[people/ms/strongswan.git] / src / charon / daemon.h

/**
 * @file daemon.h
 * 
 * @brief Interface of daemon_t.
 * 
 */

/*
 * Copyright (C) 2005 Jan Hutter, Martin Willi
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#ifndef DAEMON_H_
#define DAEMON_H_

#include <threads/sender.h>
#include <threads/receiver.h>
#include <threads/scheduler.h>
#include <threads/kernel_interface.h>
#include <threads/thread_pool.h>
#include <threads/stroke_interface.h>
#include <network/socket.h>
#include <sa/ike_sa_manager.h>
#include <queues/send_queue.h>
#include <queues/job_queue.h>
#include <queues/event_queue.h>
#include <utils/logger_manager.h>
#include <config/configuration.h>
#include <config/connections/connection_store.h>
#include <config/policies/policy_store.h>
#include <config/credentials/credential_store.h>

/**
 * @defgroup charon charon
 *
 * @brief IKEv2 keying daemon.
 *
 * @section Architecture
 *
 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
 * architecture than pluto. Charon uses a thread-pool, which allows parallel
 * execution SA-management. Beside the thread-pool, there are some special purpose
 * threads which do their job for the common health of the daemon.
   @verbatim 
                         +------+
                         | E  Q |
                         | v  u |---+                   +------+  +------+
                         | e  e |   |                   |      |  | IKE- |
                         | n  u |  +-----------+        |      |--| SA   |
                         | t  e |  |           |        | I  M |  +------+
       +------------+    | -    |  | Scheduler |        | K  a |
       |  receiver  |    +------+  |           |        | E  n |  +------+
       +----+-------+              +-----------+        | -  a |  | IKE- |
            |      |     +------+   |                   | S  g |--| SA   |
    +-------+--+   +-----| J  Q |---+  +------------+   | A  e |  +------+
   -|  socket  |         | o  u |      |            |   | -  r |
    +-------+--+         | b  e |      |   Thread-  |   |      |
            |            | -  u |      |   Pool     |   |      |
       +----+-------+    |    e |------|            |---|      |
       |   sender   |    +------+      +------------+   +------+
       +----+-------+
            |            +------+
            |            | S  Q |
            |            | e  u |
            |            | n  e |
            +------------| d  u |
                         | -  e |
                         +--+---+
   @endverbatim
 * The thread-pool is the heart of the architecture. It processes jobs from a
 * (fully synchronized) job-queue. Mostly, a job is associated with a specific
 * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
 * This makes it unnecesary to use further synchronisation methods once a IKE SA
 * is checked out. The (rather complex) synchronization of IKE SAs is completely
 * done in the IKE SA manager.
 * The sceduler is responsible for event firing. It waits until a event in the
 * (fully synchronized) event-queue is ready for processing and pushes the event
 * down to the job-queue. A thread form the pool will pick it up as quick as
 * possible. Every thread can queue events or jobs. Furter, an event can place a
 * packet in the send-queue. The sender thread waits for those packets and sends
 * them over the wire, via the socket. The receiver does exactly the opposite of
 * the sender. It waits on the socket, reads in packets an places them on the
 * job-queue for further processing by a thread from the pool.
 * There are even more threads, not drawn in the upper scheme. The stroke thread
 * is responsible for reading and processessing commands from another process. The
 * kernel interface thread handles communication from and to the kernel via a
 * netlink socket. It waits for kernel events and processes them appropriately.
 */

/**
 * @defgroup config config
 *
 * Classes implementing configuration related things.
 *
 * @ingroup charon
 */

/**
 * @defgroup encoding encoding
 *
 * Classes used to encode and decode IKEv2 messages.
 *
 * @ingroup charon
 */

 /**
 * @defgroup payloads payloads
 *
 * Classes representing specific IKEv2 payloads.
 *
 * @ingroup encoding
 */

/**
 * @defgroup network network
 *
 * Classes for network relevant stuff.
 *
 * @ingroup charon
 */

/**
 * @defgroup queues queues
 *
 * Different kind of queues
 * (thread save lists).
 *
 * @ingroup charon
 */

