3a5a79d9be39236b0ee2712a3be4617f1c1ccedc
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #ifndef DAEMON_H_
26 #define DAEMON_H_
27
28 typedef struct daemon_t daemon_t;
29
30 #include <credential_store.h>
31
32 #include <network/sender.h>
33 #include <network/receiver.h>
34 #include <network/socket.h>
35 #include <processing/scheduler.h>
36 #include <processing/thread_pool.h>
37 #include <processing/job_queue.h>
38 #include <processing/event_queue.h>
39 #include <kernel/kernel_interface.h>
40 #include <control/controller.h>
41 #include <control/stroke_interface.h>
42 #include <bus/bus.h>
43 #include <bus/listeners/file_logger.h>
44 #include <bus/listeners/sys_logger.h>
45 #include <sa/ike_sa_manager.h>
46 #include <config/cfg_store.h>
47 #include <config/backends/local_backend.h>
48
49 /**
50 * @defgroup charon charon
51 *
52 * @brief IKEv2 keying daemon.
53 *
54 * @section Architecture
55 *
56 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
57 * architecture than pluto. Charon uses a thread-pool, which allows parallel
58 * execution SA-management. Beside the thread-pool, there are some special purpose
59 * threads which do their job for the common health of the daemon.
60 @verbatim
61 +------+
62 | E Q |
63 | v u |---+ +------+ +------+
64 | e e | | | | | IKE- |
65 | n u | +-----------+ | |--| SA |
66 | t e | | | | I M | +------+
67 +------------+ | - | | Scheduler | | K a |
68 | receiver | +------+ | | | E n | +------+
69 +----+-------+ +-----------+ | - a | | IKE- |
70 | | +------+ | | S g |--| SA |
71 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
72 -| socket | | o u | | | | - r |
73 +-------+--+ | b e | | Thread- | | |
74 | | - u | | Pool | | |
75 +----+-------+ | e |------| |---| |
76 | sender | +------+ +------------+ +------+
77 +------------+
78
79 @endverbatim
80 * The thread-pool is the heart of the architecture. It processes jobs from a
81 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
82 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
83 * This makes it unnecesary to use further synchronisation methods once a IKE SA
84 * is checked out. The (rather complex) synchronization of IKE SAs is completely
85 * done in the IKE SA manager.
86 * The sceduler is responsible for event firing. It waits until a event in the
87 * (fully synchronized) event-queue is ready for processing and pushes the event
88 * down to the job-queue. A thread form the pool will pick it up as quick as
89 * possible. Every thread can queue events or jobs. Furter, an event can place a
90 * packet in the sender. The sender thread waits for those packets and sends
91 * them over the wire, via the socket. The receiver does exactly the opposite of
92 * the sender. It waits on the socket, reads in packets an places them on the
93 * job-queue for further processing by a thread from the pool.
94 * There are even more threads, not drawn in the upper scheme. The stroke thread
95 * is responsible for reading and processessing commands from another process. The
96 * kernel interface thread handles communication from and to the kernel via a
97 * netlink socket. It waits for kernel events and processes them appropriately.
98 */
99
100 /**
101 * @defgroup bus bus
102 *
103 * Signaling bus and its listeners.
104 *
105 * @ingroup charon
106 */
107
108 /**
109 * @defgroup config config
110 *
111 * Classes implementing configuration related things.
112 *
113 * @ingroup charon
114 */
115
116 /**
117 * @defgroup backends backends
118 *
119 * Classes implementing configuration backends.
120 *
121 * @ingroup config
122 */
123
124 /**
125 * @defgroup credentials credentials
126 *
127 * Trust chain verification and certificate store.
128 *
129 * @ingroup config
130 */
131
132 /**
133 * @defgroup control control
134 *
135 * Classes which control the daemon using IPC mechanisms.
136 *
137 * @ingroup charon
138 */
139
140 /**
141 * @defgroup encoding encoding
142 *
143 * Classes used to encode and decode IKEv2 messages.
144 *
145 * @ingroup charon
146 */
147
148 /**
149 * @defgroup payloads payloads
150 *
151 * Classes representing specific IKEv2 payloads.
152 *
153 * @ingroup encoding
154 */
155
156 /**
157 * @defgroup kernel kernel
158 *
159 * Classes to configure and query the kernel.
160 *
161 * @ingroup charon
162 */
163
164 /**
165 * @defgroup network network
166 *
167 * Classes for sending and receiving UDP packets over the network.
168 *
169 * @ingroup charon
170 */
171
172 /**
173 * @defgroup processing processing
174 *
175 * Queueing, scheduling and processing of jobs
176 *
177 * @ingroup charon
178 */
179
180 /**
181 * @defgroup jobs jobs
182 *
183 * Jobs to queue, schedule and process.
184 *
185 * @ingroup processing
186 */
187
188 /**
189 * @defgroup sa sa
190 *
191 * Security associations for IKE and IPSec, and its helper classes.
192 *
193 * @ingroup charon
194 */
195
196 /**
197 * @defgroup authenticators authenticators
198 *
199 * Authenticator classes to prove identity of a peer.
