]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/daemon.h
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Spelling fixes
[thirdparty/strongswan.git] / src / libcharon / daemon.h
1 /*
2 * Copyright (C) 2006-2017 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2006 Daniel Roethlisberger
5 * Copyright (C) 2005 Jan Hutter
6 * HSR Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 /*
20 * Copyright (C) 2016 secunet Security Networks AG
21 * Copyright (C) 2016 Thomas Egerer
22 *
23 * Permission is hereby granted, free of charge, to any person obtaining a copy
24 * of this software and associated documentation files (the "Software"), to deal
25 * in the Software without restriction, including without limitation the rights
26 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
27 * copies of the Software, and to permit persons to whom the Software is
28 * furnished to do so, subject to the following conditions:
29 *
30 * The above copyright notice and this permission notice shall be included in
31 * all copies or substantial portions of the Software.
32 *
33 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
34 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
35 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
36 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
37 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
38 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
39 * THE SOFTWARE.
40 */
41
42 /**
43 * @defgroup libcharon libcharon
44 *
45 * @defgroup attributes attributes
46 * @ingroup libcharon
47 *
48 * @defgroup bus bus
49 * @ingroup libcharon
50 *
51 * @defgroup listeners listeners
52 * @ingroup bus
53 *
54 * @defgroup config config
55 * @ingroup libcharon
56 *
57 * @defgroup control control
58 * @ingroup libcharon
59 *
60 * @defgroup encoding encoding
61 * @ingroup libcharon
62 *
63 * @defgroup payloads payloads
64 * @ingroup encoding
65 *
66 * @defgroup kernel kernel
67 * @ingroup libcharon
68 *
69 * @defgroup network network
70 * @ingroup libcharon
71 *
72 * @defgroup cplugins plugins
73 * @ingroup libcharon
74 *
75 * @defgroup cprocessing processing
76 * @ingroup libcharon
77 *
78 * @defgroup cjobs jobs
79 * @ingroup cprocessing
80 *
81 * @defgroup sa sa
82 * @ingroup libcharon
83 *
84 * @defgroup ikev1 ikev1
85 * @ingroup sa
86 *
87 * @defgroup ikev2 ikev2
88 * @ingroup sa
89 *
90 * @defgroup authenticators_v1 authenticators
91 * @ingroup ikev1
92 *
93 * @defgroup authenticators_v2 authenticators
94 * @ingroup ikev2
95 *
96 * @defgroup eap eap
97 * @ingroup sa
98 *
99 * @defgroup xauth xauth
100 * @ingroup sa
101 *
102 * @defgroup tasks_v1 tasks
103 * @ingroup ikev1
104 *
105 * @defgroup tasks_v2 tasks
106 * @ingroup ikev2
107 *
108 * @addtogroup libcharon
109 * @{
110 *
111 * IKEv2 keying daemon.
112 *
113 * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
114 * architecture than pluto. Charon uses a thread-pool (called processor),
115 * which allows parallel execution SA-management. All threads originate
116 * from the processor. Work is delegated to the processor by queueing jobs
117 * to it.
118 @verbatim
119
120 +---------------------------------+ +----------------------------+
121 | controller | | config |
122 +---------------------------------+ +----------------------------+
123 | | | ^ ^ ^
124 V V V | | |
125
126 +----------+ +-----------+ +------+ +----------+ +----+
127 | receiver | | | | | +------+ | CHILD_SA | | K |
128 +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e |
129 | | | | SA |--| SA | | CHILD_SA | | r |
130 +------+---+ +-----------+ | | +------+ +----------+ | n |
131 <->| socket | | | Man- | | e |
132 +------+---+ +-----------+ | ager | +------+ +----------+ | l |
133 | | | | | | IKE- |--| CHILD_SA | | - |
134 +---+------+ | Processor |---| |--| SA | +----------+ | I |
135 | sender | | | | | +------+ | f |
136 +----------+ +-----------+ +------+ +----+
137
138 | | | | | |
139 V V V V V V
140 +---------------------------------+ +----------------------------+
141 | Bus | | credentials |
142 +---------------------------------+ +----------------------------+
143
144 @endverbatim
145 * The scheduler is responsible to execute timed events. Jobs may be queued to
146 * the scheduler to get executed at a defined time (e.g. rekeying). The
147 * scheduler does not execute the jobs itself, it queues them to the processor.
