fixed daemon kill before threads are spawned
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006-2007 Tobias Brunner
10 * Copyright (C) 2006 Daniel Roethlisberger
11 * Copyright (C) 2005-2006 Martin Willi
12 * Copyright (C) 2005 Jan Hutter
13 * Hochschule fuer Technik Rapperswil
14 *
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the
17 * Free Software Foundation; either version 2 of the License, or (at your
18 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
19 *
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 * for more details.
24 */
25
26 #ifndef DAEMON_H_
27 #define DAEMON_H_
28
29 typedef struct daemon_t daemon_t;
30
31 #include <credential_store.h>
32
33 #include <network/sender.h>
34 #include <network/receiver.h>
35 #include <network/socket.h>
36 #include <processing/scheduler.h>
37 #include <processing/processor.h>
38 #include <kernel/kernel_interface.h>
39 #include <control/interface_manager.h>
40 #include <bus/bus.h>
41 #include <bus/listeners/file_logger.h>
42 #include <bus/listeners/sys_logger.h>
43 #include <sa/ike_sa_manager.h>
44 #include <config/backend_manager.h>
45
46 #ifdef P2P
47 #include <sa/connect_manager.h>
48 #include <sa/mediation_manager.h>
49 #endif /* P2P */
50
51 /**
52 * @defgroup charon charon
53 *
54 * @brief IKEv2 keying daemon.
55 *
56 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
57 * architecture than pluto. Charon uses a thread-pool (called processor),
58 * which allows parallel execution SA-management. All threads originate
59 * from the processor. Work is delegated to the processor by queueing jobs
60 * to it.
61 @verbatim
62
63 +--------+ +-------+ +--------+ +-----------+ +-----------+
64 | Stroke | | XML | | DBUS | | Local | | SQLite |
65 +--------+ +-------+ +--------+ +-----------+ +-----------+
66 | | | | |
67 +---------------------------------+ +----------------------------+
68 | Interfaces | | Backends |
69 +---------------------------------+ +----------------------------+
70
71
72 +------------+ +-----------+ +------+ +----------+
73 | receiver | | | | | +------+ | CHILD_SA |
74 +----+-------+ | Scheduler | | IKE- | | IKE- |--+----------+
75 | | | | SA |--| SA | | CHILD_SA |
76 +-------+--+ +-----------+ | | +------+ +----------+
77 <->| socket | | | Man- |
78 +-------+--+ +-----------+ | ager | +------+ +----------+
79 | | | | | | IKE- |--| CHILD_SA |
80 +----+-------+ | Processor |--------| |--| SA | +----------+
81 | sender | | | | | +------+
82 +------------+ +-----------+ +------+
83
84
85 +---------------------------------+ +----------------------------+
86 | Bus | | Kernel Interface |
87 +---------------------------------+ +----------------------------+
88 | | |
89 +-------------+ +-------------+ V
90 | File-Logger | | Sys-Logger | //////
91 +-------------+ +-------------+
92
93
94 @endverbatim
95 * The scheduler is responsible to execute timed events. Jobs may be queued to
96 * the scheduler to get executed at a defined time (e.g. rekeying). The scheduler
97 * does not execute the jobs itself, it queues them to the processor.
98 *
99 * The IKE_SA manager managers all IKE_SA. It further handles the synchronization:
100 * Each IKE_SA must be checked out strictly and checked in again after use. The
101 * manager guarantees that only one thread may check out a single IKE_SA. This allows
102 * us to write the (complex) IKE_SAs routines non-threadsave.
103 * The IKE_SA contain the state and the logic of each IKE_SA and handle the messages.
104 *
105 * The CHILD_SA contains state about a IPsec security association and manages them.
106 * An IKE_SA may have multiple CHILD_SAs. Communication to the kernel takes place
107 * here through the kernel interface.
108 *
109 * The kernel interface installs IPsec security associations, policies routes and
110 * virtual addresses. It further provides methods to enumerate interfaces and may notify
111 * the daemon about state changes at lower layers.
112 *
113 * The bus receives signals from the different threads and relais them to interested
114 * listeners. Debugging signals, but also important state changes or error messages are
115 * sent over the bus.
116 * It's listeners are not only for logging, but also to track the state of an IKE_SA.
117 *
118 * The interface manager loads pluggable controlling interfaces. These are written to control
119 * the daemon from external inputs (e.g. initiate IKE_SA, close IKE_SA, ...). The interface
120 * manager further provides a simple API to establish these tasks.
121 * Backends are pluggable modules which provide configuration. They have to implement an API
122 * which the daemon core uses to get configuration.
123 */
124
125 /**
126 * @defgroup bus bus
127 *
128 * Signaling bus and its listeners.
129 *
130 * @ingroup charon
131 */
132
133 /**
134 * @defgroup config config
135 *
136 * Classes implementing configuration related things.
137 *
138 * @ingroup charon
139 */
140
141 /**
142 * @defgroup backends backends
143 *
144 * Classes implementing configuration backends.
145 *
146 * @ingroup config
147 */
148
149 /**
150 * @defgroup credentials credentials
151 *
152 * Trust chain verification and certificate store.
153 *
154 * @ingroup config
155 */
156
157 /**
158 * @defgroup control control
159 *
160 * Handling of loadable control interface modules.
161 *
162 * @ingroup charon
163 */
164
165 /**
166 * @defgroup interfaces interfaces
167 *
168 * Classes which control the daemon using IPC mechanisms.
169 *
170 * @ingroup control
171 */
172
173 /**
174 * @defgroup encoding encoding
175 *
176 * Classes used to encode and decode IKEv2 messages.
177 *
178 * @ingroup charon
179 */
180
181 /**
182 * @defgroup payloads payloads
183 *
184 * Classes representing specific IKEv2 payloads.