200 *
201 * @ingroup sa
202 */
203
204 /**
205 * @defgroup eap eap
206 *
207 * EAP module loader, interface and it's implementations.
208 *
209 * @ingroup authenticators
210 */
211
212 /**
213 * @defgroup tasks tasks
214 *
215 * Tasks process and build message payloads. They are used to create
216 * and process multiple exchanges.
217 *
218 * @ingroup sa
219 */
220
221 /**
222 * Name of the daemon.
223 *
224 * @ingroup charon
225 */
226 #define DAEMON_NAME "charon"
227
228 /**
229 * @brief Number of threads in the thread pool.
230 *
231 * There are several other threads, this defines
232 * only the number of threads in thread_pool_t.
233 *
234 * @ingroup charon
235 */
236 #define NUMBER_OF_WORKING_THREADS 4
237
238 /**
239 * UDP Port on which the daemon will listen for incoming traffic.
240 *
241 * @ingroup charon
242 */
243 #define IKEV2_UDP_PORT 500
244
245 /**
246 * UDP Port to which the daemon will float to if NAT is detected.
247 *
248 * @ingroup charon
249 */
250 #define IKEV2_NATT_PORT 4500
251
252 /**
253 * PID file, in which charon stores its process id
254 *
255 * @ingroup charon
256 */
257 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
258
259 /**
260 * Configuration directory
261 *
262 * @ingroup charon
263 */
264 #define CONFIG_DIR IPSEC_CONFDIR
265
266 /**
267 * Directory of IPsec relevant files
268 *
269 * @ingroup charon
270 */
271 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
272
273 /**
274 * Default directory for private keys
275 *
276 * @ingroup charon
277 */
278 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
279
280 /**
281 * Default directory for end entity certificates
282 *
283 * @ingroup charon
284 */
285 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
286
287 /**
288 * Default directory for trusted Certification Authority certificates
289 *
290 * @ingroup charon
291 */
292 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
293
294 /**
295 * Default directory for Authorization Authority certificates
296 *
297 * @ingroup charon
298 */
299 #define AA_CERTIFICATE_DIR IPSEC_D_DIR "/aacerts"
300
301 /**
302 * Default directory for Attribute certificates
303 *
304 * @ingroup charon
305 */
306 #define ATTR_CERTIFICATE_DIR IPSEC_D_DIR "/acerts"
307
308 /**
309 * Default directory for OCSP signing certificates
310 *
311 * @ingroup charon
312 */
313 #define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
314
315 /**
316 * Default directory for CRLs
317 *
318 * @ingroup charon
319 */
320 #define CRL_DIR IPSEC_D_DIR "/crls"
321
322 /**
323 * Secrets files
324 *
325 * @ingroup charon
326 */
327 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
328
329 /**
330 * @brief Main class of daemon, contains some globals.
331 *
332 * @ingroup charon
333 */
334 struct daemon_t {
335 /**
336 * A socket_t instance.
337 */
338 socket_t *socket;
339
340 /**
341 * A job_queue_t instance.
342 */
343 job_queue_t *job_queue;
344
345 /**
346 * A event_queue_t instance.
347 */
348 event_queue_t *event_queue;
349
350 /**
351 * A ike_sa_manager_t instance.
352 */
353 ike_sa_manager_t *ike_sa_manager;
354
355 /**
356 * A connection_store_t instance.
357 */
358 cfg_store_t *cfg_store;
359
360 /**
361 * A backend for cfg_store using in-memory lists
362 */
363 local_backend_t *local_backend;
364
365 /**
366 * A credential_store_t instance.
367 */
368 credential_store_t *credentials;
369
370 /**
371 * The Sender-Thread.
372 */
373 sender_t *sender;
374
375 /**
376 * The Receiver-Thread.
377 */
378 receiver_t *receiver;
379
380 /**
381 * The Scheduler-Thread.
382 */
383 scheduler_t *scheduler;
384
385 /**
386 * The Thread pool managing the worker threads.
387 */
388 thread_pool_t *thread_pool;
389
390 /**
391 * The signaling bus.
392 */
393 bus_t *bus;
394
395 /**
396 * A bus listener logging to stdout
397 */
398 file_logger_t *outlog;
399
400 /**
401 * A bus listener logging to syslog
402 */
403 sys_logger_t *syslog;
404
405 /**
406 * A bus listener logging most important events
407 */
408 sys_logger_t *authlog;
409
410 /**
411 * Kernel Interface to communicate with kernel
412 */
413 kernel_interface_t *kernel_interface;
414
415 /**
416 * control the daemon
417 */
418 controller_t *controller;;
419
420 /**
421 * IPC interface, as whack in pluto
422 */
423 stroke_t *stroke;
424
425 /**
426 * @brief Shut down the daemon.
427 *
428 * @param this the daemon to kill
429 * @param reason describtion why it will be killed
430 */
431 void (*kill) (daemon_t *this, char *reason);
432 };
433
434 /**
435 * The one and only instance of the daemon.
436 */
437 extern daemon_t *charon;
438
439 #endif /*DAEMON_H_*/