updated Doxyfile
[strongswan.git] / src / charon / daemon.h
1 /*
2 * Copyright (C) 2006-2007 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2008 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 *
18 * $Id$
19 */
20
21 /**
22 * @defgroup charon charon
23 *
24 * @defgroup bus bus
25 * @ingroup charon
26 *
27 * @defgroup listeners listeners
28 * @ingroup bus
29 *
30 * @defgroup config config
31 * @ingroup charon
32 *
33 * @defgroup attributes attributes
34 * @ingroup config
35 *
36 * @defgroup control control
37 * @ingroup charon
38 *
39 * @defgroup ccredentials credentials
40 * @ingroup charon
41 *
42 * @defgroup sets sets
43 * @ingroup ccredentials
44 *
45 * @defgroup encoding encoding
46 * @ingroup charon
47 *
48 * @defgroup payloads payloads
49 * @ingroup encoding
50 *
51 * @defgroup kernel kernel
52 * @ingroup charon
53 *
54 * @defgroup network network
55 * @ingroup charon
56 *
57 * @defgroup cplugins plugins
58 * @ingroup charon
59 *
60 * @defgroup processing processing
61 * @ingroup charon
62 *
63 * @defgroup jobs jobs
64 * @ingroup processing
65 *
66 * @defgroup sa sa
67 * @ingroup charon
68 *
69 * @defgroup authenticators authenticators
70 * @ingroup sa
71 *
72 * @defgroup eap eap
73 * @ingroup authenticators
74 *
75 * @defgroup tasks tasks
76 * @ingroup sa
77 *
78 * @addtogroup charon
79 * @{
80 *
81 * IKEv2 keying daemon.
82 *
83 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
84 * architecture than pluto. Charon uses a thread-pool (called processor),
85 * which allows parallel execution SA-management. All threads originate
86 * from the processor. Work is delegated to the processor by queueing jobs
87 * to it.
88 @verbatim
89
90 +---------------------------------+ +----------------------------+
91 | controller | | config |
92 +---------------------------------+ +----------------------------+
93 | | | ^ ^ ^
94 V V V | | |
95
96 +----------+ +-----------+ +------+ +----------+ +----+
97 | receiver | | | | | +------+ | CHILD_SA | | K |
98 +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e |
99 | | | | SA |--| SA | | CHILD_SA | | r |
100 +------+---+ +-----------+ | | +------+ +----------+ | n |
101 <->| socket | | | Man- | | e |
102 +------+---+ +-----------+ | ager | +------+ +----------+ | l |
103 | | | | | | IKE- |--| CHILD_SA | | - |
104 +---+------+ | Processor |---| |--| SA | +----------+ | I |
105 | sender | | | | | +------+ | f |
106 +----------+ +-----------+ +------+ +----+
107
108 | | | | | |
109 V V V V V V
110 +---------------------------------+ +----------------------------+
111 | Bus | | credentials |
112 +---------------------------------+ +----------------------------+
113
114 @endverbatim
115 * The scheduler is responsible to execute timed events. Jobs may be queued to
116 * the scheduler to get executed at a defined time (e.g. rekeying). The
117 * scheduler does not execute the jobs itself, it queues them to the processor.
118 *
119 * The IKE_SA manager managers all IKE_SA. It further handles the
120 * synchronization:
121 * Each IKE_SA must be checked out strictly and checked in again after use. The
122 * manager guarantees that only one thread may check out a single IKE_SA. This
123 * allows us to write the (complex) IKE_SAs routines non-threadsave.
124 * The IKE_SA contain the state and the logic of each IKE_SA and handle the
125 * messages.
126 *
127 * The CHILD_SA contains state about a IPsec security association and manages
128 * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
129 * takes place here through the kernel interface.
130 *
131 * The kernel interface installs IPsec security associations, policies, routes
132 * and virtual addresses. It further provides methods to enumerate interfaces
133 * and may notify the daemon about state changes at lower layers.
134 *
135 * The bus receives signals from the different threads and relais them to interested
136 * listeners. Debugging signals, but also important state changes or error
137 * messages are sent over the bus.
138 * It's listeners are not only for logging, but also to track the state of an
139 * IKE_SA.
140 *
141 * The controller, credential_manager, bus and backend_manager (config) are
142 * places where a plugin ca register itself to privide information or observe
143 * and control the daemon.
