fixed crypter/signer in/out to conform with standard
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #ifndef DAEMON_H_
26 #define DAEMON_H_
27
28 #include <threads/sender.h>
29 #include <threads/receiver.h>
30 #include <threads/scheduler.h>
31 #include <threads/kernel_interface.h>
32 #include <threads/thread_pool.h>
33 #include <threads/stroke_interface.h>
34 #include <network/socket.h>
35 #include <network/interfaces.h>
36 #include <sa/ike_sa_manager.h>
37 #include <queues/send_queue.h>
38 #include <queues/job_queue.h>
39 #include <queues/event_queue.h>
40 #include <utils/logger_manager.h>
41 #include <config/configuration.h>
42 #include <config/connections/connection_store.h>
43 #include <config/policies/policy_store.h>
44 #include <config/credentials/credential_store.h>
45
46 /**
47 * @defgroup charon charon
48 *
49 * @brief IKEv2 keying daemon.
50 *
51 * @section Architecture
52 *
53 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
54 * architecture than pluto. Charon uses a thread-pool, which allows parallel
55 * execution SA-management. Beside the thread-pool, there are some special purpose
56 * threads which do their job for the common health of the daemon.
57 @verbatim
58 +------+
59 | E Q |
60 | v u |---+ +------+ +------+
61 | e e | | | | | IKE- |
62 | n u | +-----------+ | |--| SA |
63 | t e | | | | I M | +------+
64 +------------+ | - | | Scheduler | | K a |
65 | receiver | +------+ | | | E n | +------+
66 +----+-------+ +-----------+ | - a | | IKE- |
67 | | +------+ | | S g |--| SA |
68 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
69 -| socket | | o u | | | | - r |
70 +-------+--+ | b e | | Thread- | | |
71 | | - u | | Pool | | |
72 +----+-------+ | e |------| |---| |
73 | sender | +------+ +------------+ +------+
74 +----+-------+
75 | +------+
76 | | S Q |
77 | | e u |
78 | | n e |
79 +------------| d u |
80 | - e |
81 +--+---+
82 @endverbatim
83 * The thread-pool is the heart of the architecture. It processes jobs from a
84 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
85 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
86 * This makes it unnecesary to use further synchronisation methods once a IKE SA
87 * is checked out. The (rather complex) synchronization of IKE SAs is completely
88 * done in the IKE SA manager.
89 * The sceduler is responsible for event firing. It waits until a event in the
90 * (fully synchronized) event-queue is ready for processing and pushes the event
91 * down to the job-queue. A thread form the pool will pick it up as quick as
92 * possible. Every thread can queue events or jobs. Furter, an event can place a
93 * packet in the send-queue. The sender thread waits for those packets and sends
94 * them over the wire, via the socket. The receiver does exactly the opposite of
95 * the sender. It waits on the socket, reads in packets an places them on the
96 * job-queue for further processing by a thread from the pool.
97 * There are even more threads, not drawn in the upper scheme. The stroke thread
98 * is responsible for reading and processessing commands from another process. The
99 * kernel interface thread handles communication from and to the kernel via a
100 * netlink socket. It waits for kernel events and processes them appropriately.
101 */
102
103 /**
104 * @defgroup config config
105 *
106 * Classes implementing configuration related things.
107 *
108 * @ingroup charon
109 */
110
111 /**
112 * @defgroup encoding encoding
113 *
114 * Classes used to encode and decode IKEv2 messages.
115 *
116 * @ingroup charon
117 */
118
119 /**
120 * @defgroup payloads payloads
121 *
122 * Classes representing specific IKEv2 payloads.
123 *
124 * @ingroup encoding
125 */
126
127 /**
128 * @defgroup network network
129 *
130 * Classes for network relevant stuff.
131 *
132 * @ingroup charon
133 */
134
135 /**
136 * @defgroup queues queues
137 *
138 * Different kind of queues
139 * (thread save lists).
140 *
141 * @ingroup charon
142 */
143
144 /**
145 * @defgroup jobs jobs
146 *
147 * Jobs used in job queue and event queue.
148 *
149 * @ingroup queues
150 */
151
152 /**
153 * @defgroup sa sa
154 *
155 * Security associations for IKE and IPSec,
156 * and some helper classes.
