moved credential_store.h from charon/config/credentials to libstrongswan
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #ifndef DAEMON_H_
26 #define DAEMON_H_
27
28 typedef struct daemon_t daemon_t;
29
30 #include <credential_store.h>
31
32 #include <threads/sender.h>
33 #include <threads/receiver.h>
34 #include <threads/scheduler.h>
35 #include <threads/kernel_interface.h>
36 #include <threads/thread_pool.h>
37 #include <threads/stroke_interface.h>
38 #include <network/socket.h>
39 #include <bus/bus.h>
40 #include <bus/listeners/file_logger.h>
41 #include <bus/listeners/sys_logger.h>
42 #include <sa/ike_sa_manager.h>
43 #include <queues/send_queue.h>
44 #include <queues/job_queue.h>
45 #include <queues/event_queue.h>
46 #include <config/configuration.h>
47 #include <config/connections/connection_store.h>
48 #include <config/policies/policy_store.h>
49
50 /**
51 * @defgroup charon charon
52 *
53 * @brief IKEv2 keying daemon.
54 *
55 * @section Architecture
56 *
57 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
58 * architecture than pluto. Charon uses a thread-pool, which allows parallel
59 * execution SA-management. Beside the thread-pool, there are some special purpose
60 * threads which do their job for the common health of the daemon.
61 @verbatim
62 +------+
63 | E Q |
64 | v u |---+ +------+ +------+
65 | e e | | | | | IKE- |
66 | n u | +-----------+ | |--| SA |
67 | t e | | | | I M | +------+
68 +------------+ | - | | Scheduler | | K a |
69 | receiver | +------+ | | | E n | +------+
70 +----+-------+ +-----------+ | - a | | IKE- |
71 | | +------+ | | S g |--| SA |
72 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
73 -| socket | | o u | | | | - r |
74 +-------+--+ | b e | | Thread- | | |
75 | | - u | | Pool | | |
76 +----+-------+ | e |------| |---| |
77 | sender | +------+ +------------+ +------+
78 +----+-------+
79 | +------+
80 | | S Q |
81 | | e u |
82 | | n e |
83 +------------| d u |
84 | - e |
85 +--+---+
86 @endverbatim
87 * The thread-pool is the heart of the architecture. It processes jobs from a
88 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
89 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
90 * This makes it unnecesary to use further synchronisation methods once a IKE SA
91 * is checked out. The (rather complex) synchronization of IKE SAs is completely
92 * done in the IKE SA manager.
93 * The sceduler is responsible for event firing. It waits until a event in the
94 * (fully synchronized) event-queue is ready for processing and pushes the event
95 * down to the job-queue. A thread form the pool will pick it up as quick as
96 * possible. Every thread can queue events or jobs. Furter, an event can place a
97 * packet in the send-queue. The sender thread waits for those packets and sends
98 * them over the wire, via the socket. The receiver does exactly the opposite of
99 * the sender. It waits on the socket, reads in packets an places them on the
100 * job-queue for further processing by a thread from the pool.
101 * There are even more threads, not drawn in the upper scheme. The stroke thread
102 * is responsible for reading and processessing commands from another process. The
103 * kernel interface thread handles communication from and to the kernel via a
104 * netlink socket. It waits for kernel events and processes them appropriately.
105 */
106
107 /**
108 * @defgroup config config
109 *
110 * Classes implementing configuration related things.
111 *
112 * @ingroup charon
113 */
114
115 /**
116 * @defgroup encoding encoding
117 *
118 * Classes used to encode and decode IKEv2 messages.
119 *
120 * @ingroup charon
121 */
122
123 /**
124 * @defgroup payloads payloads
125 *
126 * Classes representing specific IKEv2 payloads.
127 *
128 * @ingroup encoding
129 */
130
131 /**
132 * @defgroup network network
133 *
134 * Classes for network relevant stuff.
135 *
136 * @ingroup charon
137 */
138
139 /**
140 * @defgroup queues queues
141 *
142 * Different kind of queues
143 * (thread save lists).
144 *
145 * @ingroup charon
146 */
147
148 /**
149 * @defgroup jobs jobs
150 *
151 * Jobs used in job queue and event queue.
152 *
153 * @ingroup queues
154 */
155
156 /**
157 * @defgroup sa sa
158 *
159 * Security associations for IKE and IPSec,
160 * and some helper classes.
161 *
162 * @ingroup charon
163 */
164
165 /**
166 * @defgroup tasks tasks
167 *
168 * Tasks process and build message payloads. They are used to create
169 * and process multiple exchanges.
170 *
171 * @ingroup sa
172 */
173
174 /**
175 * @defgroup authenticators authenticators
176 *
177 * Authenticator classes to prove identity of peer.
