2 * Copyright (C) 2006-2010 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 #include <sys/types.h>
25 # ifdef HAVE_SYS_CAPABILITY_H
26 # include <sys/capability.h>
27 # elif defined(CAPABILITIES_NATIVE)
28 # include <linux/capability.h>
29 # endif /* CAPABILITIES_NATIVE */
30 #endif /* CAPABILITIES */
32 #define USE_TNC /* for tnccs_manager */
37 #include <config/proposal.h>
38 #include <kernel/kernel_handler.h>
39 #include <processing/jobs/start_action_job.h>
41 typedef struct private_daemon_t private_daemon_t
;
44 * Private additions to daemon_t, contains threads and internal functions.
46 struct private_daemon_t
{
48 * Public members of daemon_t.
53 * Handler for kernel events
55 kernel_handler_t
*kernel_handler
;
58 * capabilities to keep
60 #ifdef CAPABILITIES_LIBCAP
62 #endif /* CAPABILITIES_LIBCAP */
63 #ifdef CAPABILITIES_NATIVE
64 struct __user_cap_data_struct caps
[2];
65 #endif /* CAPABILITIES_NATIVE */
70 * One and only instance of the daemon.
75 * hook in library for debugging messages
77 extern void (*dbg
) (debug_t group
, level_t level
, char *fmt
, ...);
80 * we store the previous debug function so we can reset it
82 static void (*dbg_old
) (debug_t group
, level_t level
, char *fmt
, ...);
85 * Logging hook for library logs, spreads debug message over bus
87 static void dbg_bus(debug_t group
, level_t level
, char *fmt
, ...)
92 charon
->bus
->vlog(charon
->bus
, group
, level
, fmt
, args
);
97 * Clean up all daemon resources
99 static void destroy(private_daemon_t
*this)
101 /* terminate all idle threads */
102 lib
->processor
->set_threads(lib
->processor
, 0);
104 /* close all IKE_SAs */
105 if (this->public.ike_sa_manager
)
107 this->public.ike_sa_manager
->flush(this->public.ike_sa_manager
);
109 DESTROY_IF(this->public.receiver
);
110 DESTROY_IF(this->public.sender
);
111 /* unload plugins to release threads */
112 lib
->plugins
->unload(lib
->plugins
);
113 #ifdef CAPABILITIES_LIBCAP
114 cap_free(this->caps
);
115 #endif /* CAPABILITIES_LIBCAP */
116 DESTROY_IF(this->kernel_handler
);
117 DESTROY_IF(this->public.traps
);
118 DESTROY_IF(this->public.shunts
);
119 DESTROY_IF(this->public.ike_sa_manager
);
120 DESTROY_IF(this->public.controller
);
121 DESTROY_IF(this->public.eap
);
122 DESTROY_IF(this->public.tnccs
);
124 DESTROY_IF(this->public.connect_manager
);
125 DESTROY_IF(this->public.mediation_manager
);
127 DESTROY_IF(this->public.backends
);
128 DESTROY_IF(this->public.socket
);
130 /* rehook library logging, shutdown logging */
132 DESTROY_IF(this->public.bus
);
133 this->public.file_loggers
->destroy_offset(this->public.file_loggers
,
134 offsetof(file_logger_t
, destroy
));
135 this->public.sys_loggers
->destroy_offset(this->public.sys_loggers
,
136 offsetof(sys_logger_t
, destroy
));
140 METHOD(daemon_t
, keep_cap
, void,
141 private_daemon_t
*this, u_int cap
)
143 #ifdef CAPABILITIES_LIBCAP
144 cap_set_flag(this->caps
, CAP_EFFECTIVE
, 1, &cap
, CAP_SET
);
145 cap_set_flag(this->caps
, CAP_INHERITABLE
, 1, &cap
, CAP_SET
);
146 cap_set_flag(this->caps
, CAP_PERMITTED
, 1, &cap
, CAP_SET
);
147 #endif /* CAPABILITIES_LIBCAP */
148 #ifdef CAPABILITIES_NATIVE
156 this->caps
[i
].effective
|= 1 << cap
;
157 this->caps
[i
].permitted
|= 1 << cap
;
158 this->caps
[i
].inheritable
|= 1 << cap
;
159 #endif /* CAPABILITIES_NATIVE */
162 METHOD(daemon_t
, drop_capabilities
, bool,
163 private_daemon_t
*this)
165 #ifdef CAPABILITIES_LIBCAP
166 if (cap_set_proc(this->caps
) != 0)
170 #endif /* CAPABILITIES_LIBCAP */
171 #ifdef CAPABILITIES_NATIVE
172 struct __user_cap_header_struct header
= {
173 #if defined(_LINUX_CAPABILITY_VERSION_3)
174 .version
= _LINUX_CAPABILITY_VERSION_3
,
