some improvements in signaling code
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #ifndef DAEMON_H_
26 #define DAEMON_H_
27
28 #include <threads/sender.h>
29 #include <threads/receiver.h>
30 #include <threads/scheduler.h>
31 #include <threads/kernel_interface.h>
32 #include <threads/thread_pool.h>
33 #include <threads/stroke_interface.h>
34 #include <network/socket.h>
35 #include <bus/bus.h>
36 #include <bus/listeners/file_logger.h>
37 #include <bus/listeners/sys_logger.h>
38 #include <sa/ike_sa_manager.h>
39 #include <queues/send_queue.h>
40 #include <queues/job_queue.h>
41 #include <queues/event_queue.h>
42 #include <config/configuration.h>
43 #include <config/connections/connection_store.h>
44 #include <config/policies/policy_store.h>
45 #include <config/credentials/credential_store.h>
46
47 /**
48 * @defgroup charon charon
49 *
50 * @brief IKEv2 keying daemon.
51 *
52 * @section Architecture
53 *
54 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
55 * architecture than pluto. Charon uses a thread-pool, which allows parallel
56 * execution SA-management. Beside the thread-pool, there are some special purpose
57 * threads which do their job for the common health of the daemon.
58 @verbatim
59 +------+
60 | E Q |
61 | v u |---+ +------+ +------+
62 | e e | | | | | IKE- |
63 | n u | +-----------+ | |--| SA |
64 | t e | | | | I M | +------+
65 +------------+ | - | | Scheduler | | K a |
66 | receiver | +------+ | | | E n | +------+
67 +----+-------+ +-----------+ | - a | | IKE- |
68 | | +------+ | | S g |--| SA |
69 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
70 -| socket | | o u | | | | - r |
71 +-------+--+ | b e | | Thread- | | |
72 | | - u | | Pool | | |
73 +----+-------+ | e |------| |---| |
74 | sender | +------+ +------------+ +------+
75 +----+-------+
76 | +------+
77 | | S Q |
78 | | e u |
79 | | n e |
80 +------------| d u |
81 | - e |
82 +--+---+
83 @endverbatim
84 * The thread-pool is the heart of the architecture. It processes jobs from a
85 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
86 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
87 * This makes it unnecesary to use further synchronisation methods once a IKE SA
88 * is checked out. The (rather complex) synchronization of IKE SAs is completely
89 * done in the IKE SA manager.
90 * The sceduler is responsible for event firing. It waits until a event in the
91 * (fully synchronized) event-queue is ready for processing and pushes the event
92 * down to the job-queue. A thread form the pool will pick it up as quick as
93 * possible. Every thread can queue events or jobs. Furter, an event can place a
94 * packet in the send-queue. The sender thread waits for those packets and sends
95 * them over the wire, via the socket. The receiver does exactly the opposite of
96 * the sender. It waits on the socket, reads in packets an places them on the
97 * job-queue for further processing by a thread from the pool.
98 * There are even more threads, not drawn in the upper scheme. The stroke thread
99 * is responsible for reading and processessing commands from another process. The
100 * kernel interface thread handles communication from and to the kernel via a
101 * netlink socket. It waits for kernel events and processes them appropriately.
102 */
103
104 /**
105 * @defgroup config config
106 *
107 * Classes implementing configuration related things.
108 *
109 * @ingroup charon
110 */
111
112 /**
113 * @defgroup encoding encoding
114 *
115 * Classes used to encode and decode IKEv2 messages.
116 *
117 * @ingroup charon
118 */
119
120 /**
121 * @defgroup payloads payloads
122 *
123 * Classes representing specific IKEv2 payloads.
124 *
125 * @ingroup encoding
126 */
127
128 /**
129 * @defgroup network network
130 *
131 * Classes for network relevant stuff.
132 *
133 * @ingroup charon
134 */
135
136 /**
137 * @defgroup queues queues
138 *
139 * Different kind of queues
140 * (thread save lists).
141 *
142 * @ingroup charon
143 */
144
145 /**
146 * @defgroup jobs jobs
147 *
148 * Jobs used in job queue and event queue.
149 *
150 * @ingroup queues
151 */
152
153 /**
154 * @defgroup sa sa
155 *
156 * Security associations for IKE and IPSec,
157 * and some helper classes.
158 *
159 * @ingroup charon
160 */
161
162 /**
163 * @defgroup transactions transactions
164 *
165 * Transactions represent a request/response
166 * message exchange to implement the IKEv2
167 * protocol exchange scenarios.