/**
 * @defgroup jobs jobs
 *
 * Jobs used in job queue and event queue.
 *
 * @ingroup queues
 */

/**
 * @defgroup sa sa
 *
 * Security associations for IKE and IPSec,
 * and some helper classes.
 *
 * @ingroup charon
 */

/**
 * @defgroup states states
 *
 * Varius states in which an IKE SA can be.
 *
 * @ingroup sa
 */

/**
 * @defgroup threads threads
 *
 * Threaded classes, which will do their job alone.
 *
 * @ingroup charon
 */

/**
 * Name of the daemon.
 * 
 * @ingroup charon
 */
#define DAEMON_NAME "charon"

/**
 * @brief Number of threads in the thread pool.
 * 
 * There are several other threads, this defines
 * only the number of threads in thread_pool_t.
 * 
 * @ingroup charon
 */
#define NUMBER_OF_WORKING_THREADS 4

/**
 * UDP Port on which the daemon will listen for incoming traffic.
 * 
 * @ingroup charon
 */
#define IKEV2_UDP_PORT 500

/**
 * PID file, in which charon stores its process id
 * 
 * @ingroup charon
 */
#define PID_FILE "/var/run/charon.pid"

/**
 * Configuration directory
 * 
 * @ingroup charon
 */
#define CONFIG_DIR "/etc"

/**
 * Directory of IPsec relevant files
 * 
 * @ingroup charon
 */
#define IPSEC_DIR CONFIG_DIR "/ipsec.d"

/**
 * Directory for private keys
 * 
 * @ingroup charon
 */
#define PRIVATE_KEY_DIR IPSEC_DIR "/private"

/**
 * Directory for trusted certificates
 * 
 * @ingroup charon
 */
#define CERTIFICATE_DIR IPSEC_DIR "/certs"

/**
 * Secrets files
 * 
 * @ingroup charon
 */
#define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"

typedef struct daemon_t daemon_t;

/**
 * @brief Main class of daemon, contains some globals.
 * 
 * @ingroup charon
 */ 
struct daemon_t {
	/**
	 * A socket_t instance.
	 */
	socket_t *socket;
	
	/**
	 * A send_queue_t instance.
	 */
	send_queue_t *send_queue;
	
	/**
	 * A job_queue_t instance.
	 */
	job_queue_t *job_queue;
	
	/**
	 * A event_queue_t instance.
	 */
	event_queue_t *event_queue;

	/**
	 * A ike_sa_manager_t instance.
	 */
	ike_sa_manager_t *ike_sa_manager;
	
	/**
	 * A configuration_t instance.
	 */
	configuration_t *configuration;
	
	/**
	 * A connection_store_t instance.
	 */
	connection_store_t *connections;
	
	/**
	 * A policy_store_t instance.
	 */
	policy_store_t *policies;
	
	/**
	 * A credential_store_t instance.
	 */
	credential_store_t *credentials;
	
	/**
	 * The Sender-Thread.
 	 */
	sender_t *sender;
	
	/**
	 * The Receiver-Thread.
	 */
	receiver_t *receiver;
	
	/**
	 * The Scheduler-Thread.
	 */
	scheduler_t *scheduler;
	
	/**
	 * The Thread pool managing the worker threads.
	 */
	thread_pool_t *thread_pool;
	
	/**
	 * Kernel Interface to communicate with kernel
	 */
	kernel_interface_t *kernel_interface;
	
	/**
	 * IPC interface, as whack in pluto
	 */
	stroke_t *stroke;
	
	/**
	 * @brief Shut down the daemon.
	 * 
	 * @param this		the daemon to kill
	 * @param reason	describtion why it will be killed
	 */
	void (*kill) (daemon_t *this, char *reason);
};

/**
 * The one and only instance of the daemon.
 */
extern daemon_t *charon;

