Use the vararg list constructor in quick mode task
[strongswan.git] / src / libcharon / daemon.h
1 /*
2 * Copyright (C) 2006-2012 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /**
20 * @defgroup libcharon libcharon
21 *
22 * @defgroup bus bus
23 * @ingroup libcharon
24 *
25 * @defgroup listeners listeners
26 * @ingroup bus
27 *
28 * @defgroup config config
29 * @ingroup libcharon
30 *
31 * @defgroup control control
32 * @ingroup libcharon
33 *
34 * @defgroup encoding encoding
35 * @ingroup libcharon
36 *
37 * @defgroup payloads payloads
38 * @ingroup encoding
39 *
40 * @defgroup ckernel kernel
41 * @ingroup libcharon
42 *
43 * @defgroup network network
44 * @ingroup libcharon
45 *
46 * @defgroup cplugins plugins
47 * @ingroup libcharon
48 *
49 * @defgroup cprocessing processing
50 * @ingroup libcharon
51 *
52 * @defgroup cjobs jobs
53 * @ingroup cprocessing
54 *
55 * @defgroup sa sa
56 * @ingroup libcharon
57 *
58 * @defgroup ikev1 ikev1
59 * @ingroup sa
60 *
61 * @defgroup ikev2 ikev2
62 * @ingroup sa
63 *
64 * @defgroup authenticators_v1 authenticators
65 * @ingroup ikev1
66 *
67 * @defgroup authenticators_v2 authenticators
68 * @ingroup ikev2
69 *
70 * @defgroup eap eap
71 * @ingroup sa
72 *
73 * @defgroup xauth xauth
74 * @ingroup sa
75 *
76 * @defgroup tasks_v1 tasks
77 * @ingroup ikev1
78 *
79 * @defgroup tasks_v2 tasks
80 * @ingroup ikev2
81 *
82 * @addtogroup libcharon
83 * @{
84 *
85 * IKEv2 keying daemon.
86 *
87 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
88 * architecture than pluto. Charon uses a thread-pool (called processor),
89 * which allows parallel execution SA-management. All threads originate
90 * from the processor. Work is delegated to the processor by queueing jobs
91 * to it.
92 @verbatim
93
94 +---------------------------------+ +----------------------------+
95 | controller | | config |
96 +---------------------------------+ +----------------------------+
97 | | | ^ ^ ^
98 V V V | | |
99
100 +----------+ +-----------+ +------+ +----------+ +----+
101 | receiver | | | | | +------+ | CHILD_SA | | K |
102 +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e |
103 | | | | SA |--| SA | | CHILD_SA | | r |
104 +------+---+ +-----------+ | | +------+ +----------+ | n |
105 <->| socket | | | Man- | | e |
106 +------+---+ +-----------+ | ager | +------+ +----------+ | l |
107 | | | | | | IKE- |--| CHILD_SA | | - |
108 +---+------+ | Processor |---| |--| SA | +----------+ | I |
109 | sender | | | | | +------+ | f |
110 +----------+ +-----------+ +------+ +----+
111
112 | | | | | |
113 V V V V V V
114 +---------------------------------+ +----------------------------+
115 | Bus | | credentials |
116 +---------------------------------+ +----------------------------+
117
118 @endverbatim
119 * The scheduler is responsible to execute timed events. Jobs may be queued to
120 * the scheduler to get executed at a defined time (e.g. rekeying). The
121 * scheduler does not execute the jobs itself, it queues them to the processor.
122 *
123 * The IKE_SA manager managers all IKE_SA. It further handles the
124 * synchronization:
125 * Each IKE_SA must be checked out strictly and checked in again after use. The
126 * manager guarantees that only one thread may check out a single IKE_SA. This
127 * allows us to write the (complex) IKE_SAs routines non-threadsave.
128 * The IKE_SA contain the state and the logic of each IKE_SA and handle the
129 * messages.
130 *
131 * The CHILD_SA contains state about a IPsec security association and manages
132 * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
133 * takes place here through the kernel interface.
134 *
135 * The kernel interface installs IPsec security associations, policies, routes
136 * and virtual addresses. It further provides methods to enumerate interfaces
137 * and may notify the daemon about state changes at lower layers.
138 *
139 * The bus receives signals from the different threads and relays them to
140 * interested listeners. Debugging signals, but also important state changes or
141 * error messages are sent over the bus.
142 * Its listeners are not only for logging, but also to track the state of an
143 * IKE_SA.
144 *
145 * The controller, credential_manager, bus and backend_manager (config) are
146 * places where a plugin ca register itself to privide information or observe
147 * and control the daemon.
