1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2014 Jason King.
14 * Copyright (c) 2017, Joyent, Inc.
15 */
16 #ifndef _CONFIG_H
17 #define _CONFIG_H
18
19 #include <sys/types.h>
20 #include <sys/time.h>
21 #include <netinet/in.h>
22 #include <stdio.h>
23 #include <bunyan.h>
24 #include <pthread.h>
25 #include <atomic.h>
26 #include "ikev2.h"
27
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31
32 typedef enum config_auth_id_e {
33 CFG_AUTH_ID_DN,
34 CFG_AUTH_ID_DNS,
35 CFG_AUTH_ID_GN,
36 CFG_AUTH_ID_IPV4,
37 CFG_AUTH_ID_IPV4_PREFIX,
38 CFG_AUTH_ID_IPV4_RANGE,
39 CFG_AUTH_ID_IPV6,
40 CFG_AUTH_ID_IPV6_PREFIX,
41 CFG_AUTH_ID_IPV6_RANGE,
42 CFG_AUTH_ID_EMAIL
43 } config_auth_id_t;
44
45 typedef enum config_addr_e {
46 CFG_ADDR_IPV4,
47 CFG_ADDR_IPV4_PREFIX,
48 CFG_ADDR_IPV4_RANGE,
49 CFG_ADDR_IPV6,
50 CFG_ADDR_IPV6_PREFIX,
51 CFG_ADDR_IPV6_RANGE
52 } config_addr_type_t;
53
54 typedef struct config_addr_s {
55 config_addr_type_t cfa_type;
56 union {
57 in_addr_t cfa_ip4;
58 in6_addr_t cfa_ip6;
59 } cfa_startu;
60 union {
61 in_addr_t cfa_ip4;
62 in6_addr_t cfa_ip6;
63 uint8_t cfa_num;
64 } cfa_endu;
65 } config_addr_t;
66
67 typedef struct config_id_s {
68 config_auth_id_t id_type;
69 union {
70 char *id_str;
71 struct {
72 uint8_t *id_buf;
73 size_t id_len;
74 } id_buf;
75 in_addr_t id_ipv4;
76 in6_addr_t id_ipv6;
77 } val;
78 } config_id_t;
79
80 typedef struct config_xf_s {
81 ikev2_xf_encr_t xf_encr;
82 size_t xf_minbits;
83 size_t xf_maxbits;
84 ikev2_xf_auth_t xf_auth;
85 ikev2_dh_t xf_dh;
86 ikev2_auth_type_t xf_authtype;
87 size_t xf_lifetime_secs;
88 size_t xf_nonce_len;
89 } config_xf_t;
90
91 struct config_s;
92 typedef struct config_rule_s {
93 struct config_s *rule_config;
94 char *rule_label;
95 config_auth_id_t rule_local_id_type;
96 config_addr_t *rule_local_addr;
97 size_t rule_nlocal_addr;
98 config_addr_t *rule_remote_addr;
99 size_t rule_nremote_addr;
100 config_id_t *rule_id;
101 config_xf_t **rule_xf;
102 size_t rule_nxf;
103 ikev2_dh_t rule_p2_dh;
104 char *rule_local_id;
105 char *rule_remote_id;
106 } config_rule_t;
107
108 struct config_s {
109 volatile uint32_t cfg_refcnt;
110 config_rule_t cfg_default;
111 config_rule_t **cfg_rules;
112 size_t cfg_rules_alloc;
113 config_xf_t **cfg_xforms;
114 size_t cfg_xforms_alloc;
115 char *cfg_proxy;
116 char *cfg_socks;
117 char **cfg_cert_root;
118 size_t cfg_cert_root_alloc;
119 char **cfg_cert_trust;
120 size_t cfg_cert_trust_alloc;
121 hrtime_t cfg_expire_timer; /* ns */
122 hrtime_t cfg_lifetime_secs; /* ns */
123 hrtime_t cfg_retry_max; /* ns */
124 hrtime_t cfg_retry_init; /* ns */
125 size_t cfg_retry_limit;
126 boolean_t cfg_ignore_crls;
127 boolean_t cfg_use_http;
128 ikev2_dh_t cfg_p2_pfs;
129 size_t cfg_p1_lifetime_secs;
130 size_t cfg_p1_nonce_len;
131 size_t cfg_p2_lifetime_secs;
132 size_t cfg_p2_softlife_secs;
133 size_t cfg_p2_idletime_secs;
134 size_t cfg_p2_lifetime_kb;
135 size_t cfg_p2_softlife_kb;
136 size_t cfg_p2_nonce_len;
137 };
138 typedef struct config_s config_t;
139 #define CONFIG_REFHOLD(cp) (void)atomic_inc_32(&(cp)->cfg_refcnt)
140 #define CONFIG_REFRELE(cp) \
141 (void) ((atomic_dec_32_nv(&(cp)->cfg_refcnt) != 0) || \
142 (cfg_free(cp), 0))
143 #define RULE_IS_DEFAULT(r) (!!(&(r)->rule_config->cfg_default == (r)))
144
145 extern pthread_rwlock_t cfg_lock;
146 extern config_t *config;
147
148 void process_config(FILE *, boolean_t, bunyan_logger_t *);
149 config_t *config_get(void);
150 config_rule_t *config_get_rule(sockaddr_u_t *restrict, sockaddr_u_t *restrict);
151 void cfg_rule_free(config_rule_t *);
152 void cfg_free(config_t *);
153
154 #ifdef __cplusplus
155 }
156 #endif
157
158 #endif /* _CONFIG_H */