applied new changes from NATT team
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005 Jan Hutter, Martin Willi
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef DAEMON_H_
25 #define DAEMON_H_
26
27 #include <threads/sender.h>
28 #include <threads/receiver.h>
29 #include <threads/scheduler.h>
30 #include <threads/kernel_interface.h>
31 #include <threads/thread_pool.h>
32 #include <threads/stroke_interface.h>
33 #include <network/socket.h>
34 #include <network/interfaces.h>
35 #include <sa/ike_sa_manager.h>
36 #include <queues/send_queue.h>
37 #include <queues/job_queue.h>
38 #include <queues/event_queue.h>
39 #include <utils/logger_manager.h>
40 #include <config/configuration.h>
41 #include <config/connections/connection_store.h>
42 #include <config/policies/policy_store.h>
43 #include <config/credentials/credential_store.h>
44
45 /**
46 * @defgroup charon charon
47 *
48 * @brief IKEv2 keying daemon.
49 *
50 * @section Architecture
51 *
52 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
53 * architecture than pluto. Charon uses a thread-pool, which allows parallel
54 * execution SA-management. Beside the thread-pool, there are some special purpose
55 * threads which do their job for the common health of the daemon.
56 @verbatim
57 +------+
58 | E Q |
59 | v u |---+ +------+ +------+
60 | e e | | | | | IKE- |
61 | n u | +-----------+ | |--| SA |
62 | t e | | | | I M | +------+
63 +------------+ | - | | Scheduler | | K a |
64 | receiver | +------+ | | | E n | +------+
65 +----+-------+ +-----------+ | - a | | IKE- |
66 | | +------+ | | S g |--| SA |
67 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
68 -| socket | | o u | | | | - r |
69 +-------+--+ | b e | | Thread- | | |
70 | | - u | | Pool | | |
71 +----+-------+ | e |------| |---| |
72 | sender | +------+ +------------+ +------+
73 +----+-------+
74 | +------+
75 | | S Q |
76 | | e u |
77 | | n e |
78 +------------| d u |
79 | - e |
80 +--+---+
81 @endverbatim
82 * The thread-pool is the heart of the architecture. It processes jobs from a
83 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
84 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
85 * This makes it unnecesary to use further synchronisation methods once a IKE SA
86 * is checked out. The (rather complex) synchronization of IKE SAs is completely
87 * done in the IKE SA manager.
88 * The sceduler is responsible for event firing. It waits until a event in the
89 * (fully synchronized) event-queue is ready for processing and pushes the event
90 * down to the job-queue. A thread form the pool will pick it up as quick as
91 * possible. Every thread can queue events or jobs. Furter, an event can place a
92 * packet in the send-queue. The sender thread waits for those packets and sends
93 * them over the wire, via the socket. The receiver does exactly the opposite of
94 * the sender. It waits on the socket, reads in packets an places them on the
95 * job-queue for further processing by a thread from the pool.
96 * There are even more threads, not drawn in the upper scheme. The stroke thread
97 * is responsible for reading and processessing commands from another process. The
98 * kernel interface thread handles communication from and to the kernel via a
99 * netlink socket. It waits for kernel events and processes them appropriately.
100 */
101
102 /**
103 * @defgroup config config
104 *
105 * Classes implementing configuration related things.
106 *
107 * @ingroup charon
108 */
109
110 /**
111 * @defgroup encoding encoding
112 *
113 * Classes used to encode and decode IKEv2 messages.
114 *
115 * @ingroup charon
116 */
117
118 /**
119 * @defgroup payloads payloads
120 *
121 * Classes representing specific IKEv2 payloads.
122 *
123 * @ingroup encoding
124 */
125
126 /**
127 * @defgroup network network
128 *
129 * Classes for network relevant stuff.
130 *
131 * @ingroup charon
132 */
133
134 /**
135 * @defgroup queues queues
136 *
137 * Different kind of queues
138 * (thread save lists).
139 *
140 * @ingroup charon
141 */
142
143 /**
144 * @defgroup jobs jobs
145 *
146 * Jobs used in job queue and event queue.
147 *
148 * @ingroup queues
149 */
150
151 /**
152 * @defgroup sa sa
153 *
154 * Security associations for IKE and IPSec,
155 * and some helper classes.
