removed %M printf handler, five more to go
[strongswan.git] / src / charon / daemon.h
1 /**
2 * @file daemon.h
3 *
4 * @brief Interface of daemon_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
10 * Copyright (C) 2005-2006 Martin Willi
11 * Copyright (C) 2005 Jan Hutter
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #ifndef DAEMON_H_
26 #define DAEMON_H_
27
28 typedef struct daemon_t daemon_t;
29
30 #include <credential_store.h>
31
32 #include <network/sender.h>
33 #include <network/receiver.h>
34 #include <network/socket.h>
35 #include <processing/scheduler.h>
36 #include <processing/thread_pool.h>
37 #include <processing/job_queue.h>
38 #include <processing/event_queue.h>
39 #include <kernel/kernel_interface.h>
40 #include <control/stroke_interface.h>
41 #include <bus/bus.h>
42 #include <bus/listeners/file_logger.h>
43 #include <bus/listeners/sys_logger.h>
44 #include <sa/ike_sa_manager.h>
45 #include <config/cfg_store.h>
46 #include <config/backends/local_backend.h>
47
48 /**
49 * @defgroup charon charon
50 *
51 * @brief IKEv2 keying daemon.
52 *
53 * @section Architecture
54 *
55 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
56 * architecture than pluto. Charon uses a thread-pool, which allows parallel
57 * execution SA-management. Beside the thread-pool, there are some special purpose
58 * threads which do their job for the common health of the daemon.
59 @verbatim
60 +------+
61 | E Q |
62 | v u |---+ +------+ +------+
63 | e e | | | | | IKE- |
64 | n u | +-----------+ | |--| SA |
65 | t e | | | | I M | +------+
66 +------------+ | - | | Scheduler | | K a |
67 | receiver | +------+ | | | E n | +------+
68 +----+-------+ +-----------+ | - a | | IKE- |
69 | | +------+ | | S g |--| SA |
70 +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+
71 -| socket | | o u | | | | - r |
72 +-------+--+ | b e | | Thread- | | |
73 | | - u | | Pool | | |
74 +----+-------+ | e |------| |---| |
75 | sender | +------+ +------------+ +------+
76 +------------+
77
78 @endverbatim
79 * The thread-pool is the heart of the architecture. It processes jobs from a
80 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
81 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
82 * This makes it unnecesary to use further synchronisation methods once a IKE SA
83 * is checked out. The (rather complex) synchronization of IKE SAs is completely
84 * done in the IKE SA manager.
85 * The sceduler is responsible for event firing. It waits until a event in the
86 * (fully synchronized) event-queue is ready for processing and pushes the event
87 * down to the job-queue. A thread form the pool will pick it up as quick as
88 * possible. Every thread can queue events or jobs. Furter, an event can place a
89 * packet in the sender. The sender thread waits for those packets and sends
90 * them over the wire, via the socket. The receiver does exactly the opposite of
91 * the sender. It waits on the socket, reads in packets an places them on the
92 * job-queue for further processing by a thread from the pool.
93 * There are even more threads, not drawn in the upper scheme. The stroke thread
94 * is responsible for reading and processessing commands from another process. The
95 * kernel interface thread handles communication from and to the kernel via a
96 * netlink socket. It waits for kernel events and processes them appropriately.
97 */
98
99 /**
100 * @defgroup bus bus
101 *
102 * Signaling bus and its listeners.
103 *
104 * @ingroup charon
105 */
106
107 /**
108 * @defgroup config config
109 *
110 * Classes implementing configuration related things.
111 *
112 * @ingroup charon
113 */
114
115 /**
116 * @defgroup backends backends
117 *
118 * Classes implementing configuration backends.
119 *
120 * @ingroup config
121 */
122
123 /**
124 * @defgroup credentials credentials
125 *
126 * Trust chain verification and certificate store.
127 *
128 * @ingroup config
129 */
130
131 /**
132 * @defgroup control control
133 *
134 * Classes which control the daemon using IPC mechanisms.
135 *
136 * @ingroup charon
137 */
138
139 /**
140 * @defgroup encoding encoding
141 *
142 * Classes used to encode and decode IKEv2 messages.
143 *
144 * @ingroup charon
145 */
146
147 /**
148 * @defgroup payloads payloads
149 *
150 * Classes representing specific IKEv2 payloads.
151 *
152 * @ingroup encoding
153 */
154
155 /**
156 * @defgroup kernel kernel
157 *
158 * Classes to configure and query the kernel.
159 *
160 * @ingroup charon
161 */
162
163 /**
164 * @defgroup network network
165 *
166 * Classes for sending and receiving UDP packets over the network.
167 *
168 * @ingroup charon
169 */
170
171 /**
172 * @defgroup processing processing
173 *
174 * Queueing, scheduling and processing of jobs
175 *
176 * @ingroup charon
177 */
178
179 /**
180 * @defgroup jobs jobs
181 *
182 * Jobs to queue, schedule and process.
183 *
184 * @ingroup processing
185 */
186
187 /**
188 * @defgroup sa sa
189 *
190 * Security associations for IKE and IPSec, and its helper classes.