168 *
169 * @ingroup sa
170 */
171
172 /**
173 * @defgroup threads threads
174 *
175 * Threaded classes, which will do their job alone.
176 *
177 * @ingroup charon
178 */
179
180 /**
181 * @defgroup bus bus
182 *
183 * Signaling bus and its listeners.
184 *
185 * @ingroup charon
186 */
187
188 /**
189 * Name of the daemon.
190 *
191 * @ingroup charon
192 */
193 #define DAEMON_NAME "charon"
194
195 /**
196 * @brief Number of threads in the thread pool.
197 *
198 * There are several other threads, this defines
199 * only the number of threads in thread_pool_t.
200 *
201 * @ingroup charon
202 */
203 #define NUMBER_OF_WORKING_THREADS 4
204
205 /**
206 * UDP Port on which the daemon will listen for incoming traffic.
207 *
208 * @ingroup charon
209 */
210 #define IKEV2_UDP_PORT 500
211
212 /**
213 * UDP Port to which the daemon will float to if NAT is detected.
214 *
215 * @ingroup charon
216 */
217 #define IKEV2_NATT_PORT 4500
218
219 /**
220 * PID file, in which charon stores its process id
221 *
222 * @ingroup charon
223 */
224 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
225
226 /**
227 * Configuration directory
228 *
229 * @ingroup charon
230 */
231 #define CONFIG_DIR IPSEC_CONFDIR
232
233 /**
234 * Directory of IPsec relevant files
235 *
236 * @ingroup charon
237 */
238 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
239
240 /**
241 * Default directory for private keys
242 *
243 * @ingroup charon
244 */
245 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
246
247 /**
248 * Default directory for end entity certificates
249 *
250 * @ingroup charon
251 */
252 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
253
254 /**
255 * Default directory for trusted CA certificates
256 *
257 * @ingroup charon
258 */
259 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
260
261 /**
262 * Default directory for CRLs
263 *
264 * @ingroup charon
265 */
266 #define CRL_DIR IPSEC_D_DIR "/crls"
267
268 /**
269 * Secrets files
270 *
271 * @ingroup charon
272 */
273 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
274
275
276 typedef struct daemon_t daemon_t;
277
278 /**
279 * @brief Main class of daemon, contains some globals.
280 *
281 * @ingroup charon
282 */
283 struct daemon_t {
284 /**
285 * A socket_t instance.
286 */
287 socket_t *socket;
288
289 /**
290 * A send_queue_t instance.
291 */
292 send_queue_t *send_queue;
293
294 /**
295 * A job_queue_t instance.
296 */
297 job_queue_t *job_queue;
298
299 /**
300 * A event_queue_t instance.
301 */
302 event_queue_t *event_queue;
303
304 /**
305 * A ike_sa_manager_t instance.
306 */
307 ike_sa_manager_t *ike_sa_manager;
308
309 /**
310 * A configuration_t instance.
311 */
312 configuration_t *configuration;
313
314 /**
315 * A connection_store_t instance.
316 */
317 connection_store_t *connections;
318
319 /**
320 * A policy_store_t instance.
321 */
322 policy_store_t *policies;
323
324 /**
325 * A credential_store_t instance.
326 */
327 credential_store_t *credentials;
328
329 /**
330 * The Sender-Thread.
331 */
332 sender_t *sender;
333
334 /**
335 * The Receiver-Thread.
336 */
337 receiver_t *receiver;
338
339 /**
340 * The Scheduler-Thread.
341 */
342 scheduler_t *scheduler;
343
344 /**
345 * The Thread pool managing the worker threads.
346 */
347 thread_pool_t *thread_pool;
348
349 /**
350 * The signaling bus.
351 */
352 bus_t *bus;
353
354 /**
355 * A bus listener logging to stdout
356 */
357 file_logger_t *outlog;
358
359 /**
360 * A bus listener logging to syslog
361 */
362 sys_logger_t *syslog;
363
364 /**
365 * A bus listener logging most important events
366 */
367 sys_logger_t *authlog;
368
369 /**
370 * Kernel Interface to communicate with kernel
371 */
372 kernel_interface_t *kernel_interface;
373
374 /**
375 * IPC interface, as whack in pluto
376 */
377 stroke_t *stroke;
378
379 /**
380 * @brief Shut down the daemon.
381 *
382 * @param this the daemon to kill
383 * @param reason describtion why it will be killed
384 */
385 void (*kill) (daemon_t *this, char *reason);
386 };
387
388 /**
389 * The one and only instance of the daemon.
390 */
391 extern daemon_t *charon;
392
393 #endif /*DAEMON_H_*/