loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
[strongswan.git] / src / charon / daemon.h
1 /*
2 * Copyright (C) 2006-2007 Tobias Brunner
3 * Copyright (C) 2006 Daniel Roethlisberger
4 * Copyright (C) 2005-2008 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 *
18 * $Id$
19 */
20
21 /**
22 * @defgroup charon charon
23 *
24 * @defgroup bus bus
25 * @ingroup charon
26 *
27 * @defgroup listeners listeners
28 * @ingroup bus
29 *
30 * @defgroup config config
31 * @ingroup charon
32 *
33 * @defgroup control control
34 * @ingroup charon
35 *
36 * @defgroup ccredentials credentials
37 * @ingroup charon
38 *
39 * @defgroup sets sets
40 * @ingroup ccredentials
41 *
42 * @defgroup encoding encoding
43 * @ingroup charon
44 *
45 * @defgroup payloads payloads
46 * @ingroup encoding
47 *
48 * @defgroup kernel kernel
49 * @ingroup charon
50 *
51 * @defgroup network network
52 * @ingroup charon
53 *
54 * @defgroup cplugins plugins
55 * @ingroup charon
56 *
57 * @defgroup processing processing
58 * @ingroup charon
59 *
60 * @defgroup jobs jobs
61 * @ingroup processing
62 *
63 * @defgroup sa sa
64 * @ingroup charon
65 *
66 * @defgroup authenticators authenticators
67 * @ingroup sa
68 *
69 * @defgroup eap eap
70 * @ingroup authenticators
71 *
72 * @defgroup tasks tasks
73 * @ingroup sa
74 *
75 * @addtogroup charon
76 * @{
77 *
78 * IKEv2 keying daemon.
79 *
80 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
81 * architecture than pluto. Charon uses a thread-pool (called processor),
82 * which allows parallel execution SA-management. All threads originate
83 * from the processor. Work is delegated to the processor by queueing jobs
84 * to it.
85 @verbatim
86
87 +---------------------------------+ +----------------------------+
88 | controller | | config |
89 +---------------------------------+ +----------------------------+
90 | | | ^ ^ ^
91 V V V | | |
92
93 +----------+ +-----------+ +------+ +----------+ +----+
94 | receiver | | | | | +------+ | CHILD_SA | | K |
95 +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e |
96 | | | | SA |--| SA | | CHILD_SA | | r |
97 +------+---+ +-----------+ | | +------+ +----------+ | n |
98 <->| socket | | | Man- | | e |
99 +------+---+ +-----------+ | ager | +------+ +----------+ | l |
100 | | | | | | IKE- |--| CHILD_SA | | - |
101 +---+------+ | Processor |---| |--| SA | +----------+ | I |
102 | sender | | | | | +------+ | f |
103 +----------+ +-----------+ +------+ +----+
104
105 | | | | | |
106 V V V V V V
107 +---------------------------------+ +----------------------------+
108 | Bus | | credentials |
109 +---------------------------------+ +----------------------------+
110
111 @endverbatim
112 * The scheduler is responsible to execute timed events. Jobs may be queued to
113 * the scheduler to get executed at a defined time (e.g. rekeying). The
114 * scheduler does not execute the jobs itself, it queues them to the processor.
115 *
116 * The IKE_SA manager managers all IKE_SA. It further handles the
117 * synchronization:
118 * Each IKE_SA must be checked out strictly and checked in again after use. The
119 * manager guarantees that only one thread may check out a single IKE_SA. This
120 * allows us to write the (complex) IKE_SAs routines non-threadsave.
121 * The IKE_SA contain the state and the logic of each IKE_SA and handle the
122 * messages.
123 *
124 * The CHILD_SA contains state about a IPsec security association and manages
125 * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
126 * takes place here through the kernel interface.
127 *
128 * The kernel interface installs IPsec security associations, policies, routes
129 * and virtual addresses. It further provides methods to enumerate interfaces
130 * and may notify the daemon about state changes at lower layers.
131 *
132 * The bus receives signals from the different threads and relais them to interested
133 * listeners. Debugging signals, but also important state changes or error
134 * messages are sent over the bus.
