src/charon/daemon.h

   1 /**
   2  * @file daemon.h
   3  *
   4  * @brief Interface of daemon_t.
   5  *
   6  */
   7
   8 /*
   9  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
  10  * Copyright (C) 2005-2006 Martin Willi
  11  * Copyright (C) 2005 Jan Hutter
  12  * Hochschule fuer Technik Rapperswil
  13  *
  14  * This program is free software; you can redistribute it and/or modify it
  15  * under the terms of the GNU General Public License as published by the
  16  * Free Software Foundation; either version 2 of the License, or (at your
  17  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  18  *
  19  * This program is distributed in the hope that it will be useful, but
  20  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  21  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  22  * for more details.
  23  */
  24
  25 #ifndef DAEMON_H_
  26 #define DAEMON_H_
  27
  28 typedef struct daemon_t daemon_t;
  29
  30 #include <credential_store.h>
  31
  32 #include <threads/sender.h>
  33 #include <threads/receiver.h>
  34 #include <threads/scheduler.h>
  35 #include <threads/kernel_interface.h>
  36 #include <threads/thread_pool.h>
  37 #include <threads/stroke_interface.h>
  38 #include <network/socket.h>
  39 #include <bus/bus.h>
  40 #include <bus/listeners/file_logger.h>
  41 #include <bus/listeners/sys_logger.h>
  42 #include <sa/ike_sa_manager.h>
  43 #include <queues/job_queue.h>
  44 #include <queues/event_queue.h>
  45 #include <config/configuration.h>
  46 #include <config/connections/connection_store.h>
  47 #include <config/policies/policy_store.h>
  48
  49 /**
  50  * @defgroup charon charon
  51  *
  52  * @brief IKEv2 keying daemon.
  53  *
  54  * @section Architecture
  55  *
  56  * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
  57  * architecture than pluto. Charon uses a thread-pool, which allows parallel
  58  * execution SA-management. Beside the thread-pool, there are some special purpose
  59  * threads which do their job for the common health of the daemon.
  60    @verbatim
  61                          +------+
  62                          | E  Q |
  63                          | v  u |---+                   +------+  +------+
  64                          | e  e |   |                   |      |  | IKE- |
  65                          | n  u |  +-----------+        |      |--| SA   |
  66                          | t  e |  |           |        | I  M |  +------+
  67        +------------+    | -    |  | Scheduler |        | K  a |
  68        |  receiver  |    +------+  |           |        | E  n |  +------+
  69        +----+-------+              +-----------+        | -  a |  | IKE- |
  70             |      |     +------+   |                   | S  g |--| SA   |
  71     +-------+--+   +-----| J  Q |---+  +------------+   | A  e |  +------+
  72    -|  socket  |         | o  u |      |            |   | -  r |
  73     +-------+--+         | b  e |      |   Thread-  |   |      |
  74             |            | -  u |      |   Pool     |   |      |
  75        +----+-------+    |    e |------|            |---|      |
  76        |   sender   |    +------+      +------------+   +------+
  77        +------------+
  78
  79    @endverbatim
  80  * The thread-pool is the heart of the architecture. It processes jobs from a
  81  * (fully synchronized) job-queue. Mostly, a job is associated with a specific
  82  * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
  83  * This makes it unnecesary to use further synchronisation methods once a IKE SA
  84  * is checked out. The (rather complex) synchronization of IKE SAs is completely
  85  * done in the IKE SA manager.
  86  * The sceduler is responsible for event firing. It waits until a event in the
  87  * (fully synchronized) event-queue is ready for processing and pushes the event
  88  * down to the job-queue. A thread form the pool will pick it up as quick as
  89  * possible. Every thread can queue events or jobs. Furter, an event can place a
  90  * packet in the sender. The sender thread waits for those packets and sends
  91  * them over the wire, via the socket. The receiver does exactly the opposite of
  92  * the sender. It waits on the socket, reads in packets an places them on the
  93  * job-queue for further processing by a thread from the pool.
  94  * There are even more threads, not drawn in the upper scheme. The stroke thread
  95  * is responsible for reading and processessing commands from another process. The
  96  * kernel interface thread handles communication from and to the kernel via a
  97  * netlink socket. It waits for kernel events and processes them appropriately.
  98  */
  99
 100 /**
 101  * @defgroup config config
 102  *
 103  * Classes implementing configuration related things.
 104  *
 105  * @ingroup charon
 106  */
 107
 108 /**
 109  * @defgroup encoding encoding
 110  *
 111  * Classes used to encode and decode IKEv2 messages.
 112  *
 113  * @ingroup charon
 114  */
 115
 116  /**
 117  * @defgroup payloads payloads
 118  *
 119  * Classes representing specific IKEv2 payloads.
 120  *
 121  * @ingroup encoding
 122  */
 123
 124 /**
 125  * @defgroup network network
 126  *
 127  * Classes for network relevant stuff.
 128  *
 129  * @ingroup charon
 130  */
 131
 132 /**
 133  * @defgroup queues queues
 134  *
 135  * Different kind of queues
 136  * (thread save lists).
 137  *
 138  * @ingroup charon
 139  */
 140
 141 /**
 142  * @defgroup jobs jobs
 143  *
 144  * Jobs used in job queue and event queue.
 145  *
 146  * @ingroup queues
 147  */
 148
 149 /**
 150  * @defgroup sa sa
 151  *
 152  * Security associations for IKE and IPSec,
 153  * and some helper classes.
 154  *
 155  * @ingroup charon
 156  */
 157
 158 /**
 159  * @defgroup tasks tasks
 160  *
 161  * Tasks process and build message payloads. They are used to create
 162  * and process multiple exchanges.
