Store the name of the binary using libcharon to enable specific settings.
[strongswan.git] / src / libcharon / daemon.h
1 /*
2 * Copyright (C) 2006-2012 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /**
20 * @defgroup libcharon libcharon
21 *
22 * @defgroup bus bus
23 * @ingroup libcharon
24 *
25 * @defgroup listeners listeners
26 * @ingroup bus
27 *
28 * @defgroup config config
29 * @ingroup libcharon
30 *
31 * @defgroup control control
32 * @ingroup libcharon
33 *
34 * @defgroup encoding encoding
35 * @ingroup libcharon
36 *
37 * @defgroup payloads payloads
38 * @ingroup encoding
39 *
40 * @defgroup ckernel kernel
41 * @ingroup libcharon
42 *
43 * @defgroup network network
44 * @ingroup libcharon
45 *
46 * @defgroup cplugins plugins
47 * @ingroup libcharon
48 *
49 * @defgroup cprocessing processing
50 * @ingroup libcharon
51 *
52 * @defgroup cjobs jobs
53 * @ingroup cprocessing
54 *
55 * @defgroup sa sa
56 * @ingroup libcharon
57 *
58 * @defgroup authenticators authenticators
59 * @ingroup sa
60 *
61 * @defgroup eap eap
62 * @ingroup authenticators
63 *
64 * @defgroup tasks tasks
65 * @ingroup sa
66 *
67 * @addtogroup libcharon
68 * @{
69 *
70 * IKEv2 keying daemon.
71 *
72 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
73 * architecture than pluto. Charon uses a thread-pool (called processor),
74 * which allows parallel execution SA-management. All threads originate
75 * from the processor. Work is delegated to the processor by queueing jobs
76 * to it.
77 @verbatim
78
79 +---------------------------------+ +----------------------------+
80 | controller | | config |
81 +---------------------------------+ +----------------------------+
82 | | | ^ ^ ^
83 V V V | | |
84
85 +----------+ +-----------+ +------+ +----------+ +----+
86 | receiver | | | | | +------+ | CHILD_SA | | K |
87 +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e |
88 | | | | SA |--| SA | | CHILD_SA | | r |
89 +------+---+ +-----------+ | | +------+ +----------+ | n |
90 <->| socket | | | Man- | | e |
91 +------+---+ +-----------+ | ager | +------+ +----------+ | l |
92 | | | | | | IKE- |--| CHILD_SA | | - |
93 +---+------+ | Processor |---| |--| SA | +----------+ | I |
94 | sender | | | | | +------+ | f |
95 +----------+ +-----------+ +------+ +----+
96
97 | | | | | |
98 V V V V V V
99 +---------------------------------+ +----------------------------+
100 | Bus | | credentials |
101 +---------------------------------+ +----------------------------+
102
103 @endverbatim
104 * The scheduler is responsible to execute timed events. Jobs may be queued to
105 * the scheduler to get executed at a defined time (e.g. rekeying). The
106 * scheduler does not execute the jobs itself, it queues them to the processor.
107 *
108 * The IKE_SA manager managers all IKE_SA. It further handles the
109 * synchronization:
110 * Each IKE_SA must be checked out strictly and checked in again after use. The
111 * manager guarantees that only one thread may check out a single IKE_SA. This
112 * allows us to write the (complex) IKE_SAs routines non-threadsave.
113 * The IKE_SA contain the state and the logic of each IKE_SA and handle the
114 * messages.
115 *
116 * The CHILD_SA contains state about a IPsec security association and manages
117 * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
118 * takes place here through the kernel interface.
119 *
120 * The kernel interface installs IPsec security associations, policies, routes
121 * and virtual addresses. It further provides methods to enumerate interfaces
122 * and may notify the daemon about state changes at lower layers.
123 *
124 * The bus receives signals from the different threads and relays them to
125 * interested listeners. Debugging signals, but also important state changes or
126 * error messages are sent over the bus.
127 * Its listeners are not only for logging, but also to track the state of an
128 * IKE_SA.
129 *
130 * The controller, credential_manager, bus and backend_manager (config) are
131 * places where a plugin ca register itself to privide information or observe
132 * and control the daemon.