#endif /*DAEMON_H_*/
Commit	Line	Data
cf274de2 JH	1	/**
	2	* @file daemon.h
	3	*
347fd4e2	4	* @brief Interface of daemon_t.
cf274de2 JH	5	*
	6	*/
	7
	8	/*
	9	* Copyright (C) 2005 Jan Hutter, Martin Willi
	10	* Hochschule fuer Technik Rapperswil
	11	*
	12	* This program is free software; you can redistribute it and/or modify it
	13	* under the terms of the GNU General Public License as published by the
	14	* Free Software Foundation; either version 2 of the License, or (at your
	15	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	16	*
	17	* This program is distributed in the hope that it will be useful, but
	18	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	19	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	20	* for more details.
	21	*/
	22
	23	#ifndef DAEMON_H_
	24	#define DAEMON_H_
	25
0e96f7d8 MW	26	#include <threads/sender.h>
	27	#include <threads/receiver.h>
	28	#include <threads/scheduler.h>
5b97779f	29	#include <threads/kernel_interface.h>
347fd4e2	30	#include <threads/thread_pool.h>
f2ee13a7	31	#include <threads/stroke_interface.h>
347fd4e2	32	#include <network/socket.h>
0e96f7d8 MW	33	#include <sa/ike_sa_manager.h>
	34	#include <queues/send_queue.h>
	35	#include <queues/job_queue.h>
0e96f7d8 MW	36	#include <queues/event_queue.h>
0e96f7d8 MW	37	#include <utils/logger_manager.h>
8a491129	38	#include <config/configuration.h>
13e4a62f MW	39	#include <config/connections/connection_store.h>
	40	#include <config/policies/policy_store.h>
	41	#include <config/credentials/credential_store.h>
0e96f7d8	42
68621281	43	/**
fcfeb322	44	* @defgroup charon charon
68621281	45	*
fcfeb322 MW	46	* @brief IKEv2 keying daemon.
	47	*
	48	* @section Architecture
68621281 MW	49	*
	50	* All IKEv2 stuff is handled in charon. It uses a newer and more flexible
	51	* architecture than pluto. Charon uses a thread-pool, which allows parallel
	52	* execution SA-management. Beside the thread-pool, there are some special purpose
	53	* threads which do their job for the common health of the daemon.
	54	@verbatim
	55	+------+
	56	\| E Q \|
	57	\| v u \|---+ +------+ +------+
	58	\| e e \| \| \| \| \| IKE- \|
	59	\| n u \| +-----------+ \| \|--\| SA \|
	60	\| t e \| \| \| \| I M \| +------+
	61	+------------+ \| - \| \| Scheduler \| \| K a \|
	62	\| receiver \| +------+ \| \| \| E n \| +------+
	63	+----+-------+ +-----------+ \| - a \| \| IKE- \|
	64	\| \| +------+ \| \| S g \|--\| SA \|
	65	+-------+--+ +-----\| J Q \|---+ +------------+ \| A e \| +------+
	66	-\| socket \| \| o u \| \| \| \| - r \|
	67	+-------+--+ \| b e \| \| Thread- \| \| \|
	68	\| \| - u \| \| Pool \| \| \|
	69	+----+-------+ \| e \|------\| \|---\| \|
	70	\| sender \| +------+ +------------+ +------+
	71	+----+-------+
	72	\| +------+
	73	\| \| S Q \|
	74	\| \| e u \|
	75	\| \| n e \|
	76	+------------\| d u \|
	77	\| - e \|
	78	+--+---+
	79	@endverbatim
	80	* The thread-pool is the heart of the architecture. It processes jobs from a
	81	* (fully synchronized) job-queue. Mostly, a job is associated with a specific
	82	* IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA.
	83	* This makes it unnecesary to use further synchronisation methods once a IKE SA
	84	* is checked out. The (rather complex) synchronization of IKE SAs is completely
