cosmetics
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #ifndef DAEMON_H_
26 #define DAEMON_H_
27
28 typedef struct daemon_t daemon_t;
29
30 #include <credential_store.h>
31
32 #include <network/sender.h>
33 #include <network/receiver.h>
34 #include <network/socket.h>
35 #include <processing/scheduler.h>
36 #include <processing/thread_pool.h>
37 #include <processing/job_queue.h>
38 #include <processing/event_queue.h>
39 #include <kernel/kernel_interface.h>
40 #include <control/interface_manager.h>
41 #include <bus/bus.h>
42 #include <bus/listeners/file_logger.h>
43 #include <bus/listeners/sys_logger.h>
44 #include <sa/ike_sa_manager.h>
45 #include <config/backend_manager.h>
46
47 /**
48 * @defgroup charon charon
49 *
50 * @brief IKEv2 keying daemon.
51 *
52 * @section Architecture
53 *
54 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
55 * architecture than pluto. Charon uses a thread-pool, which allows parallel
56 * execution SA-management. Beside the thread-pool, there are some special purpose
57 * threads which do their job for the common health of the daemon.
58 @verbatim
59 +------+
60 | E Q |
61 | v u |---+ +------+ +------+
62 | e e | | | | | IKE- |
63 | n u | +-----------+ | |--| SA |
64 | t e | | | | I M | +------+
65 +------------+ | - | | Scheduler | | K a |
66 | receiver | +------+ | | | E n | +------+
67 +----+-------+ +-----------+ | - a | | IKE- |
68 | | +------+ | | S g |--| SA |
69 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
70 -| socket | | o u | | | | - r |
71 +-------+--+ | b e | | Thread- | | |
72 | | - u | | Pool | | |
73 +----+-------+ | e |------| |---| |
74 | sender | +------+ +------------+ +------+
75 +------------+
76
77 @endverbatim
78 * The thread-pool is the heart of the architecture. It processes jobs from a
79 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
80 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
81 * This makes it unnecesary to use further synchronisation methods once a IKE SA
82 * is checked out. The (rather complex) synchronization of IKE SAs is completely
83 * done in the IKE SA manager.
84 * The sceduler is responsible for event firing. It waits until a event in the
85 * (fully synchronized) event-queue is ready for processing and pushes the event
86 * down to the job-queue. A thread form the pool will pick it up as quick as
87 * possible. Every thread can queue events or jobs. Furter, an event can place a
88 * packet in the sender. The sender thread waits for those packets and sends
89 * them over the wire, via the socket. The receiver does exactly the opposite of
90 * the sender. It waits on the socket, reads in packets an places them on the
91 * job-queue for further processing by a thread from the pool.
92 * There are even more threads, not drawn in the upper scheme. The stroke thread
93 * is responsible for reading and processessing commands from another process. The
94 * kernel interface thread handles communication from and to the kernel via a
95 * netlink socket. It waits for kernel events and processes them appropriately.
96 */
97
98 /**
99 * @defgroup bus bus
100 *
101 * Signaling bus and its listeners.
102 *
103 * @ingroup charon
104 */
105
106 /**
107 * @defgroup config config
108 *
109 * Classes implementing configuration related things.
110 *
111 * @ingroup charon
112 */
113
114 /**
115 * @defgroup backends backends
116 *
117 * Classes implementing configuration backends.
118 *
119 * @ingroup config
120 */
121
122 /**
123 * @defgroup credentials credentials
124 *
125 * Trust chain verification and certificate store.
126 *
127 * @ingroup config
128 */
129
130 /**
131 * @defgroup control control
132 *
133 * Handling of loadable control interface modules.
134 *
135 * @ingroup charon
136 */
137
138 /**
139 * @defgroup interfaces interfaces
140 *
141 * Classes which control the daemon using IPC mechanisms.
142 *
143 * @ingroup control
144 */
145
146 /**
147 * @defgroup encoding encoding
148 *
149 * Classes used to encode and decode IKEv2 messages.
150 *
151 * @ingroup charon
152 */
153
154 /**
155 * @defgroup payloads payloads
156 *
157 * Classes representing specific IKEv2 payloads.
158 *
159 * @ingroup encoding
160 */
161
162 /**
163 * @defgroup kernel kernel
164 *
165 * Classes to configure and query the kernel.
166 *
167 * @ingroup charon
168 */
169
170 /**
171 * @defgroup network network
172 *
173 * Classes for sending and receiving UDP packets over the network.
174 *
175 * @ingroup charon
176 */
177
178 /**
179 * @defgroup processing processing
180 *
181 * Queueing, scheduling and processing of jobs
182 *
183 * @ingroup charon
184 */
185
186 /**
187 * @defgroup jobs jobs
188 *
189 * Jobs to queue, schedule and process.
190 *
191 * @ingroup processing
192 */
193
194 /**
195 * @defgroup sa sa
196 *
197 * Security associations for IKE and IPSec, and its helper classes.
198 *
199 * @ingroup charon
200 */
201
202 /**
203 * @defgroup authenticators authenticators
204 *
205 * Authenticator classes to prove identity of a peer.