133 */
134
135 #ifndef DAEMON_H_
136 #define DAEMON_H_
137
138 typedef struct daemon_t daemon_t;
139
140 #include <network/sender.h>
141 #include <network/receiver.h>
142 #include <network/socket_manager.h>
143 #include <control/controller.h>
144 #include <bus/bus.h>
145 #include <bus/listeners/file_logger.h>
146 #include <bus/listeners/sys_logger.h>
147 #include <sa/ike_sa_manager.h>
148 #include <sa/trap_manager.h>
149 #include <sa/shunt_manager.h>
150 #include <config/backend_manager.h>
151 #include <sa/eap/eap_manager.h>
152 #include <sa/xauth/xauth_manager.h>
153
154 #ifdef ME
155 #include <sa/ikev2/connect_manager.h>
156 #include <sa/ikev2/mediation_manager.h>
157 #endif /* ME */
158
159 /**
160 * Number of threads in the thread pool, if not specified in config.
161 */
162 #define DEFAULT_THREADS 16
163
164 /**
165 * UDP Port on which the daemon will listen for incoming traffic.
166 */
167 #define IKEV2_UDP_PORT 500
168
169 /**
170 * UDP Port to which the daemon will float to if NAT is detected.
171 */
172 #define IKEV2_NATT_PORT 4500
173
174 /**
175 * Main class of daemon, contains some globals.
176 */
177 struct daemon_t {
178
179 /**
180 * Socket manager instance
181 */
182 socket_manager_t *socket;
183
184 /**
185 * A ike_sa_manager_t instance.
186 */
187 ike_sa_manager_t *ike_sa_manager;
188
189 /**
190 * Manager for triggering policies, called traps
191 */
192 trap_manager_t *traps;
193
194 /**
195 * Manager for shunt PASS|DROP policies
196 */
197 shunt_manager_t *shunts;
198
199 /**
200 * Manager for the different configuration backends.
201 */
202 backend_manager_t *backends;
203
204 /**
205 * The Sender-Thread.
206 */
207 sender_t *sender;
208
209 /**
210 * The Receiver-Thread.
211 */
212 receiver_t *receiver;
213
214 /**
215 * The signaling bus.
216 */
217 bus_t *bus;
218
219 /**
220 * A list of installed file_logger_t's
221 */
222 linked_list_t *file_loggers;
223
224 /**
225 * A list of installed sys_logger_t's
226 */
227 linked_list_t *sys_loggers;
228
229 /**
230 * Controller to control the daemon
231 */
232 controller_t *controller;
233
234 /**
235 * EAP manager to maintain registered EAP methods
236 */
237 eap_manager_t *eap;
238
239 /**
240 * XAuth manager to maintain registered XAuth methods
241 */
242 xauth_manager_t *xauth;
243
244 #ifdef ME
245 /**
246 * Connect manager
247 */
248 connect_manager_t *connect_manager;
249
250 /**
251 * Mediation manager
252 */
253 mediation_manager_t *mediation_manager;
254 #endif /* ME */
255
256 /**
257 * User ID the daemon will user after initialization
258 */
259 uid_t uid;
260
261 /**
262 * Group ID the daemon will use after initialization
263 */
264 gid_t gid;
265
266 /**
267 * Name of the binary that uses the library (used for settings etc.)
268 */
269 const char *name;
270
271 /**
272 * Do not drop a given capability after initialization.
273 *
274 * Some plugins might need additional capabilites. They tell the daemon
275 * during plugin initialization which one they need, the daemon won't
276 * drop these.
277 */
278 void (*keep_cap)(daemon_t *this, u_int cap);
279
280 /**
281 * Drop all capabilities of the current process.
282 *
283 * Drops all capabalities, excect those exlcuded using keep_cap().
284 * This should be called after the initialization of the daemon because
285 * some plugins require the process to keep additional capabilities.
286 *
287 * @return TRUE, if successful
288 */
289 bool (*drop_capabilities)(daemon_t *this);
290
291 /**
292 * Initialize the daemon.
293 *
294 * @param plugins list of plugins to load
295 * @return TRUE, if successful
296 */
297 bool (*initialize)(daemon_t *this, char *plugins);
298
299 /**
300 * Starts the daemon, i.e. spawns the threads of the thread pool.
301 */
302 void (*start)(daemon_t *this);
303
304 };
305
306 /**
307 * The one and only instance of the daemon.
308 *
309 * Set between libcharon_init() and libcharon_deinit() calls.
310 */
311 extern daemon_t *charon;
312
313 /**
314 * Initialize libcharon and create the "charon" instance of daemon_t.
315 *
316 * This function initializes the bus, listeners can be registered before
317 * calling initialize().
318 *
319 * @param name name of the binary that uses the library
320 * @return FALSE if integrity check failed
321 */
322 bool libcharon_init(const char *name);
323
324 /**
325 * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
326 */
327 void libcharon_deinit();
328
329 #endif /** DAEMON_H_ @}*/