175 #elif defined(_LINUX_CAPABILITY_VERSION_2)
176 .version
= _LINUX_CAPABILITY_VERSION_2
,
177 #elif defined(_LINUX_CAPABILITY_VERSION_1)
178 .version
= _LINUX_CAPABILITY_VERSION_1
,
180 .version
= _LINUX_CAPABILITY_VERSION
,
183 if (capset(&header
, this->caps
) != 0)
187 #endif /* CAPABILITIES_NATIVE */
191 METHOD(daemon_t
, start
, void,
192 private_daemon_t
*this)
194 /* start the engine, go multithreaded */
195 lib
->processor
->set_threads(lib
->processor
,
196 lib
->settings
->get_int(lib
->settings
, "charon.threads",
203 static void print_plugins()
207 enumerator_t
*enumerator
;
211 enumerator
= lib
->plugins
->create_plugin_enumerator(lib
->plugins
);
212 while (len
< sizeof(buf
) && enumerator
->enumerate(enumerator
, &plugin
))
214 len
+= snprintf(&buf
[len
], sizeof(buf
)-len
, "%s ",
215 plugin
->get_name(plugin
));
217 enumerator
->destroy(enumerator
);
218 DBG1(DBG_DMN
, "loaded plugins: %s", buf
);
221 METHOD(daemon_t
, initialize
, bool,
222 private_daemon_t
*this)
224 DBG1(DBG_DMN
, "Starting IKEv2 charon daemon (strongSwan "VERSION
")");
228 DBG1(DBG_DMN
, "integrity tests enabled:");
229 DBG1(DBG_DMN
, "lib 'libstrongswan': passed file and segment integrity tests");
230 DBG1(DBG_DMN
, "lib 'libhydra': passed file and segment integrity tests");
231 DBG1(DBG_DMN
, "lib 'libcharon': passed file and segment integrity tests");
232 DBG1(DBG_DMN
, "daemon 'charon': passed file integrity test");
235 /* load plugins, further infrastructure may need it */
236 if (!lib
->plugins
->load(lib
->plugins
, NULL
,
237 lib
->settings
->get_str(lib
->settings
, "charon.load", PLUGINS
)))
244 this->public.ike_sa_manager
= ike_sa_manager_create();
245 if (this->public.ike_sa_manager
== NULL
)
249 this->public.sender
= sender_create();
250 this->public.receiver
= receiver_create();
251 if (this->public.receiver
== NULL
)
256 /* Queue start_action job */
257 lib
->processor
->queue_job(lib
->processor
, (job_t
*)start_action_job_create());
260 this->public.connect_manager
= connect_manager_create();
261 if (this->public.connect_manager
== NULL
)
265 this->public.mediation_manager
= mediation_manager_create();
274 private_daemon_t
*daemon_create()
276 private_daemon_t
*this;
280 .keep_cap
= _keep_cap
,
281 .drop_capabilities
= _drop_capabilities
,
282 .initialize
= _initialize
,
285 .file_loggers
= linked_list_create(),
286 .sys_loggers
= linked_list_create(),
289 charon
= &this->public;
290 this->public.controller
= controller_create();
291 this->public.eap
= eap_manager_create();
292 this->public.tnccs
= tnccs_manager_create();
293 this->public.backends
= backend_manager_create();
294 this->public.socket
= socket_manager_create();
295 this->public.traps
= trap_manager_create();
296 this->public.shunts
= shunt_manager_create();
297 this->kernel_handler
= kernel_handler_create();
300 #ifdef CAPABILITIES_LIBCAP
301 this->caps
= cap_init();
302 #endif /* CAPABILITIES_LIBCAP */
303 keep_cap(this, CAP_NET_ADMIN
);
304 if (lib
->leak_detective
)
306 keep_cap(this, CAP_SYS_NICE
);
308 #endif /* CAPABILITIES */
314 * Described in header.
316 void libcharon_deinit()
318 destroy((private_daemon_t
*)charon
);
323 * Described in header.
325 bool libcharon_init()
329 /* for uncritical pseudo random numbers */
330 srandom(time(NULL
) + getpid());
332 /* set up hook to log dbg message in library via charons message bus */
336 lib
->printf_hook
->add_handler(lib
->printf_hook
, 'P',
337 proposal_printf_hook
,
338 PRINTF_HOOK_ARGTYPE_POINTER
,
339 PRINTF_HOOK_ARGTYPE_END
);
341 if (lib
->integrity
&&
342 !lib
->integrity
->check(lib
->integrity
, "libcharon", libcharon_init
))
344 dbg(DBG_DMN
, 1, "integrity check of libcharon failed");