148 *
149 * The IKE_SA manager managers all IKE_SA. It further handles the
150 * synchronization:
151 * Each IKE_SA must be checked out strictly and checked in again after use. The
152 * manager guarantees that only one thread may check out a single IKE_SA. This
153 * allows us to write the (complex) IKE_SAs routines non-threadsafe.
154 * The IKE_SA contain the state and the logic of each IKE_SA and handle the
155 * messages.
156 *
157 * The CHILD_SA contains state about a IPsec security association and manages
158 * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
159 * takes place here through the kernel interface.
160 *
161 * The kernel interface installs IPsec security associations, policies, routes
162 * and virtual addresses. It further provides methods to enumerate interfaces
163 * and may notify the daemon about state changes at lower layers.
164 *
165 * The bus receives signals from the different threads and relays them to
166 * interested listeners. Debugging signals, but also important state changes or
167 * error messages are sent over the bus.
168 * Its listeners are not only for logging, but also to track the state of an
169 * IKE_SA.
170 *
171 * The controller, credential_manager, bus and backend_manager (config) are
172 * places where a plugin ca register itself to provide information or observe
173 * and control the daemon.
174 */
175
176 #ifndef DAEMON_H_
177 #define DAEMON_H_
178
179 typedef struct daemon_t daemon_t;
180
181 #include <attributes/attribute_manager.h>
182 #include <kernel/kernel_interface.h>
183 #include <network/sender.h>
184 #include <network/receiver.h>
185 #include <network/socket_manager.h>
186 #include <control/controller.h>
187 #include <bus/bus.h>
188 #include <bus/listeners/custom_logger.h>
189 #include <sa/ike_sa_manager.h>
190 #include <sa/child_sa_manager.h>
191 #include <sa/trap_manager.h>
192 #include <sa/shunt_manager.h>
193 #include <sa/redirect_manager.h>
194 #include <config/backend_manager.h>
195 #include <sa/eap/eap_manager.h>
196 #include <sa/xauth/xauth_manager.h>
197
198 #ifdef ME
199 #include <sa/ikev2/connect_manager.h>
200 #include <sa/ikev2/mediation_manager.h>
201 #endif /* ME */
202
203 /**
204 * Number of threads in the thread pool, if not specified in config.
205 */
206 #define DEFAULT_THREADS 16
207
208 /**
209 * Primary UDP port used by IKE.
210 */
211 #define IKEV2_UDP_PORT 500
212
213 /**
214 * UDP port defined for use in case a NAT is detected.
215 */
216 #define IKEV2_NATT_PORT 4500
217
218 /**
219 * UDP port on which the daemon will listen for incoming traffic (also used as
220 * source port for outgoing traffic).
221 */
222 #ifndef CHARON_UDP_PORT
223 #define CHARON_UDP_PORT IKEV2_UDP_PORT
224 #endif
225
226 /**
227 * UDP port used by the daemon in case a NAT is detected.
228 */
229 #ifndef CHARON_NATT_PORT
230 #define CHARON_NATT_PORT IKEV2_NATT_PORT
231 #endif
232
233 /**
234 * Main class of daemon, contains some globals.
235 */
236 struct daemon_t {
237
238 /**
239 * Socket manager instance
240 */
241 socket_manager_t *socket;
242
243 /**
244 * Kernel interface to communicate with kernel
245 */
246 kernel_interface_t *kernel;
247
248 /**
249 * A ike_sa_manager_t instance.
250 */
251 ike_sa_manager_t *ike_sa_manager;
252
253 /**
254 * A child_sa_manager_t instance.