156 *
157 * @ingroup charon
158 */
159
160 /**
161 * @defgroup states states
162 *
163 * Varius states in which an IKE SA can be.
164 *
165 * @ingroup sa
166 */
167
168 /**
169 * @defgroup threads threads
170 *
171 * Threaded classes, which will do their job alone.
172 *
173 * @ingroup charon
174 */
175
176 /**
177 * Name of the daemon.
178 *
179 * @ingroup charon
180 */
181 #define DAEMON_NAME "charon"
182
183 /**
184 * @brief Number of threads in the thread pool.
185 *
186 * There are several other threads, this defines
187 * only the number of threads in thread_pool_t.
188 *
189 * @ingroup charon
190 */
191 #define NUMBER_OF_WORKING_THREADS 4
192
193 /**
194 * UDP Port on which the daemon will listen for incoming traffic.
195 *
196 * @ingroup charon
197 */
198 #define IKEV2_UDP_PORT 500
199
200 /**
201 * UDP Port to which the daemon will float to if NAT is detected.
202 *
203 * @ingroup charon
204 */
205 #define IKEV2_NATT_PORT 4500
206
207 /**
208 * PID file, in which charon stores its process id
209 *
210 * @ingroup charon
211 */
212 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
213
214 /**
215 * Configuration directory
216 *
217 * @ingroup charon
218 */
219 #define CONFIG_DIR IPSEC_CONFDIR
220
221 /**
222 * Directory of IPsec relevant files
223 *
224 * @ingroup charon
225 */
226 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
227
228 /**
229 * Default directory for private keys
230 *
231 * @ingroup charon
232 */
233 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
234
235 /**
236 * Default directory for end entity certificates
237 *
238 * @ingroup charon
239 */
240 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
241
242 /**
243 * Default directory for trusted CA certificates
244 *
245 * @ingroup charon
246 */
247 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
248
249 /**
250 * Default directory for CRLs
251 *
252 * @ingroup charon
253 */
254 #define CRL_DIR IPSEC_D_DIR "/crls"
255
256 /**
257 * Secrets files
258 *
259 * @ingroup charon
260 */
261 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
262
263
264 typedef struct daemon_t daemon_t;
265
266 /**
267 * @brief Main class of daemon, contains some globals.
268 *
269 * @ingroup charon
270 */
271 struct daemon_t {
272 /**
273 * A socket_t instance.
274 */
275 socket_t *socket;
276
277 /**
278 * A interfaces_t instance.
279 */
280 interfaces_t *interfaces;
281
282 /**
283 * A send_queue_t instance.
284 */
285 send_queue_t *send_queue;
286
287 /**
288 * A job_queue_t instance.
289 */
290 job_queue_t *job_queue;
291
292 /**
293 * A event_queue_t instance.
294 */
295 event_queue_t *event_queue;
296
297 /**
298 * A ike_sa_manager_t instance.
299 */
300 ike_sa_manager_t *ike_sa_manager;
301
302 /**
303 * A configuration_t instance.
304 */
305 configuration_t *configuration;
306
307 /**
308 * A connection_store_t instance.
309 */
310 connection_store_t *connections;
311
312 /**
313 * A policy_store_t instance.
314 */
315 policy_store_t *policies;
316
317 /**
318 * A credential_store_t instance.
319 */
320 credential_store_t *credentials;
321
322 /**
323 * The Sender-Thread.
324 */
325 sender_t *sender;
326
327 /**
328 * The Receiver-Thread.
329 */
330 receiver_t *receiver;
331
332 /**
333 * The Scheduler-Thread.
334 */
335 scheduler_t *scheduler;
336
337 /**
338 * The Thread pool managing the worker threads.
339 */
340 thread_pool_t *thread_pool;
341
342 /**
343 * Kernel Interface to communicate with kernel
344 */
345 kernel_interface_t *kernel_interface;
346
347 /**
348 * IPC interface, as whack in pluto
349 */
350 stroke_t *stroke;
351
352 /**
353 * @brief Shut down the daemon.
354 *
355 * @param this the daemon to kill
356 * @param reason describtion why it will be killed
357 */
358 void (*kill) (daemon_t *this, char *reason);
359 };
360
361 /**
362 * The one and only instance of the daemon.
363 */
364 extern daemon_t *charon;
365
366 #endif /*DAEMON_H_*/