191 *
192 * @ingroup charon
193 */
194
195 /**
196 * @defgroup authenticators authenticators
197 *
198 * Authenticator classes to prove identity of a peer.
199 *
200 * @ingroup sa
201 */
202
203 /**
204 * @defgroup eap eap
205 *
206 * EAP module loader, interface and it's implementations.
207 *
208 * @ingroup authenticators
209 */
210
211 /**
212 * @defgroup tasks tasks
213 *
214 * Tasks process and build message payloads. They are used to create
215 * and process multiple exchanges.
216 *
217 * @ingroup sa
218 */
219
220 /**
221 * Name of the daemon.
222 *
223 * @ingroup charon
224 */
225 #define DAEMON_NAME "charon"
226
227 /**
228 * @brief Number of threads in the thread pool.
229 *
230 * There are several other threads, this defines
231 * only the number of threads in thread_pool_t.
232 *
233 * @ingroup charon
234 */
235 #define NUMBER_OF_WORKING_THREADS 4
236
237 /**
238 * UDP Port on which the daemon will listen for incoming traffic.
239 *
240 * @ingroup charon
241 */
242 #define IKEV2_UDP_PORT 500
243
244 /**
245 * UDP Port to which the daemon will float to if NAT is detected.
246 *
247 * @ingroup charon
248 */
249 #define IKEV2_NATT_PORT 4500
250
251 /**
252 * PID file, in which charon stores its process id
253 *
254 * @ingroup charon
255 */
256 #define PID_FILE IPSEC_PIDDIR "/charon.pid"
257
258 /**
259 * Configuration directory
260 *
261 * @ingroup charon
262 */
263 #define CONFIG_DIR IPSEC_CONFDIR
264
265 /**
266 * Directory of IPsec relevant files
267 *
268 * @ingroup charon
269 */
270 #define IPSEC_D_DIR CONFIG_DIR "/ipsec.d"
271
272 /**
273 * Default directory for private keys
274 *
275 * @ingroup charon
276 */
277 #define PRIVATE_KEY_DIR IPSEC_D_DIR "/private"
278
279 /**
280 * Default directory for end entity certificates
281 *
282 * @ingroup charon
283 */
284 #define CERTIFICATE_DIR IPSEC_D_DIR "/certs"
285
286 /**
287 * Default directory for trusted CA certificates
288 *
289 * @ingroup charon
290 */
291 #define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts"
292
293 /**
294 * Default directory for OCSP signing certificates
295 *
296 * @ingroup charon
297 */
298 #define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts"
299
300 /**
301 * Default directory for CRLs
302 *
303 * @ingroup charon
304 */
305 #define CRL_DIR IPSEC_D_DIR "/crls"
306
307 /**
308 * Secrets files
309 *
310 * @ingroup charon
311 */
312 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
313
314 /**
315 * @brief Main class of daemon, contains some globals.
316 *
317 * @ingroup charon
318 */
319 struct daemon_t {
320 /**
321 * A socket_t instance.
322 */
323 socket_t *socket;
324
325 /**
326 * A job_queue_t instance.
327 */
328 job_queue_t *job_queue;
329
330 /**
331 * A event_queue_t instance.
332 */
333 event_queue_t *event_queue;
334
335 /**
336 * A ike_sa_manager_t instance.
337 */
338 ike_sa_manager_t *ike_sa_manager;
339
340 /**
341 * A connection_store_t instance.
342 */
343 cfg_store_t *cfg_store;
344
345 /**
346 * A backend for cfg_store using in-memory lists
347 */
348 local_backend_t *local_backend;
349
350 /**
351 * A credential_store_t instance.
352 */
353 credential_store_t *credentials;
354
355 /**
356 * The Sender-Thread.
357 */
358 sender_t *sender;
359
360 /**
361 * The Receiver-Thread.
362 */
363 receiver_t *receiver;
364
365 /**
366 * The Scheduler-Thread.
367 */
368 scheduler_t *scheduler;
369
370 /**
371 * The Thread pool managing the worker threads.
372 */
373 thread_pool_t *thread_pool;
374
375 /**
376 * The signaling bus.
377 */
378 bus_t *bus;
379
380 /**
381 * A bus listener logging to stdout
382 */
383 file_logger_t *outlog;
384
385 /**
386 * A bus listener logging to syslog
387 */
388 sys_logger_t *syslog;
389
390 /**
391 * A bus listener logging most important events
392 */
393 sys_logger_t *authlog;
394
395 /**
396 * Kernel Interface to communicate with kernel
397 */
398 kernel_interface_t *kernel_interface;
399
400 /**
401 * IPC interface, as whack in pluto
402 */
403 stroke_t *stroke;
404
405 /**
406 * @brief Shut down the daemon.
407 *
408 * @param this the daemon to kill
409 * @param reason describtion why it will be killed
410 */
411 void (*kill) (daemon_t *this, char *reason);
412 };
413
414 /**
415 * The one and only instance of the daemon.
416 */
417 extern daemon_t *charon;
418
419 #endif /*DAEMON_H_*/