255 */
256 child_sa_manager_t *child_sa_manager;
257
258 /**
259 * Manager for triggering policies, called traps
260 */
261 trap_manager_t *traps;
262
263 /**
264 * Manager for shunt PASS|DROP policies
265 */
266 shunt_manager_t *shunts;
267
268 /**
269 * Manager for IKE redirect providers
270 */
271 redirect_manager_t *redirect;
272
273 /**
274 * Manager for the different configuration backends.
275 */
276 backend_manager_t *backends;
277
278 /**
279 * The Sender-Thread.
280 */
281 sender_t *sender;
282
283 /**
284 * The Receiver-Thread.
285 */
286 receiver_t *receiver;
287
288 /**
289 * Manager for IKE configuration attributes
290 */
291 attribute_manager_t *attributes;
292
293 /**
294 * The signaling bus.
295 */
296 bus_t *bus;
297
298 /**
299 * Controller to control the daemon
300 */
301 controller_t *controller;
302
303 /**
304 * EAP manager to maintain registered EAP methods
305 */
306 eap_manager_t *eap;
307
308 /**
309 * XAuth manager to maintain registered XAuth methods
310 */
311 xauth_manager_t *xauth;
312
313 #ifdef ME
314 /**
315 * Connect manager
316 */
317 connect_manager_t *connect_manager;
318
319 /**
320 * Mediation manager
321 */
322 mediation_manager_t *mediation_manager;
323 #endif /* ME */
324
325 /**
326 * Initialize the daemon.
327 *
328 * @param plugins list of plugins to load
329 * @return TRUE, if successful
330 */
331 bool (*initialize)(daemon_t *this, char *plugins);
332
333 /**
334 * Starts the daemon, i.e. spawns the threads of the thread pool.
335 */
336 void (*start)(daemon_t *this);
337
338 /**
339 * Load/Reload loggers defined in strongswan.conf
340 *
341 * If none are defined in strongswan.conf default loggers configured via
342 * set_default_loggers() are loaded.
343 */
344 void (*load_loggers)(daemon_t *this);
345
346 /**
347 * Configure default loggers if none are defined in strongswan.conf
348 *
349 * @param levels debug levels used to create default loggers if none are
350 * defined in strongswan.conf (NULL to disable)
351 * @param to_stderr TRUE to log to stderr/stdout if no loggers are defined
352 * in strongswan.conf (logging to syslog is always enabled)
353 */
354 void (*set_default_loggers)(daemon_t *this, level_t levels[DBG_MAX],
355 bool to_stderr);
356
357 /**
358 * Set the log level for the given log group for all loaded loggers.
359 *
360 * This change is not persistent and gets reset if loggers are reloaded
361 * via load_loggers().
362 *
363 * @param group log group
364 * @param level log level
365 */
366 void (*set_level)(daemon_t *this, debug_t group, level_t level);
367 };
368
369 /**
370 * The one and only instance of the daemon.
371 *
372 * Set between libcharon_init() and libcharon_deinit() calls.
373 */
374 extern daemon_t *charon;
375
376 /**
377 * Initialize libcharon and create the "charon" instance of daemon_t.
378 *
379 * This function initializes the bus, listeners can be registered before
380 * calling initialize().
381 *
382 * libcharon_init() may be called multiple times in a single process, but each
383 * caller must call libcharon_deinit() for each call to libcharon_init().
384 *
385 * @return FALSE if integrity check failed
386 */
387 bool libcharon_init();
388
389 /**
390 * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
391 */
392 void libcharon_deinit();
393
394 /**
395 * Register a custom logger constructor.
396 *
397 * To be called from __attribute__((constructor)) functions.
398 *
399 * @param name name of the logger (also used for loglevel config)
400 * @param constructor constructor to create custom logger
401 */
402 void register_custom_logger(char *name,
403 custom_logger_constructor_t constructor);
404
405 #endif /** DAEMON_H_ @}*/
Unnamed repository; edit this file 'description' to name the repository.