further mobike improvements, regarding to NAT-T
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #ifndef DAEMON_H_
26 #define DAEMON_H_
27
28 typedef struct daemon_t daemon_t;
29
30 #include <credential_store.h>
31
32 #include <network/sender.h>
33 #include <network/receiver.h>
34 #include <network/socket.h>
35 #include <processing/scheduler.h>
36 #include <processing/processor.h>
37 #include <kernel/kernel_interface.h>
38 #include <control/interface_manager.h>
39 #include <bus/bus.h>
40 #include <bus/listeners/file_logger.h>
41 #include <bus/listeners/sys_logger.h>
42 #include <sa/ike_sa_manager.h>
43 #include <config/backend_manager.h>
44
45 /**
46 * @defgroup charon charon
47 *
48 * @brief IKEv2 keying daemon.
49 *
50 * @section Architecture
51 *
52 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
53 * architecture than pluto. Charon uses a thread-pool, which allows parallel
54 * execution SA-management. Beside the thread-pool, there are some special purpose
55 * threads which do their job for the common health of the daemon.
56 @verbatim
57 +------+
58 | E Q |
59 | v u |---+ +------+ +------+
60 | e e | | | | | IKE- |
61 | n u | +-----------+ | |--| SA |
62 | t e | | | | I M | +------+
63 +------------+ | - | | Scheduler | | K a |
64 | receiver | +------+ | | | E n | +------+
65 +----+-------+ +-----------+ | - a | | IKE- |
66 | | +------+ | | S g |--| SA |
67 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
68 -| socket | | o u | | | | - r |
69 +-------+--+ | b e | | Thread- | | |
70 | | - u | | Pool | | |
71 +----+-------+ | e |------| |---| |
72 | sender | +------+ +------------+ +------+
73 +------------+
74
75 @endverbatim
76 * The thread-pool is the heart of the architecture. It processes jobs from a
77 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
78 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
79 * This makes it unnecesary to use further synchronisation methods once a IKE SA
80 * is checked out. The (rather complex) synchronization of IKE SAs is completely
81 * done in the IKE SA manager.
82 * The sceduler is responsible for event firing. It waits until a event in the
83 * (fully synchronized) event-queue is ready for processing and pushes the event
84 * down to the job-queue. A thread form the pool will pick it up as quick as
85 * possible. Every thread can queue events or jobs. Furter, an event can place a
86 * packet in the sender. The sender thread waits for those packets and sends
87 * them over the wire, via the socket. The receiver does exactly the opposite of
88 * the sender. It waits on the socket, reads in packets an places them on the
89 * job-queue for further processing by a thread from the pool.
90 * There are even more threads, not drawn in the upper scheme. The stroke thread
91 * is responsible for reading and processessing commands from another process. The
92 * kernel interface thread handles communication from and to the kernel via a
93 * netlink socket. It waits for kernel events and processes them appropriately.
94 */
95
96 /**
97 * @defgroup bus bus
98 *
99 * Signaling bus and its listeners.
100 *
101 * @ingroup charon
102 */
103
104 /**
105 * @defgroup config config
106 *
107 * Classes implementing configuration related things.
108 *
109 * @ingroup charon
110 */
111
112 /**
113 * @defgroup backends backends
114 *
115 * Classes implementing configuration backends.
116 *
117 * @ingroup config
118 */
119
120 /**
121 * @defgroup credentials credentials
122 *
123 * Trust chain verification and certificate store.
124 *
125 * @ingroup config
126 */
127
128 /**
129 * @defgroup control control
130 *
131 * Handling of loadable control interface modules.
132 *
133 * @ingroup charon
134 */
135
136 /**
137 * @defgroup interfaces interfaces
138 *
139 * Classes which control the daemon using IPC mechanisms.
140 *
141 * @ingroup control
142 */
143
144 /**
145 * @defgroup encoding encoding
146 *
147 * Classes used to encode and decode IKEv2 messages.
148 *
149 * @ingroup charon
150 */
151
152 /**
153 * @defgroup payloads payloads
154 *
155 * Classes representing specific IKEv2 payloads.
156 *
157 * @ingroup encoding
158 */
159
160 /**
161 * @defgroup kernel kernel
162 *
163 * Classes to configure and query the kernel.
164 *
165 * @ingroup charon
166 */
167
168 /**
169 * @defgroup network network
170 *
171 * Classes for sending and receiving UDP packets over the network.
172 *
173 * @ingroup charon
174 */
175
176 /**
177 * @defgroup processing processing
178 *
179 * Queueing, scheduling and processing of jobs
180 *
181 * @ingroup charon
182 */
183
184 /**
185 * @defgroup jobs jobs
186 *
187 * Jobs to queue, schedule and process.
