Annotation of embedaddon/strongswan/src/starter/confread.h, revision 1.1
1.1 ! misho 1: /* strongSwan IPsec config file parser
! 2: * Copyright (C) 2001-2002 Mathieu Lafon
! 3: * Arkoon Network Security
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #ifndef _IPSEC_CONFREAD_H_
! 17: #define _IPSEC_CONFREAD_H_
! 18:
! 19: #include <kernel/kernel_ipsec.h>
! 20:
! 21: typedef enum {
! 22: STARTUP_NO,
! 23: STARTUP_ADD,
! 24: STARTUP_ROUTE,
! 25: STARTUP_START
! 26: } startup_t;
! 27:
! 28: typedef enum {
! 29: STATE_IGNORE,
! 30: STATE_TO_ADD,
! 31: STATE_ADDED,
! 32: STATE_REPLACED,
! 33: STATE_INVALID
! 34: } starter_state_t;
! 35:
! 36: typedef enum {
! 37: /* shared with ike_version_t */
! 38: KEY_EXCHANGE_IKE = 0,
! 39: KEY_EXCHANGE_IKEV1 = 1,
! 40: KEY_EXCHANGE_IKEV2 = 2,
! 41: } keyexchange_t;
! 42:
! 43: typedef enum {
! 44: STRICT_NO,
! 45: STRICT_YES,
! 46: STRICT_IFURI,
! 47: } strict_t;
! 48:
! 49: typedef enum {
! 50: CERT_ALWAYS_SEND,
! 51: CERT_SEND_IF_ASKED,
! 52: CERT_NEVER_SEND,
! 53: CERT_YES_SEND, /* synonym for CERT_ALWAYS_SEND */
! 54: CERT_NO_SEND, /* synonym for CERT_NEVER_SEND */
! 55: } certpolicy_t;
! 56:
! 57: typedef enum {
! 58: DPD_ACTION_NONE,
! 59: DPD_ACTION_CLEAR,
! 60: DPD_ACTION_HOLD,
! 61: DPD_ACTION_RESTART,
! 62: DPD_ACTION_UNKNOWN,
! 63: } dpd_action_t;
! 64:
! 65: typedef enum {
! 66: /* same as in ike_cfg.h */
! 67: FRAGMENTATION_NO,
! 68: FRAGMENTATION_ACCEPT,
! 69: FRAGMENTATION_YES,
! 70: FRAGMENTATION_FORCE,
! 71: } fragmentation_t;
! 72:
! 73: typedef enum {
! 74: /* IPsec options */
! 75: SA_OPTION_COMPRESS = 1 << 1, /* use IPComp */
! 76:
! 77: /* IKE and other other options */
! 78: SA_OPTION_DONT_REKEY = 1 << 2, /* don't rekey state either Phase */
! 79: SA_OPTION_DONT_REAUTH = 1 << 3, /* don't reauthenticate on rekeying, IKEv2 only */
! 80: SA_OPTION_MODECFG_PUSH = 1 << 4, /* is modecfg pushed by server? */
! 81: SA_OPTION_XAUTH_SERVER = 1 << 5, /* are we an XAUTH server? */
! 82: SA_OPTION_MOBIKE = 1 << 6, /* enable MOBIKE for IKEv2 */
! 83: SA_OPTION_FORCE_ENCAP = 1 << 7, /* force UDP encapsulation */
! 84: } sa_option_t;
! 85:
! 86: typedef struct starter_end starter_end_t;
! 87:
! 88: struct starter_end {
! 89: char *auth;
! 90: char *auth2;
! 91: char *id;
! 92: char *id2;
! 93: char *rsakey;
! 94: char *cert;
! 95: char *cert2;
! 96: char *ca;
! 97: char *ca2;
! 98: char *groups;
! 99: char *groups2;
! 100: char *cert_policy;
! 101: char *host;
! 102: u_int ikeport;
! 103: char *subnet;
! 104: bool modecfg;
! 105: certpolicy_t sendcert;
! 106: bool firewall;
! 107: bool hostaccess;
! 108: bool allow_any;
! 109: char *updown;
! 110: uint16_t from_port;
! 111: uint16_t to_port;
! 112: uint8_t protocol;
! 113: char *sourceip;
! 114: char *dns;
! 115: };
! 116:
! 117: typedef struct starter_conn starter_conn_t;
! 118:
! 119: struct starter_conn {
! 120: char *name;
! 121: startup_t startup;
! 122: starter_state_t state;
! 123:
! 124: keyexchange_t keyexchange;
! 125: char *eap_identity;
! 126: char *aaa_identity;
! 127: char *xauth_identity;
! 128: char *authby;
! 129: ipsec_mode_t mode;
! 130: bool proxy_mode;
! 131: fragmentation_t fragmentation;
! 132: u_int ikedscp;
! 133: sa_option_t options;
! 134: time_t sa_ike_life_seconds;
! 135: time_t sa_ipsec_life_seconds;
! 136: time_t sa_rekey_margin;
! 137: uint64_t sa_ipsec_life_bytes;
! 138: uint64_t sa_ipsec_margin_bytes;
! 139: uint64_t sa_ipsec_life_packets;
! 140: uint64_t sa_ipsec_margin_packets;
! 141: unsigned long sa_keying_tries;
! 142: unsigned long sa_rekey_fuzz;
! 143: uint32_t reqid;
! 144: mark_t mark_in;
! 145: mark_t mark_out;
! 146: uint32_t replay_window;
! 147: uint32_t tfc;
! 148: bool install_policy;
! 149: bool aggressive;
! 150: starter_end_t left, right;
! 151:
! 152: unsigned long id;
! 153:
! 154: char *esp;
! 155: char *ah;
! 156: char *ike;
! 157:
! 158: time_t dpd_delay;
! 159: time_t dpd_timeout;
! 160: dpd_action_t dpd_action;
! 161: int dpd_count;
! 162:
! 163: dpd_action_t close_action;
! 164:
! 165: bool sha256_96;
! 166:
! 167: time_t inactivity;
! 168:
! 169: bool me_mediation;
! 170: char *me_mediated_by;
! 171: char *me_peerid;
! 172:
! 173: starter_conn_t *next;
! 174: };
! 175:
! 176: typedef struct starter_ca starter_ca_t;
! 177:
! 178: struct starter_ca {
! 179: char *name;
! 180: startup_t startup;
! 181: starter_state_t state;
! 182:
! 183: char *cacert;
! 184: char *crluri;
! 185: char *crluri2;
! 186: char *ocspuri;
! 187: char *ocspuri2;
! 188: char *certuribase;
! 189:
! 190: bool strict;
! 191:
! 192: starter_ca_t *next;
! 193: };
! 194:
! 195: typedef struct starter_config starter_config_t;
! 196:
! 197: struct starter_config {
! 198: struct {
! 199: char *charondebug;
! 200: bool uniqueids;
! 201: bool cachecrls;
! 202: strict_t strictcrlpolicy;
! 203: } setup;
! 204:
! 205: /* number of encountered parsing errors */
! 206: u_int err;
! 207: u_int non_fatal_err;
! 208:
! 209: /* connections list */
! 210: starter_ca_t *ca_first, *ca_last;
! 211:
! 212: /* connections list */
! 213: starter_conn_t *conn_first, *conn_last;
! 214: };
! 215:
! 216: starter_config_t *confread_load(const char *file);
! 217: void confread_free(starter_config_t *cfg);
! 218:
! 219: #endif /* _IPSEC_CONFREAD_H_ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to confread.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / starter