144 */
145
146 #ifndef DAEMON_H_
147 #define DAEMON_H_
148
149 typedef struct daemon_t daemon_t;
150
151 #include <network/sender.h>
152 #include <network/receiver.h>
153 #include <network/socket.h>
154 #include <processing/scheduler.h>
155 #include <processing/processor.h>
156 #include <kernel/kernel_interface.h>
157 #include <control/controller.h>
158 #include <bus/bus.h>
159 #include <bus/listeners/file_logger.h>
160 #include <bus/listeners/sys_logger.h>
161 #include <sa/ike_sa_manager.h>
162 #include <config/backend_manager.h>
163 #include <config/attributes/attribute_manager.h>
164 #include <credentials/credential_manager.h>
165 #include <sa/authenticators/eap/eap_manager.h>
166 #include <sa/authenticators/eap/sim_manager.h>
167
168 #ifdef ME
169 #include <sa/connect_manager.h>
170 #include <sa/mediation_manager.h>
171 #endif /* ME */
172
173 /**
174 * Name of the daemon.
175 */
176 #define DAEMON_NAME "charon"
177
178 /**
179 * Number of threads in the thread pool, if not specified in config.
180 */
181 #define DEFAULT_THREADS 16
182
183 /**
184 * UDP Port on which the daemon will listen for incoming traffic.
185 */
186 #define IKEV2_UDP_PORT 500
187
188 /**
189 * UDP Port to which the daemon will float to if NAT is detected.
190 */
191 #define IKEV2_NATT_PORT 4500
192
193 /**
194 * PID file, in which charon stores its process id
195 */
196 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
197
198
199 /**
200 * Main class of daemon, contains some globals.
201 */
202 struct daemon_t {
203
204 /**
205 * A socket_t instance.
206 */
207 socket_t *socket;
208
209 /**
210 * A ike_sa_manager_t instance.
211 */
212 ike_sa_manager_t *ike_sa_manager;
213
214 /**
215 * Manager for the different configuration backends.
216 */
217 backend_manager_t *backends;
218
219 /**
220 * Manager for IKEv2 cfg payload attributes
221 */
222 attribute_manager_t *attributes;
223
224 /**
225 * Manager for the credential backends
226 */
227 credential_manager_t *credentials;
228
229 /**
230 * The Sender-Thread.
231 */
232 sender_t *sender;
233
234 /**
235 * The Receiver-Thread.
236 */
237 receiver_t *receiver;
238
239 /**
240 * The Scheduler-Thread.
241 */
242 scheduler_t *scheduler;
243
244 /**
245 * Job processing using a thread pool.
246 */
247 processor_t *processor;
248
249 /**
250 * The signaling bus.
251 */
252 bus_t *bus;
253
254 /**
255 * A list of installed file_logger_t's
256 */
257 linked_list_t *file_loggers;
258
259 /**
260 * A list of installed sys_logger_t's
261 */
262 linked_list_t *sys_loggers;
263
264 /**
265 * Kernel Interface to communicate with kernel
266 */
267 kernel_interface_t *kernel_interface;
268
269 /**
270 * Controller to control the daemon
271 */
272 controller_t *controller;
273
274 /**
275 * EAP manager to maintain registered EAP methods
276 */
277 eap_manager_t *eap;
278
279 /**
280 * SIM manager to maintain SIM cards/providers
281 */
282 sim_manager_t *sim;
283
284 #ifdef ME
285 /**
286 * Connect manager
287 */
288 connect_manager_t *connect_manager;
289
290 /**
291 * Mediation manager
292 */
293 mediation_manager_t *mediation_manager;
294 #endif /* ME */
295
296 /**
297 * User ID the daemon will user after initialization
298 */
299 uid_t uid;
300
301 /**
302 * Group ID the daemon will use after initialization
303 */
304 gid_t gid;
305
306 /**
307 * The thread_id of main-thread.
308 */
309 pthread_t main_thread_id;
310
311 /**
312 * Do not drop a given capability after initialization.
313 *
314 * Some plugins might need additional capabilites. They tell the daemon
315 * during plugin initialization which one they need, the daemon won't
316 * drop these.
317 */
318 void (*keep_cap)(daemon_t *this, u_int cap);
319
320 /**
321 * Shut down the daemon.
322 *
323 * @param reason describtion why it will be killed
324 */
325 void (*kill) (daemon_t *this, char *reason);
326 };
327
328 /**
329 * The one and only instance of the daemon.
330 */
331 extern daemon_t *charon;
332
333 #endif /** DAEMON_H_ @}*/