188 *
189 * @ingroup processing
190 */
191
192 /**
193 * @defgroup sa sa
194 *
195 * Security associations for IKE and IPSec, and its helper classes.
196 *
197 * @ingroup charon
198 */
199
200 /**
201 * @defgroup authenticators authenticators
202 *
203 * Authenticator classes to prove identity of a peer.
204 *
205 * @ingroup sa
206 */
207
208 /**
209 * @defgroup eap eap
210 *
211 * EAP module loader, interface and it's implementations.
212 *
213 * @ingroup authenticators
214 */
215
216 /**
217 * @defgroup tasks tasks
218 *
219 * Tasks process and build message payloads. They are used to create
220 * and process multiple exchanges.
221 *
222 * @ingroup sa
223 */
224
225 /**
226 * Name of the daemon.
227 *
228 * @ingroup charon
229 */
230 #define DAEMON_NAME "charon"
231
232 /**
233 * @brief Number of threads in the thread pool.
234 *
235 * @ingroup charon
236 */
237 #define WORKER_THREADS 16
238
239 /**
240 * UDP Port on which the daemon will listen for incoming traffic.
241 *
242 * @ingroup charon
243 */
244 #define IKEV2_UDP_PORT 500
245
246 /**
247 * UDP Port to which the daemon will float to if NAT is detected.
248 *
249 * @ingroup charon
250 */
251 #define IKEV2_NATT_PORT 4500
252
253 /**
254 * PID file, in which charon stores its process id
255 *
256 * @ingroup charon
257 */
258 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
259
260 /**
261 * Configuration directory
262 *
263 * @ingroup charon
264 */
265 #define CONFIG_DIR IPSEC_CONFDIR
266
267 /**
268 * Directory of IPsec relevant files
269 *
270 * @ingroup charon
271 */
272 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
273
274 /**
275 * Default directory for private keys
276 *
277 * @ingroup charon
278 */
279 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
280
281 /**
282 * Default directory for end entity certificates
283 *
284 * @ingroup charon
285 */
286 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
287
288 /**
289 * Default directory for trusted Certification Authority certificates
290 *
291 * @ingroup charon
292 */
293 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
294
295 /**
296 * Default directory for Authorization Authority certificates
297 *
298 * @ingroup charon
299 */
300 #define AA_CERTIFICATE_DIR IPSEC_D_DIR "/aacerts"
301
302 /**
303 * Default directory for Attribute certificates
304 *
305 * @ingroup charon
306 */
307 #define ATTR_CERTIFICATE_DIR IPSEC_D_DIR "/acerts"
308
309 /**
310 * Default directory for OCSP signing certificates
311 *
312 * @ingroup charon
313 */
314 #define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
315
316 /**
317 * Default directory for CRLs
318 *
319 * @ingroup charon
320 */
321 #define CRL_DIR IPSEC_D_DIR "/crls"
322
323 /**
324 * Secrets files
325 *
326 * @ingroup charon
327 */
328 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
329
330 /**
331 * @brief Main class of daemon, contains some globals.
332 *
333 * @ingroup charon
334 */
335 struct daemon_t {
336
337 /**
338 * A socket_t instance.
339 */
340 socket_t *socket;
341
342 /**
343 * A ike_sa_manager_t instance.
344 */
345 ike_sa_manager_t *ike_sa_manager;
346
347 /**
348 * Manager for the different configuration backends.
349 */
350 backend_manager_t *backends;
351
352 /**
353 * A credential_store_t instance.
354 */
355 credential_store_t *credentials;
356
357 /**
358 * The Sender-Thread.
359 */
360 sender_t *sender;
361
362 /**
363 * The Receiver-Thread.
364 */
365 receiver_t *receiver;
366
367 /**
368 * The Scheduler-Thread.
369 */
370 scheduler_t *scheduler;
371
372 /**
373 * Job processing using a thread pool.
374 */
375 processor_t *processor;
376
377 /**
378 * The signaling bus.
379 */
380 bus_t *bus;
381
382 /**
383 * A bus listener logging to stdout
384 */
385 file_logger_t *outlog;
386
387 /**
388 * A bus listener logging to syslog
389 */
390 sys_logger_t *syslog;
391
392 /**
393 * A bus listener logging most important events
394 */
395 sys_logger_t *authlog;
396
397 /**
398 * Kernel Interface to communicate with kernel
399 */
400 kernel_interface_t *kernel_interface;
401
402 /**
403 * Interfaces for IPC
404 */
405 interface_manager_t *interfaces;
406
407 /**
408 * @brief Shut down the daemon.
409 *
410 * @param this the daemon to kill
411 * @param reason describtion why it will be killed
412 */
413 void (*kill) (daemon_t *this, char *reason);
414 };
415
416 /**
417 * The one and only instance of the daemon.
418 */
419 extern daemon_t *charon;
420
421 #endif /*DAEMON_H_*/