157 *
158 * @ingroup charon
159 */
160
161 /**
162 * @defgroup states states
163 *
164 * Varius states in which an IKE SA can be.
165 *
166 * @ingroup sa
167 */
168
169 /**
170 * @defgroup threads threads
171 *
172 * Threaded classes, which will do their job alone.
173 *
174 * @ingroup charon
175 */
176
177 /**
178 * Name of the daemon.
179 *
180 * @ingroup charon
181 */
182 #define DAEMON_NAME "charon"
183
184 /**
185 * @brief Number of threads in the thread pool.
186 *
187 * There are several other threads, this defines
188 * only the number of threads in thread_pool_t.
189 *
190 * @ingroup charon
191 */
192 #define NUMBER_OF_WORKING_THREADS 4
193
194 /**
195 * UDP Port on which the daemon will listen for incoming traffic.
196 *
197 * @ingroup charon
198 */
199 #define IKEV2_UDP_PORT 500
200
201 /**
202 * UDP Port to which the daemon will float to if NAT is detected.
203 *
204 * @ingroup charon
205 */
206 #define IKEV2_NATT_PORT 4500
207
208 /**
209 * PID file, in which charon stores its process id
210 *
211 * @ingroup charon
212 */
213 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
214
215 /**
216 * Configuration directory
217 *
218 * @ingroup charon
219 */
220 #define CONFIG_DIR IPSEC_CONFDIR
221
222 /**
223 * Directory of IPsec relevant files
224 *
225 * @ingroup charon
226 */
227 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
228
229 /**
230 * Default directory for private keys
231 *
232 * @ingroup charon
233 */
234 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
235
236 /**
237 * Default directory for end entity certificates
238 *
239 * @ingroup charon
240 */
241 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
242
243 /**
244 * Default directory for trusted CA certificates
245 *
246 * @ingroup charon
247 */
248 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
249
250 /**
251 * Default directory for CRLs
252 *
253 * @ingroup charon
254 */
255 #define CRL_DIR IPSEC_D_DIR "/crls"
256
257 /**
258 * Secrets files
259 *
260 * @ingroup charon
261 */
262 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
263
264
265 typedef struct daemon_t daemon_t;
266
267 /**
268 * @brief Main class of daemon, contains some globals.
269 *
270 * @ingroup charon
271 */
272 struct daemon_t {
273 /**
274 * A socket_t instance.
275 */
276 socket_t *socket;
277
278 /**
279 * A interfaces_t instance.
280 */
281 interfaces_t *interfaces;
282
283 /**
284 * A send_queue_t instance.
285 */
286 send_queue_t *send_queue;
287
288 /**
289 * A job_queue_t instance.
290 */
291 job_queue_t *job_queue;
292
293 /**
294 * A event_queue_t instance.
295 */
296 event_queue_t *event_queue;
297
298 /**
299 * A ike_sa_manager_t instance.
300 */
301 ike_sa_manager_t *ike_sa_manager;
302
303 /**
304 * A configuration_t instance.
305 */
306 configuration_t *configuration;
307
308 /**
309 * A connection_store_t instance.
310 */
311 connection_store_t *connections;
312
313 /**
314 * A policy_store_t instance.
315 */
316 policy_store_t *policies;
317
318 /**
319 * A credential_store_t instance.
320 */
321 credential_store_t *credentials;
322
323 /**
324 * The Sender-Thread.
325 */
326 sender_t *sender;
327
328 /**
329 * The Receiver-Thread.
330 */
331 receiver_t *receiver;
332
333 /**
334 * The Scheduler-Thread.
335 */
336 scheduler_t *scheduler;
337
338 /**
339 * The Thread pool managing the worker threads.
340 */
341 thread_pool_t *thread_pool;
342
343 /**
344 * Kernel Interface to communicate with kernel
345 */
346 kernel_interface_t *kernel_interface;
347
348 /**
349 * IPC interface, as whack in pluto
350 */
351 stroke_t *stroke;
352
353 /**
354 * @brief Shut down the daemon.
355 *
356 * @param this the daemon to kill
357 * @param reason describtion why it will be killed
358 */
359 void (*kill) (daemon_t *this, char *reason);
360 };
361
362 /**
363 * The one and only instance of the daemon.
364 */
365 extern daemon_t *charon;
366
367 #endif /*DAEMON_H_*/