	85	* done in the IKE SA manager.
	86	* The sceduler is responsible for event firing. It waits until a event in the
	87	* (fully synchronized) event-queue is ready for processing and pushes the event
	88	* down to the job-queue. A thread form the pool will pick it up as quick as
	89	* possible. Every thread can queue events or jobs. Furter, an event can place a
	90	* packet in the send-queue. The sender thread waits for those packets and sends
	91	* them over the wire, via the socket. The receiver does exactly the opposite of
	92	* the sender. It waits on the socket, reads in packets an places them on the
	93	* job-queue for further processing by a thread from the pool.
	94	* There are even more threads, not drawn in the upper scheme. The stroke thread
	95	* is responsible for reading and processessing commands from another process. The
	96	* kernel interface thread handles communication from and to the kernel via a
	97	* netlink socket. It waits for kernel events and processes them appropriately.
	98	*/
	99
fcfeb322 MW	100	/**
	101	* @defgroup config config
	102	*
	103	* Classes implementing configuration related things.
	104	*
	105	* @ingroup charon
	106	*/
	107
	108	/**
	109	* @defgroup encoding encoding
	110	*
	111	* Classes used to encode and decode IKEv2 messages.
	112	*
	113	* @ingroup charon
	114	*/
	115
	116	/**
	117	* @defgroup payloads payloads
	118	*
	119	* Classes representing specific IKEv2 payloads.
	120	*
	121	* @ingroup encoding
	122	*/
	123
	124	/**
	125	* @defgroup network network
	126	*
	127	* Classes for network relevant stuff.
	128	*
	129	* @ingroup charon
	130	*/
	131
	132	/**
	133	* @defgroup queues queues
	134	*
	135	* Different kind of queues
	136	* (thread save lists).
	137	*
	138	* @ingroup charon
	139	*/
	140
	141	/**
	142	* @defgroup jobs jobs
	143	*
	144	* Jobs used in job queue and event queue.
	145	*
	146	* @ingroup queues
	147	*/
	148
	149	/**
	150	* @defgroup sa sa
	151	*
	152	* Security associations for IKE and IPSec,
	153	* and some helper classes.
	154	*
	155	* @ingroup charon
	156	*/
	157
	158	/**
	159	* @defgroup states states
	160	*
	161	* Varius states in which an IKE SA can be.
	162	*
	163	* @ingroup sa
164	*/
165
166	/**
167	* @defgroup threads threads
168	*
169	* Threaded classes, which will do their job alone.
170	*
171	* @ingroup charon
172	*/
173
0e96f7d8	174	/**
347fd4e2	175	* Name of the daemon.
fcfeb322 MW	176	*
fcfeb322 MW	177	* @ingroup charon
0e96f7d8	178	*/
db715454 JH	179	#define DAEMON_NAME "charon"
db715454 JH	180
0e96f7d8	181	/**
347fd4e2	182	* @brief Number of threads in the thread pool.
0e96f7d8 MW	183	*
	184	* There are several other threads, this defines
	185	* only the number of threads in thread_pool_t.
fcfeb322 MW	186	*
fcfeb322 MW	187	* @ingroup charon
0e96f7d8	188	*/
e85220af	189	#define NUMBER_OF_WORKING_THREADS 4
db715454	190
0e96f7d8	191	/**
347fd4e2	192	* UDP Port on which the daemon will listen for incoming traffic.
fcfeb322 MW	193	*
fcfeb322 MW	194	* @ingroup charon
0e96f7d8	195	*/
409d0101	196	#define IKEV2_UDP_PORT 500
d60a48f9	197
b1953ccd MW	198	/**
b1953ccd MW	199	* PID file, in which charon stores its process id
fcfeb322 MW	200	*
fcfeb322 MW	201	* @ingroup charon