 163  *
 164  * @ingroup sa
 165  */
 166
 167 /**
 168  * @defgroup authenticators authenticators
 169  *
 170  * Authenticator classes to prove identity of peer.
 171  *
 172  * @ingroup sa
 173  */
 174
 175 /**
 176  * @defgroup eap eap
 177  *
 178  * EAP authentication module interface and it's implementations.
 179  *
 180  * @ingroup authenticators
 181  */
 182
 183 /**
 184  * @defgroup threads threads
 185  *
 186  * Threaded classes, which will do their job alone.
 187  *
 188  * @ingroup charon
 189  */
 190
 191 /**
 192  * @defgroup bus bus
 193  *
 194  * Signaling bus and its listeners.
 195  *
 196  * @ingroup charon
 197  */
 198
 199 /**
 200  * Name of the daemon.
 201  *
 202  * @ingroup charon
 203  */
 204 #define DAEMON_NAME "charon"
 205
 206 /**
 207  * @brief Number of threads in the thread pool.
 208  *
 209  * There are several other threads, this defines
 210  * only the number of threads in thread_pool_t.
 211  *
 212  * @ingroup charon
 213  */
 214 #define NUMBER_OF_WORKING_THREADS 4
 215
 216 /**
 217  * UDP Port on which the daemon will listen for incoming traffic.
 218  *
 219  * @ingroup charon
 220  */
 221 #define IKEV2_UDP_PORT 500
 222
 223 /**
 224  * UDP Port to which the daemon will float to if NAT is detected.
 225  *
 226  * @ingroup charon
 227  */
 228 #define IKEV2_NATT_PORT 4500
 229
 230 /**
 231  * PID file, in which charon stores its process id
 232  *
 233  * @ingroup charon
 234  */
 235 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
 236
 237 /**
 238  * Configuration directory
 239  *
 240  * @ingroup charon
 241  */
 242 #define CONFIG_DIR IPSEC_CONFDIR
 243
 244 /**
 245  * Directory of IPsec relevant files
 246  *
 247  * @ingroup charon
 248  */
 249 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
 250
 251 /**
 252  * Default directory for private keys
 253  *
 254  * @ingroup charon
 255  */
 256 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
 257
 258 /**
 259  * Default directory for end entity certificates
 260  *
 261  * @ingroup charon
 262  */
 263 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
 264
 265 /**
 266  * Default directory for trusted CA certificates
 267  *
 268  * @ingroup charon
 269  */
 270 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
 271
 272 /**
 273  * Default directory for OCSP signing certificates
 274  *
 275  * @ingroup charon
 276  */
 277 #define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
 278
 279 /**
 280  * Default directory for CRLs
 281  *
 282  * @ingroup charon
 283  */
 284 #define CRL_DIR IPSEC_D_DIR "/crls"
 285
 286 /**
 287  * Secrets files
 288  *
 289  * @ingroup charon
 290  */
 291 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
 292
 293 /**
 294  * @brief Main class of daemon, contains some globals.
 295  *
 296  * @ingroup charon
 297  */
 298 struct daemon_t {
 299         /**
 300          * A socket_t instance.
 301          */
 302         socket_t *socket;
 303
 304         /**
 305          * A job_queue_t instance.
 306          */
 307         job_queue_t *job_queue;
 308
 309         /**
 310          * A event_queue_t instance.
 311          */
 312         event_queue_t *event_queue;
 313
 314         /**
 315          * A ike_sa_manager_t instance.
 316          */
 317         ike_sa_manager_t *ike_sa_manager;
 318
 319         /**
 320          * A configuration_t instance.
 321          */
 322         configuration_t *configuration;
 323
 324         /**
 325          * A connection_store_t instance.
 326          */
 327         connection_store_t *connections;
 328
 329         /**
 330          * A policy_store_t instance.
 331          */
 332         policy_store_t *policies;
 333
 334         /**
 335          * A credential_store_t instance.
 336          */
 337         credential_store_t *credentials;
 338
 339         /**
 340          * The Sender-Thread.
 341          */
 342         sender_t *sender;
 343
 344         /**
 345          * The Receiver-Thread.
 346          */
 347         receiver_t *receiver;
 348
 349         /**
 350          * The Scheduler-Thread.
 351          */
 352         scheduler_t *scheduler;
 353
 354         /**
 355          * The Thread pool managing the worker threads.
 356          */
 357         thread_pool_t *thread_pool;
 358
 359         /**
 360          * The signaling bus.
 361          */
 362         bus_t *bus;
 363
 364         /**
 365          * A bus listener logging to stdout
 366          */
 367         file_logger_t *outlog;
 368
 369         /**
 370          * A bus listener logging to syslog
 371          */
 372         sys_logger_t *syslog;
 373
 374         /**
 375          * A bus listener logging most important events
 376          */
 377         sys_logger_t *authlog;
 378
 379         /**
 380          * Kernel Interface to communicate with kernel
 381          */
 382         kernel_interface_t *kernel_interface;
 383
 384         /**
 385          * IPC interface, as whack in pluto
 386          */
 387         stroke_t *stroke;
 388
 389         /**
 390          * @brief Shut down the daemon.
 391          *
 392          * @param this          the daemon to kill
 393          * @param reason        describtion why it will be killed
 394          */
 395         void (*kill) (daemon_t *this, char *reason);
 396 };
 397
 398 /**
 399  * The one and only instance of the daemon.
 400  */
 401 extern daemon_t *charon;
 402
 403 #endif /*DAEMON_H_*/