178 *
179 * @ingroup sa
180 */
181
182 /**
183 * @defgroup eap eap
184 *
185 * EAP authentication module interface and it's implementations.
186 *
187 * @ingroup authenticators
188 */
189
190 /**
191 * @defgroup threads threads
192 *
193 * Threaded classes, which will do their job alone.
194 *
195 * @ingroup charon
196 */
197
198 /**
199 * @defgroup bus bus
200 *
201 * Signaling bus and its listeners.
202 *
203 * @ingroup charon
204 */
205
206 /**
207 * Name of the daemon.
208 *
209 * @ingroup charon
210 */
211 #define DAEMON_NAME "charon"
212
213 /**
214 * @brief Number of threads in the thread pool.
215 *
216 * There are several other threads, this defines
217 * only the number of threads in thread_pool_t.
218 *
219 * @ingroup charon
220 */
221 #define NUMBER_OF_WORKING_THREADS 4
222
223 /**
224 * UDP Port on which the daemon will listen for incoming traffic.
225 *
226 * @ingroup charon
227 */
228 #define IKEV2_UDP_PORT 500
229
230 /**
231 * UDP Port to which the daemon will float to if NAT is detected.
232 *
233 * @ingroup charon
234 */
235 #define IKEV2_NATT_PORT 4500
236
237 /**
238 * PID file, in which charon stores its process id
239 *
240 * @ingroup charon
241 */
242 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
243
244 /**
245 * Configuration directory
246 *
247 * @ingroup charon
248 */
249 #define CONFIG_DIR IPSEC_CONFDIR
250
251 /**
252 * Directory of IPsec relevant files
253 *
254 * @ingroup charon
255 */
256 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
257
258 /**
259 * Default directory for private keys
260 *
261 * @ingroup charon
262 */
263 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
264
265 /**
266 * Default directory for end entity certificates
267 *
268 * @ingroup charon
269 */
270 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
271
272 /**
273 * Default directory for trusted CA certificates
274 *
275 * @ingroup charon
276 */
277 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
278
279 /**
280 * Default directory for OCSP signing certificates
281 *
282 * @ingroup charon
283 */
284 #define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
285
286 /**
287 * Default directory for CRLs
288 *
289 * @ingroup charon
290 */
291 #define CRL_DIR IPSEC_D_DIR "/crls"
292
293 /**
294 * Secrets files
295 *
296 * @ingroup charon
297 */
298 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
299
300 /**
301 * @brief Main class of daemon, contains some globals.
302 *
303 * @ingroup charon
304 */
305 struct daemon_t {
306 /**
307 * A socket_t instance.
308 */
309 socket_t *socket;
310
311 /**
312 * A send_queue_t instance.
313 */
314 send_queue_t *send_queue;
315
316 /**
317 * A job_queue_t instance.
318 */
319 job_queue_t *job_queue;
320
321 /**
322 * A event_queue_t instance.
323 */
324 event_queue_t *event_queue;
325
326 /**
327 * A ike_sa_manager_t instance.
328 */
329 ike_sa_manager_t *ike_sa_manager;
330
331 /**
332 * A configuration_t instance.
333 */
334 configuration_t *configuration;
335
336 /**
337 * A connection_store_t instance.
338 */
339 connection_store_t *connections;
340
341 /**
342 * A policy_store_t instance.
343 */
344 policy_store_t *policies;
345
346 /**
347 * A credential_store_t instance.
348 */
349 credential_store_t *credentials;
350
351 /**
352 * The Sender-Thread.
353 */
354 sender_t *sender;
355
356 /**
357 * The Receiver-Thread.
358 */
359 receiver_t *receiver;
360
361 /**
362 * The Scheduler-Thread.
363 */
364 scheduler_t *scheduler;
365
366 /**
367 * The Thread pool managing the worker threads.
368 */
369 thread_pool_t *thread_pool;
370
371 /**
372 * The signaling bus.
373 */
374 bus_t *bus;
375
376 /**
377 * A bus listener logging to stdout
378 */
379 file_logger_t *outlog;
380
381 /**
382 * A bus listener logging to syslog
383 */
384 sys_logger_t *syslog;
385
386 /**
387 * A bus listener logging most important events
388 */
389 sys_logger_t *authlog;
390
391 /**
392 * Kernel Interface to communicate with kernel
393 */
394 kernel_interface_t *kernel_interface;
395
396 /**
397 * IPC interface, as whack in pluto
398 */
399 stroke_t *stroke;
400
401 /**
402 * @brief Shut down the daemon.
403 *
404 * @param this the daemon to kill
405 * @param reason describtion why it will be killed
406 */
407 void (*kill) (daemon_t *this, char *reason);
408 };
409
410 /**
411 * The one and only instance of the daemon.
412 */
413 extern daemon_t *charon;
414
415 #endif /*DAEMON_H_*/