Respect line with in Makefile.am's, other cosmetics
[strongswan.git] / src / libcharon / daemon.h
1 /*
2 * Copyright (C) 2006-2010 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /**
20 * @defgroup libcharon libcharon
21 *
22 * @defgroup bus bus
23 * @ingroup libcharon
24 *
25 * @defgroup listeners listeners
26 * @ingroup bus
27 *
28 * @defgroup config config
29 * @ingroup libcharon
30 *
31 * @defgroup control control
32 * @ingroup libcharon
33 *
34 * @defgroup ccredentials credentials
35 * @ingroup libcharon
36 *
37 * @defgroup sets sets
38 * @ingroup ccredentials
39 *
40 * @defgroup encoding encoding
41 * @ingroup libcharon
42 *
43 * @defgroup payloads payloads
44 * @ingroup encoding
45 *
46 * @defgroup kernel kernel
47 * @ingroup libcharon
48 *
49 * @defgroup network network
50 * @ingroup libcharon
51 *
52 * @defgroup cplugins plugins
53 * @ingroup libcharon
54 *
55 * @defgroup processing processing
56 * @ingroup libcharon
57 *
58 * @defgroup jobs jobs
59 * @ingroup processing
60 *
61 * @defgroup sa sa
62 * @ingroup libcharon
63 *
64 * @defgroup authenticators authenticators
65 * @ingroup sa
66 *
67 * @defgroup eap eap
68 * @ingroup authenticators
69 *
70 * @defgroup tasks tasks
71 * @ingroup sa
72 *
73 * @addtogroup libcharon
74 * @{
75 *
76 * IKEv2 keying daemon.
77 *
78 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
79 * architecture than pluto. Charon uses a thread-pool (called processor),
80 * which allows parallel execution SA-management. All threads originate
81 * from the processor. Work is delegated to the processor by queueing jobs
82 * to it.
83 @verbatim
84
85 +---------------------------------+ +----------------------------+
86 | controller | | config |
87 +---------------------------------+ +----------------------------+
88 | | | ^ ^ ^
89 V V V | | |
90
91 +----------+ +-----------+ +------+ +----------+ +----+
92 | receiver | | | | | +------+ | CHILD_SA | | K |
93 +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e |
94 | | | | SA |--| SA | | CHILD_SA | | r |
95 +------+---+ +-----------+ | | +------+ +----------+ | n |
96 <->| socket | | | Man- | | e |
97 +------+---+ +-----------+ | ager | +------+ +----------+ | l |
98 | | | | | | IKE- |--| CHILD_SA | | - |
99 +---+------+ | Processor |---| |--| SA | +----------+ | I |
100 | sender | | | | | +------+ | f |
101 +----------+ +-----------+ +------+ +----+
102
103 | | | | | |
104 V V V V V V
105 +---------------------------------+ +----------------------------+
106 | Bus | | credentials |
107 +---------------------------------+ +----------------------------+
108
109 @endverbatim
110 * The scheduler is responsible to execute timed events. Jobs may be queued to
111 * the scheduler to get executed at a defined time (e.g. rekeying). The
112 * scheduler does not execute the jobs itself, it queues them to the processor.
113 *
114 * The IKE_SA manager managers all IKE_SA. It further handles the
115 * synchronization:
116 * Each IKE_SA must be checked out strictly and checked in again after use. The
117 * manager guarantees that only one thread may check out a single IKE_SA. This
118 * allows us to write the (complex) IKE_SAs routines non-threadsave.
119 * The IKE_SA contain the state and the logic of each IKE_SA and handle the
120 * messages.
121 *
122 * The CHILD_SA contains state about a IPsec security association and manages
123 * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
124 * takes place here through the kernel interface.
125 *
126 * The kernel interface installs IPsec security associations, policies, routes
127 * and virtual addresses. It further provides methods to enumerate interfaces
128 * and may notify the daemon about state changes at lower layers.
129 *
130 * The bus receives signals from the different threads and relays them to
131 * interested listeners. Debugging signals, but also important state changes or
132 * error messages are sent over the bus.
133 * Its listeners are not only for logging, but also to track the state of an
134 * IKE_SA.
135 *
136 * The controller, credential_manager, bus and backend_manager (config) are
137 * places where a plugin ca register itself to privide information or observe
138 * and control the daemon.