b1953ccd MW	202	*/
	203	#define PID_FILE "/var/run/charon.pid"
	204
9820c0e2 MW	205	/**
	206	* Configuration directory
	207	*
	208	* @ingroup charon
	209	*/
	210	#define CONFIG_DIR "/etc"
	211
13e4a62f MW	212	/**
	213	* Directory of IPsec relevant files
	214	*
	215	* @ingroup charon
	216	*/
9820c0e2	217	#define IPSEC_DIR CONFIG_DIR "/ipsec.d"
13e4a62f MW	218
	219	/**
	220	* Directory for private keys
	221	*
	222	* @ingroup charon
	223	*/
e168ee17	224	#define PRIVATE_KEY_DIR IPSEC_DIR "/private"
13e4a62f MW	225
	226	/**
	227	* Directory for trusted certificates
	228	*
	229	* @ingroup charon
	230	*/
e168ee17	231	#define CERTIFICATE_DIR IPSEC_DIR "/certs"
13e4a62f	232
9820c0e2 MW	233	/**
	234	* Secrets files
	235	*
	236	* @ingroup charon
	237	*/
	238	#define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
347fd4e2	239
0e96f7d8 MW	240	typedef struct daemon_t daemon_t;
	241
	242	/**
347fd4e2	243	* @brief Main class of daemon, contains some globals.
fcfeb322 MW	244	*
fcfeb322 MW	245	* @ingroup charon
0e96f7d8 MW	246	*/
	247	struct daemon_t {
	248	/**
347fd4e2	249	* A socket_t instance.
0e96f7d8 MW	250	*/
0e96f7d8 MW	251	socket_t *socket;
347fd4e2	252
0e96f7d8	253	/**
347fd4e2	254	* A send_queue_t instance.
0e96f7d8 MW	255	*/
0e96f7d8 MW	256	send_queue_t *send_queue;
347fd4e2	257
0e96f7d8	258	/**
347fd4e2	259	* A job_queue_t instance.
0e96f7d8 MW	260	*/
0e96f7d8 MW	261	job_queue_t *job_queue;
347fd4e2	262
0e96f7d8	263	/**
347fd4e2	264	* A event_queue_t instance.
0e96f7d8 MW	265	*/
0e96f7d8 MW	266	event_queue_t *event_queue;
347fd4e2	267
0e96f7d8	268	/**
347fd4e2	269	* A ike_sa_manager_t instance.
0e96f7d8 MW	270	*/
0e96f7d8 MW	271	ike_sa_manager_t *ike_sa_manager;
347fd4e2	272
0e96f7d8	273	/**
8a491129	274	* A configuration_t instance.
0e96f7d8	275	*/
8a491129	276	configuration_t *configuration;
0e96f7d8	277
16b9a73c MW	278	/**
	279	* A connection_store_t instance.
	280	*/
	281	connection_store_t *connections;
	282
	283	/**
	284	* A policy_store_t instance.
	285	*/
	286	policy_store_t *policies;
	287
	288	/**
	289	* A credential_store_t instance.
	290	*/
	291	credential_store_t *credentials;
	292
0e96f7d8	293	/**
347fd4e2	294	* The Sender-Thread.
0e96f7d8 MW	295	*/
	296	sender_t *sender;
	297
	298	/**
347fd4e2	299	* The Receiver-Thread.
0e96f7d8 MW	300	*/
	301	receiver_t *receiver;
	302
	303	/**
347fd4e2	304	* The Scheduler-Thread.
0e96f7d8 MW	305	*/
	306	scheduler_t *scheduler;
	307
	308	/**
347fd4e2	309	* The Thread pool managing the worker threads.
0e96f7d8 MW	310	*/
	311	thread_pool_t *thread_pool;
	312
5b97779f MW	313	/**
	314	* Kernel Interface to communicate with kernel
	315	*/
	316	kernel_interface_t *kernel_interface;
	317
16b9a73c MW	318	/**
	319	* IPC interface, as whack in pluto
	320	*/
	321	stroke_t *stroke;
	322
0e96f7d8	323	/**
347fd4e2	324	* @brief Shut down the daemon.
0e96f7d8	325	*
e85220af	326	* @param this the daemon to kill
5b97779f	327	* @param reason describtion why it will be killed
0e96f7d8	328	*/
e85220af	329	void (kill) (daemon_t this, char *reason);
0e96f7d8 MW	330	};
	331
	332	/**
5b97779f	333	* The one and only instance of the daemon.
0e96f7d8 MW	334	*/
0e96f7d8 MW	335	extern daemon_t *charon;
cf274de2 JH	336
cf274de2 JH	337	#endif /DAEMON_H_/