135 * It's listeners are not only for logging, but also to track the state of an
136 * IKE_SA.
137 *
138 * The controller, credential_manager, bus and backend_manager (config) are
139 * places where a plugin ca register itself to privide information or observe
140 * and control the daemon.
141 */
142
143 #ifndef DAEMON_H_
144 #define DAEMON_H_
145
146 typedef struct daemon_t daemon_t;
147
148 #include <network/sender.h>
149 #include <network/receiver.h>
150 #include <network/socket.h>
151 #include <processing/scheduler.h>
152 #include <processing/processor.h>
153 #include <kernel/kernel_interface.h>
154 #include <control/controller.h>
155 #include <bus/bus.h>
156 #include <bus/listeners/file_logger.h>
157 #include <bus/listeners/sys_logger.h>
158 #include <sa/ike_sa_manager.h>
159 #include <config/backend_manager.h>
160 #include <credentials/credential_manager.h>
161 #include <sa/authenticators/eap/eap_manager.h>
162 #include <plugins/plugin_loader.h>
163
164 #ifdef ME
165 #include <sa/connect_manager.h>
166 #include <sa/mediation_manager.h>
167 #endif /* ME */
168
169 /**
170 * Name of the daemon.
171 */
172 #define DAEMON_NAME "charon"
173
174 /**
175 * Number of threads in the thread pool.
176 */
177 #define WORKER_THREADS 16
178
179 /**
180 * UDP Port on which the daemon will listen for incoming traffic.
181 */
182 #define IKEV2_UDP_PORT 500
183
184 /**
185 * UDP Port to which the daemon will float to if NAT is detected.
186 */
187 #define IKEV2_NATT_PORT 4500
188
189 /**
190 * PID file, in which charon stores its process id
191 */
192 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
193
194
195 /**
196 * Main class of daemon, contains some globals.
197 */
198 struct daemon_t {
199
200 /**
201 * A socket_t instance.
202 */
203 socket_t *socket;
204
205 /**
206 * A ike_sa_manager_t instance.
207 */
208 ike_sa_manager_t *ike_sa_manager;
209
210 /**
211 * Manager for the different configuration backends.
212 */
213 backend_manager_t *backends;
214
215 /**
216 * Manager for the credential backends
217 */
218 credential_manager_t *credentials;
219
220 /**
221 * The Sender-Thread.
222 */
223 sender_t *sender;
224
225 /**
226 * The Receiver-Thread.
227 */
228 receiver_t *receiver;
229
230 /**
231 * The Scheduler-Thread.
232 */
233 scheduler_t *scheduler;
234
235 /**
236 * Job processing using a thread pool.
237 */
238 processor_t *processor;
239
240 /**
241 * The signaling bus.
242 */
243 bus_t *bus;
244
245 /**
246 * plugin loader
247 */
248 plugin_loader_t *plugins;
249
250 /**
251 * A bus listener logging to stdout
252 */
253 file_logger_t *outlog;
254
255 /**
256 * A bus listener logging to syslog
257 */
258 sys_logger_t *syslog;
259
260 /**
261 * A bus listener logging most important events
262 */
263 sys_logger_t *authlog;
264
265 /**
266 * Kernel Interface to communicate with kernel
267 */
268 kernel_interface_t *kernel_interface;
269
270 /**
271 * Controller to control the daemon
272 */
273 controller_t *controller;
274
275 /**
276 * EAP manager to maintain registered EAP methods
277 */
278 eap_manager_t *eap;
279
280 #ifdef ME
281 /**
282 * Connect manager
283 */
284 connect_manager_t *connect_manager;
285
286 /**
287 * Mediation manager
288 */
289 mediation_manager_t *mediation_manager;
290 #endif /* ME */
291
292 /**
293 * Shut down the daemon.
294 *
295 * @param reason describtion why it will be killed
296 */
297 void (*kill) (daemon_t *this, char *reason);
298 };
299
300 /**
301 * The one and only instance of the daemon.
302 */
303 extern daemon_t *charon;
304
305 #endif /*DAEMON_H_ @} */