185 *
186 * @ingroup encoding
187 */
188
189 /**
190 * @defgroup kernel kernel
191 *
192 * Classes to configure and query the kernel.
193 *
194 * @ingroup charon
195 */
196
197 /**
198 * @defgroup network network
199 *
200 * Classes for sending and receiving UDP packets over the network.
201 *
202 * @ingroup charon
203 */
204
205 /**
206 * @defgroup processing processing
207 *
208 * Queueing, scheduling and processing of jobs
209 *
210 * @ingroup charon
211 */
212
213 /**
214 * @defgroup jobs jobs
215 *
216 * Jobs to queue, schedule and process.
217 *
218 * @ingroup processing
219 */
220
221 /**
222 * @defgroup sa sa
223 *
224 * Security associations for IKE and IPSec, and its helper classes.
225 *
226 * @ingroup charon
227 */
228
229 /**
230 * @defgroup authenticators authenticators
231 *
232 * Authenticator classes to prove identity of a peer.
233 *
234 * @ingroup sa
235 */
236
237 /**
238 * @defgroup eap eap
239 *
240 * EAP module loader, interface and it's implementations.
241 *
242 * @ingroup authenticators
243 */
244
245 /**
246 * @defgroup tasks tasks
247 *
248 * Tasks process and build message payloads. They are used to create
249 * and process multiple exchanges.
250 *
251 * @ingroup sa
252 */
253
254 /**
255 * Name of the daemon.
256 *
257 * @ingroup charon
258 */
259 #define DAEMON_NAME "charon"
260
261 /**
262 * @brief Number of threads in the thread pool.
263 *
264 * @ingroup charon
265 */
266 #define WORKER_THREADS 16
267
268 /**
269 * UDP Port on which the daemon will listen for incoming traffic.
270 *
271 * @ingroup charon
272 */
273 #define IKEV2_UDP_PORT 500
274
275 /**
276 * UDP Port to which the daemon will float to if NAT is detected.
277 *
278 * @ingroup charon
279 */
280 #define IKEV2_NATT_PORT 4500
281
282 /**
283 * PID file, in which charon stores its process id
284 *
285 * @ingroup charon
286 */
287 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
288
289 /**
290 * Configuration directory
291 *
292 * @ingroup charon
293 */
294 #define CONFIG_DIR IPSEC_CONFDIR
295
296 /**
297 * Directory of IPsec relevant files
298 *
299 * @ingroup charon
300 */
301 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
302
303 /**
304 * Default directory for private keys
305 *
306 * @ingroup charon
307 */
308 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
309
310 /**
311 * Default directory for end entity certificates
312 *
313 * @ingroup charon
314 */
315 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
316
317 /**
318 * Default directory for trusted Certification Authority certificates
319 *
320 * @ingroup charon
321 */
322 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
323
324 /**
325 * Default directory for Authorization Authority certificates
326 *
327 * @ingroup charon
328 */
329 #define AA_CERTIFICATE_DIR IPSEC_D_DIR "/aacerts"
330
331 /**
332 * Default directory for Attribute certificates
333 *
334 * @ingroup charon
335 */
336 #define ATTR_CERTIFICATE_DIR IPSEC_D_DIR "/acerts"
337
338 /**
339 * Default directory for OCSP signing certificates
340 *
341 * @ingroup charon
342 */
343 #define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
344
345 /**
346 * Default directory for CRLs
347 *
348 * @ingroup charon
349 */
350 #define CRL_DIR IPSEC_D_DIR "/crls"
351
352 /**
353 * Secrets files
354 *
355 * @ingroup charon
356 */
357 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
358
359 /**
360 * @brief Main class of daemon, contains some globals.
361 *
362 * @ingroup charon
363 */
364 struct daemon_t {
365
366 /**
367 * A socket_t instance.
368 */
369 socket_t *socket;
370
371 /**
372 * A ike_sa_manager_t instance.
373 */
374 ike_sa_manager_t *ike_sa_manager;
375
376 /**
377 * Manager for the different configuration backends.
378 */
379 backend_manager_t *backends;
380
381 /**
382 * A credential_store_t instance.
383 */
384 credential_store_t *credentials;
385
386 /**
387 * The Sender-Thread.
388 */
389 sender_t *sender;
390
391 /**
392 * The Receiver-Thread.
393 */
394 receiver_t *receiver;
395
396 /**
397 * The Scheduler-Thread.
398 */
399 scheduler_t *scheduler;
400
401 /**
402 * Job processing using a thread pool.
403 */
404 processor_t *processor;
405
406 /**
407 * The signaling bus.
408 */
409 bus_t *bus;
410
411 /**
412 * A bus listener logging to stdout
413 */
414 file_logger_t *outlog;
415
416 /**
417 * A bus listener logging to syslog
418 */
419 sys_logger_t *syslog;
420
421 /**
422 * A bus listener logging most important events
423 */
424 sys_logger_t *authlog;
425
426 /**
427 * Kernel Interface to communicate with kernel
428 */
429 kernel_interface_t *kernel_interface;
430
431 /**
432 * Interfaces for IPC
433 */
434 interface_manager_t *interfaces;
435
436 #ifdef P2P
437 /**
438 * Connect manager
439 */
440 connect_manager_t *connect_manager;
441
442 /**
443 * Mediation manager
444 */
445 mediation_manager_t *mediation_manager;
446 #endif /* P2P */
447
448 /**
449 * @brief Shut down the daemon.
450 *
451 * @param this the daemon to kill
452 * @param reason describtion why it will be killed
453 */
454 void (*kill) (daemon_t *this, char *reason);
455 };
456
457 /**
458 * The one and only instance of the daemon.
459 */
460 extern daemon_t *charon;
461
462 #endif /*DAEMON_H_*/