daemon: Flush shunts before unloading plugins
[strongswan.git] / src / libcharon / daemon.h
1 /*
2 * Copyright (C) 2006-2012 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /**
20 * @defgroup libcharon libcharon
21 *
22 * @defgroup attributes attributes
23 * @ingroup libcharon
24 *
25 * @defgroup bus bus
26 * @ingroup libcharon
27 *
28 * @defgroup listeners listeners
29 * @ingroup bus
30 *
31 * @defgroup config config
32 * @ingroup libcharon
33 *
34 * @defgroup control control
35 * @ingroup libcharon
36 *
37 * @defgroup encoding encoding
38 * @ingroup libcharon
39 *
40 * @defgroup payloads payloads
41 * @ingroup encoding
42 *
43 * @defgroup ckernel kernel
44 * @ingroup libcharon
45 *
46 * @defgroup network network
47 * @ingroup libcharon
48 *
49 * @defgroup cplugins plugins
50 * @ingroup libcharon
51 *
52 * @defgroup cprocessing processing
53 * @ingroup libcharon
54 *
55 * @defgroup cjobs jobs
56 * @ingroup cprocessing
57 *
58 * @defgroup sa sa
59 * @ingroup libcharon
60 *
61 * @defgroup ikev1 ikev1
62 * @ingroup sa
63 *
64 * @defgroup ikev2 ikev2
65 * @ingroup sa
66 *
67 * @defgroup authenticators_v1 authenticators
68 * @ingroup ikev1
69 *
70 * @defgroup authenticators_v2 authenticators
71 * @ingroup ikev2
72 *
73 * @defgroup eap eap
74 * @ingroup sa
75 *
76 * @defgroup xauth xauth
77 * @ingroup sa
78 *
79 * @defgroup tasks_v1 tasks
80 * @ingroup ikev1
81 *
82 * @defgroup tasks_v2 tasks
83 * @ingroup ikev2
84 *
85 * @addtogroup libcharon
86 * @{
87 *
88 * IKEv2 keying daemon.
89 *
90 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
91 * architecture than pluto. Charon uses a thread-pool (called processor),
92 * which allows parallel execution SA-management. All threads originate
93 * from the processor. Work is delegated to the processor by queueing jobs
94 * to it.
95 @verbatim
96
97 +---------------------------------+ +----------------------------+
98 | controller | | config |
99 +---------------------------------+ +----------------------------+
100 | | | ^ ^ ^
101 V V V | | |
102
103 +----------+ +-----------+ +------+ +----------+ +----+
104 | receiver | | | | | +------+ | CHILD_SA | | K |
105 +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e |
106 | | | | SA |--| SA | | CHILD_SA | | r |
107 +------+---+ +-----------+ | | +------+ +----------+ | n |
108 <->| socket | | | Man- | | e |
109 +------+---+ +-----------+ | ager | +------+ +----------+ | l |
110 | | | | | | IKE- |--| CHILD_SA | | - |
111 +---+------+ | Processor |---| |--| SA | +----------+ | I |
112 | sender | | | | | +------+ | f |
113 +----------+ +-----------+ +------+ +----+
114
115 | | | | | |
116 V V V V V V
117 +---------------------------------+ +----------------------------+
118 | Bus | | credentials |
119 +---------------------------------+ +----------------------------+
120
121 @endverbatim
122 * The scheduler is responsible to execute timed events. Jobs may be queued to
123 * the scheduler to get executed at a defined time (e.g. rekeying). The
124 * scheduler does not execute the jobs itself, it queues them to the processor.
125 *
126 * The IKE_SA manager managers all IKE_SA. It further handles the
127 * synchronization:
128 * Each IKE_SA must be checked out strictly and checked in again after use. The
129 * manager guarantees that only one thread may check out a single IKE_SA. This
130 * allows us to write the (complex) IKE_SAs routines non-threadsave.
131 * The IKE_SA contain the state and the logic of each IKE_SA and handle the
132 * messages.
133 *
134 * The CHILD_SA contains state about a IPsec security association and manages
135 * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
136 * takes place here through the kernel interface.
137 *
138 * The kernel interface installs IPsec security associations, policies, routes
139 * and virtual addresses. It further provides methods to enumerate interfaces
140 * and may notify the daemon about state changes at lower layers.
141 *
142 * The bus receives signals from the different threads and relays them to
143 * interested listeners. Debugging signals, but also important state changes or
144 * error messages are sent over the bus.
145 * Its listeners are not only for logging, but also to track the state of an
146 * IKE_SA.
147 *
148 * The controller, credential_manager, bus and backend_manager (config) are
149 * places where a plugin ca register itself to privide information or observe
150 * and control the daemon.