206 *
207 * @ingroup sa
208 */
209
210 /**
211 * @defgroup eap eap
212 *
213 * EAP module loader, interface and it's implementations.
214 *
215 * @ingroup authenticators
216 */
217
218 /**
219 * @defgroup tasks tasks
220 *
221 * Tasks process and build message payloads. They are used to create
222 * and process multiple exchanges.
223 *
224 * @ingroup sa
225 */
226
227 /**
228 * Name of the daemon.
229 *
230 * @ingroup charon
231 */
232 #define DAEMON_NAME "charon"
233
234 /**
235 * @brief Number of threads in the thread pool.
236 *
237 * There are several other threads, this defines
238 * only the number of threads in thread_pool_t.
239 *
240 * @ingroup charon
241 */
242 #define NUMBER_OF_WORKING_THREADS 4
243
244 /**
245 * UDP Port on which the daemon will listen for incoming traffic.
246 *
247 * @ingroup charon
248 */
249 #define IKEV2_UDP_PORT 500
250
251 /**
252 * UDP Port to which the daemon will float to if NAT is detected.
253 *
254 * @ingroup charon
255 */
256 #define IKEV2_NATT_PORT 4500
257
258 /**
259 * PID file, in which charon stores its process id
260 *
261 * @ingroup charon
262 */
263 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
264
265 /**
266 * Configuration directory
267 *
268 * @ingroup charon
269 */
270 #define CONFIG_DIR IPSEC_CONFDIR
271
272 /**
273 * Directory of IPsec relevant files
274 *
275 * @ingroup charon
276 */
277 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
278
279 /**
280 * Default directory for private keys
281 *
282 * @ingroup charon
283 */
284 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
285
286 /**
287 * Default directory for end entity certificates
288 *
289 * @ingroup charon
290 */
291 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
292
293 /**
294 * Default directory for trusted Certification Authority certificates
295 *
296 * @ingroup charon
297 */
298 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
299
300 /**
301 * Default directory for Authorization Authority certificates
302 *
303 * @ingroup charon
304 */
305 #define AA_CERTIFICATE_DIR IPSEC_D_DIR "/aacerts"
306
307 /**
308 * Default directory for Attribute certificates
309 *
310 * @ingroup charon
311 */
312 #define ATTR_CERTIFICATE_DIR IPSEC_D_DIR "/acerts"
313
314 /**
315 * Default directory for OCSP signing certificates
316 *
317 * @ingroup charon
318 */
319 #define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
320
321 /**
322 * Default directory for CRLs
323 *
324 * @ingroup charon
325 */
326 #define CRL_DIR IPSEC_D_DIR "/crls"
327
328 /**
329 * Secrets files
330 *
331 * @ingroup charon
332 */
333 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
334
335 /**
336 * @brief Main class of daemon, contains some globals.
337 *
338 * @ingroup charon
339 */
340 struct daemon_t {
341 /**
342 * A socket_t instance.
343 */
344 socket_t *socket;
345
346 /**
347 * A job_queue_t instance.
348 */
349 job_queue_t *job_queue;
350
351 /**
352 * A event_queue_t instance.
353 */
354 event_queue_t *event_queue;
355
356 /**
357 * A ike_sa_manager_t instance.
358 */
359 ike_sa_manager_t *ike_sa_manager;
360
361 /**
362 * Manager for the different configuration backends.
363 */
364 backend_manager_t *backends;
365
366 /**
367 * A credential_store_t instance.
368 */
369 credential_store_t *credentials;
370
371 /**
372 * The Sender-Thread.
373 */
374 sender_t *sender;
375
376 /**
377 * The Receiver-Thread.
378 */
379 receiver_t *receiver;
380
381 /**
382 * The Scheduler-Thread.
383 */
384 scheduler_t *scheduler;
385
386 /**
387 * The Thread pool managing the worker threads.
388 */
389 thread_pool_t *thread_pool;
390
391 /**
392 * The signaling bus.
393 */
394 bus_t *bus;
395
396 /**
397 * A bus listener logging to stdout
398 */
399 file_logger_t *outlog;
400
401 /**
402 * A bus listener logging to syslog
403 */
404 sys_logger_t *syslog;
405
406 /**
407 * A bus listener logging most important events
408 */
409 sys_logger_t *authlog;
410
411 /**
412 * Kernel Interface to communicate with kernel
413 */
414 kernel_interface_t *kernel_interface;
415
416 /**
417 * Interfaces for IPC
418 */
419 interface_manager_t *interfaces;
420
421 /**
422 * @brief Let the calling thread drop its capabilities.
423 *
424 * @param this calling daemon
425 * @param full TRUE to drop as many as possible
426 */
427 void (*drop_capabilities) (daemon_t *this, bool full);
428
429 /**
430 * @brief Shut down the daemon.
431 *
432 * @param this the daemon to kill
433 * @param reason describtion why it will be killed
434 */
435 void (*kill) (daemon_t *this, char *reason);
436 };
437
438 /**
439 * The one and only instance of the daemon.
440 */
441 extern daemon_t *charon;
442
443 #endif /*DAEMON_H_*/