
unsigned long sa_rekey_fuzz;
sa_family_t addr_family;
sa_family_t tunnel_addr_family;
starter_end_t left, right;
unsigned long id;
char *esp;
char *ike;
char *pfsgroup;
time_t dpd_delay;
time_t dpd_timeout;
dpd_action_t dpd_action;
int dpd_count;
starter_conn_t *next;
};
typedef struct starter_ca starter_ca_t;
struct starter_ca {
lset_t seen;
char *name;
also_t *also;
kw_list_t *kw;
u_int visit;
startup_t startup;
starter_state_t state;
char *cacert;
char *ldaphost;
char *ldapbase;
char *crluri;
char *crluri2;
char *ocspuri;
bool strict;
starter_ca_t *next;
};
typedef struct starter_config starter_config_t;
struct starter_config {
struct {
lset_t seen;
char **interfaces;
char *dumpdir;
bool charonstart;
bool plutostart;
/* pluto keywords */
char **plutodebug;
char *prepluto;
char *postpluto;
bool uniqueids;
u_int overridemtu;
u_int crlcheckinterval;
bool cachecrls;
bool strictcrlpolicy;
bool nocrsend;
bool nat_traversal;
u_int keep_alive;
char *virtual_private;
char *pkcs11module;
bool pkcs11keepstate;
bool pkcs11proxy;
/* KLIPS keywords */
char **klipsdebug;
bool fragicmp;
char *packetdefault;
bool hidetos;
} setup;
/* information about the default route */
defaultroute_t defaultroute;
/* number of encountered parsing errors */
u_int err;
/* do we parse also statements */
bool parse_also;
/* ca %default */
starter_ca_t ca_default;
/* connections list (without %default) */
starter_ca_t *ca_first, *ca_last;
/* conn %default */
starter_conn_t conn_default;
/* connections list (without %default) */
starter_conn_t *conn_first, *conn_last;
};
extern starter_config_t *confread_load(const char *file);
extern void confread_free(starter_config_t *cfg);
#endif /* _IPSEC_CONFREAD_H_ */
View Git Blame Copy Permalink