139 */
140
141 #ifndef DAEMON_H_
142 #define DAEMON_H_
143
144 typedef struct daemon_t daemon_t;
145
146 #include <network/sender.h>
147 #include <network/receiver.h>
148 #include <network/socket_manager.h>
149 #include <processing/scheduler.h>
150 #include <processing/processor.h>
151 #include <kernel/kernel_interface.h>
152 #include <control/controller.h>
153 #include <bus/bus.h>
154 #include <bus/listeners/file_logger.h>
155 #include <bus/listeners/sys_logger.h>
156 #include <sa/ike_sa_manager.h>
157 #include <sa/trap_manager.h>
158 #include <config/backend_manager.h>
159 #include <credentials/credential_manager.h>
160 #include <sa/authenticators/eap/eap_manager.h>
161 #include <sa/authenticators/eap/sim_manager.h>
162
163 #ifdef ME
164 #include <sa/connect_manager.h>
165 #include <sa/mediation_manager.h>
166 #endif /* ME */
167
168 /**
169 * Number of threads in the thread pool, if not specified in config.
170 */
171 #define DEFAULT_THREADS 16
172
173 /**
174 * UDP Port on which the daemon will listen for incoming traffic.
175 */
176 #define IKEV2_UDP_PORT 500
177
178 /**
179 * UDP Port to which the daemon will float to if NAT is detected.
180 */
181 #define IKEV2_NATT_PORT 4500
182
183 /**
184 * Main class of daemon, contains some globals.
185 */
186 struct daemon_t {
187
188 /**
189 * Socket manager instance
190 */
191 socket_manager_t *socket;
192
193 /**
194 * A ike_sa_manager_t instance.
195 */
196 ike_sa_manager_t *ike_sa_manager;
197
198 /**
199 * Manager for triggering policies, called traps
200 */
201 trap_manager_t *traps;
202
203 /**
204 * Manager for the different configuration backends.
205 */
206 backend_manager_t *backends;
207
208 /**
209 * Manager for the credential backends
210 */
211 credential_manager_t *credentials;
212
213 /**
214 * The Sender-Thread.
215 */
216 sender_t *sender;
217
218 /**
219 * The Receiver-Thread.
220 */
221 receiver_t *receiver;
222
223 /**
224 * The Scheduler-Thread.
225 */
226 scheduler_t *scheduler;
227
228 /**
229 * Job processing using a thread pool.
230 */
231 processor_t *processor;
232
233 /**
234 * The signaling bus.
235 */
236 bus_t *bus;
237
238 /**
239 * A list of installed file_logger_t's
240 */
241 linked_list_t *file_loggers;
242
243 /**
244 * A list of installed sys_logger_t's
245 */
246 linked_list_t *sys_loggers;
247
248 /**
249 * Kernel Interface to communicate with kernel
250 */
251 kernel_interface_t *kernel_interface;
252
253 /**
254 * Controller to control the daemon
255 */
256 controller_t *controller;
257
258 /**
259 * EAP manager to maintain registered EAP methods
260 */
261 eap_manager_t *eap;
262
263 /**
264 * SIM manager to maintain (U)SIM cards/providers
265 */
266 sim_manager_t *sim;
267
268 #ifdef ME
269 /**
270 * Connect manager
271 */
272 connect_manager_t *connect_manager;
273
274 /**
275 * Mediation manager
276 */
277 mediation_manager_t *mediation_manager;
278 #endif /* ME */
279
280 /**
281 * User ID the daemon will user after initialization
282 */
283 uid_t uid;
284
285 /**
286 * Group ID the daemon will use after initialization
287 */
288 gid_t gid;
289
290 /**
291 * Do not drop a given capability after initialization.
292 *
293 * Some plugins might need additional capabilites. They tell the daemon
294 * during plugin initialization which one they need, the daemon won't
295 * drop these.
296 */
297 void (*keep_cap)(daemon_t *this, u_int cap);
298
299 /**
300 * Drop all capabilities of the current process.
301 *
302 * Drops all capabalities, excect those exlcuded using keep_cap().
303 * This should be called after the initialization of the daemon because
304 * some plugins require the process to keep additional capabilities.
305 *
306 * @return TRUE if successful, FALSE otherwise
307 */
308 bool (*drop_capabilities)(daemon_t *this);
309
310 /**
311 * Initialize the daemon.
312 */
313 bool (*initialize)(daemon_t *this, bool syslog, level_t levels[]);
314
315 /**
316 * Starts the daemon, i.e. spawns the threads of the thread pool.
317 */
318 void (*start)(daemon_t *this);
319
320 };
321
322 /**
323 * The one and only instance of the daemon.
324 *
325 * Set between libcharon_init() and libcharon_deinit() calls.
326 */
327 extern daemon_t *charon;
328
329 /**
330 * Initialize libcharon and create the "charon" instance of daemon_t.
331 *
332 * @return FALSE if integrity check failed
333 */
334 bool libcharon_init();
335
336 /**
337 * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
338 */
339 void libcharon_deinit();
340
341 #endif /** DAEMON_H_ @}*/