148 */
149
150 #ifndef DAEMON_H_
151 #define DAEMON_H_
152
153 typedef struct daemon_t daemon_t;
154
155 #include <network/sender.h>
156 #include <network/receiver.h>
157 #include <network/socket_manager.h>
158 #include <control/controller.h>
159 #include <bus/bus.h>
160 #include <bus/listeners/file_logger.h>
161 #include <bus/listeners/sys_logger.h>
162 #include <sa/ike_sa_manager.h>
163 #include <sa/trap_manager.h>
164 #include <sa/shunt_manager.h>
165 #include <config/backend_manager.h>
166 #include <sa/eap/eap_manager.h>
167 #include <sa/xauth/xauth_manager.h>
168 #include <utils/capabilities.h>
169
170 #ifdef ME
171 #include <sa/ikev2/connect_manager.h>
172 #include <sa/ikev2/mediation_manager.h>
173 #endif /* ME */
174
175 /**
176 * Number of threads in the thread pool, if not specified in config.
177 */
178 #define DEFAULT_THREADS 16
179
180 /**
181 * Primary UDP port used by IKE.
182 */
183 #define IKEV2_UDP_PORT 500
184
185 /**
186 * UDP port defined for use in case a NAT is detected.
187 */
188 #define IKEV2_NATT_PORT 4500
189
190 /**
191 * UDP port on which the daemon will listen for incoming traffic (also used as
192 * source port for outgoing traffic).
193 */
194 #ifndef CHARON_UDP_PORT
195 #define CHARON_UDP_PORT IKEV2_UDP_PORT
196 #endif
197
198 /**
199 * UDP port used by the daemon in case a NAT is detected.
200 */
201 #ifndef CHARON_NATT_PORT
202 #define CHARON_NATT_PORT IKEV2_NATT_PORT
203 #endif
204
205 /**
206 * Main class of daemon, contains some globals.
207 */
208 struct daemon_t {
209
210 /**
211 * Socket manager instance
212 */
213 socket_manager_t *socket;
214
215 /**
216 * A ike_sa_manager_t instance.
217 */
218 ike_sa_manager_t *ike_sa_manager;
219
220 /**
221 * Manager for triggering policies, called traps
222 */
223 trap_manager_t *traps;
224
225 /**
226 * Manager for shunt PASS|DROP policies
227 */
228 shunt_manager_t *shunts;
229
230 /**
231 * Manager for the different configuration backends.
232 */
233 backend_manager_t *backends;
234
235 /**
236 * The Sender-Thread.
237 */
238 sender_t *sender;
239
240 /**
241 * The Receiver-Thread.
242 */
243 receiver_t *receiver;
244
245 /**
246 * The signaling bus.
247 */
248 bus_t *bus;
249
250 /**
251 * A list of installed file_logger_t's
252 */
253 linked_list_t *file_loggers;
254
255 /**
256 * A list of installed sys_logger_t's
257 */
258 linked_list_t *sys_loggers;
259
260 /**
261 * Controller to control the daemon
262 */
263 controller_t *controller;
264
265 /**
266 * EAP manager to maintain registered EAP methods
267 */
268 eap_manager_t *eap;
269
270 /**
271 * XAuth manager to maintain registered XAuth methods
272 */
273 xauth_manager_t *xauth;
274
275 #ifdef ME
276 /**
277 * Connect manager
278 */
279 connect_manager_t *connect_manager;
280
281 /**
282 * Mediation manager
283 */
284 mediation_manager_t *mediation_manager;
285 #endif /* ME */
286
287 /**
288 * POSIX capability dropping
289 */
290 capabilities_t *caps;
291
292 /**
293 * Name of the binary that uses the library (used for settings etc.)
294 */
295 const char *name;
296
297 /**
298 * Initialize the daemon.
299 *
300 * @param plugins list of plugins to load
301 * @return TRUE, if successful
302 */
303 bool (*initialize)(daemon_t *this, char *plugins);
304
305 /**
306 * Starts the daemon, i.e. spawns the threads of the thread pool.
307 */
308 void (*start)(daemon_t *this);
309
310 };
311
312 /**
313 * The one and only instance of the daemon.
314 *
315 * Set between libcharon_init() and libcharon_deinit() calls.
316 */
317 extern daemon_t *charon;
318
319 /**
320 * Initialize libcharon and create the "charon" instance of daemon_t.
321 *
322 * This function initializes the bus, listeners can be registered before
323 * calling initialize().
324 *
325 * @param name name of the binary that uses the library
326 * @return FALSE if integrity check failed
327 */
328 bool libcharon_init(const char *name);
329
330 /**
331 * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
332 */
333 void libcharon_deinit();
334
335 #endif /** DAEMON_H_ @}*/