151 */
152
153 #ifndef DAEMON_H_
154 #define DAEMON_H_
155
156 typedef struct daemon_t daemon_t;
157
158 #include <attributes/attribute_manager.h>
159 #include <network/sender.h>
160 #include <network/receiver.h>
161 #include <network/socket_manager.h>
162 #include <control/controller.h>
163 #include <bus/bus.h>
164 #include <sa/ike_sa_manager.h>
165 #include <sa/child_sa_manager.h>
166 #include <sa/trap_manager.h>
167 #include <sa/shunt_manager.h>
168 #include <config/backend_manager.h>
169 #include <sa/eap/eap_manager.h>
170 #include <sa/xauth/xauth_manager.h>
171
172 #ifdef ME
173 #include <sa/ikev2/connect_manager.h>
174 #include <sa/ikev2/mediation_manager.h>
175 #endif /* ME */
176
177 /**
178 * Number of threads in the thread pool, if not specified in config.
179 */
180 #define DEFAULT_THREADS 16
181
182 /**
183 * Primary UDP port used by IKE.
184 */
185 #define IKEV2_UDP_PORT 500
186
187 /**
188 * UDP port defined for use in case a NAT is detected.
189 */
190 #define IKEV2_NATT_PORT 4500
191
192 /**
193 * UDP port on which the daemon will listen for incoming traffic (also used as
194 * source port for outgoing traffic).
195 */
196 #ifndef CHARON_UDP_PORT
197 #define CHARON_UDP_PORT IKEV2_UDP_PORT
198 #endif
199
200 /**
201 * UDP port used by the daemon in case a NAT is detected.
202 */
203 #ifndef CHARON_NATT_PORT
204 #define CHARON_NATT_PORT IKEV2_NATT_PORT
205 #endif
206
207 /**
208 * Main class of daemon, contains some globals.
209 */
210 struct daemon_t {
211
212 /**
213 * Socket manager instance
214 */
215 socket_manager_t *socket;
216
217 /**
218 * A ike_sa_manager_t instance.
219 */
220 ike_sa_manager_t *ike_sa_manager;
221
222 /**
223 * A child_sa_manager_t instance.
224 */
225 child_sa_manager_t *child_sa_manager;
226
227 /**
228 * Manager for triggering policies, called traps
229 */
230 trap_manager_t *traps;
231
232 /**
233 * Manager for shunt PASS|DROP policies
234 */
235 shunt_manager_t *shunts;
236
237 /**
238 * Manager for the different configuration backends.
239 */
240 backend_manager_t *backends;
241
242 /**
243 * The Sender-Thread.
244 */
245 sender_t *sender;
246
247 /**
248 * The Receiver-Thread.
249 */
250 receiver_t *receiver;
251
252 /**
253 * Manager for IKE configuration attributes
254 */
255 attribute_manager_t *attributes;
256
257 /**
258 * The signaling bus.
259 */
260 bus_t *bus;
261
262 /**
263 * Controller to control the daemon
264 */
265 controller_t *controller;
266
267 /**
268 * EAP manager to maintain registered EAP methods
269 */
270 eap_manager_t *eap;
271
272 /**
273 * XAuth manager to maintain registered XAuth methods
274 */
275 xauth_manager_t *xauth;
276
277 #ifdef ME
278 /**
279 * Connect manager
280 */
281 connect_manager_t *connect_manager;
282
283 /**
284 * Mediation manager
285 */
286 mediation_manager_t *mediation_manager;
287 #endif /* ME */
288
289 /**
290 * Initialize the daemon.
291 *
292 * @param plugins list of plugins to load
293 * @return TRUE, if successful
294 */
295 bool (*initialize)(daemon_t *this, char *plugins);
296
297 /**
298 * Starts the daemon, i.e. spawns the threads of the thread pool.
299 */
300 void (*start)(daemon_t *this);
301
302 /**
303 * Load/Reload loggers defined in strongswan.conf
304 *
305 * @param levels optional debug levels used to create default loggers
306 * if none are defined in strongswan.conf
307 * @param to_stderr TRUE to log to stderr/stdout if no loggers are defined
308 * in strongswan.conf
309 */
310 void (*load_loggers)(daemon_t *this, level_t levels[DBG_MAX],
311 bool to_stderr);
312
313 /**
314 * Set the log level for the given log group for all configured file- and
315 * syslog-loggers.
316 *
317 * @param group log group
318 * @param level log level
319 */
320 void (*set_level)(daemon_t *this, debug_t group, level_t level);
321 };
322
323 /**
324 * The one and only instance of the daemon.
325 *
326 * Set between libcharon_init() and libcharon_deinit() calls.
327 */
328 extern daemon_t *charon;
329
330 /**
331 * Initialize libcharon and create the "charon" instance of daemon_t.
332 *
333 * This function initializes the bus, listeners can be registered before
334 * calling initialize().
335 *
336 * libcharon_init() may be called multiple times in a single process, but each
337 * caller must call libcharon_deinit() for each call to libcharon_init().
338 *
339 * @return FALSE if integrity check failed
340 */
341 bool libcharon_init();
342
343 /**
344 * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
345 */
346 void libcharon_deinit();
347
348 #endif /** DAEMON_H_ @}*/