diff options
Diffstat (limited to 'src/charon/daemon.h')
-rw-r--r-- | src/charon/daemon.h | 403 |
1 files changed, 403 insertions, 0 deletions
diff --git a/src/charon/daemon.h b/src/charon/daemon.h new file mode 100644 index 000000000..420262474 --- /dev/null +++ b/src/charon/daemon.h @@ -0,0 +1,403 @@ +/** + * @file daemon.h + * + * @brief Interface of daemon_t. + * + */ + +/* + * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef DAEMON_H_ +#define DAEMON_H_ + +typedef struct daemon_t daemon_t; + +#include <credential_store.h> + +#include <threads/sender.h> +#include <threads/receiver.h> +#include <threads/scheduler.h> +#include <threads/kernel_interface.h> +#include <threads/thread_pool.h> +#include <threads/stroke_interface.h> +#include <network/socket.h> +#include <bus/bus.h> +#include <bus/listeners/file_logger.h> +#include <bus/listeners/sys_logger.h> +#include <sa/ike_sa_manager.h> +#include <queues/job_queue.h> +#include <queues/event_queue.h> +#include <config/configuration.h> +#include <config/connections/connection_store.h> +#include <config/policies/policy_store.h> + +/** + * @defgroup charon charon + * + * @brief IKEv2 keying daemon. + * + * @section Architecture + * + * All IKEv2 stuff is handled in charon. It uses a newer and more flexible + * architecture than pluto. Charon uses a thread-pool, which allows parallel + * execution SA-management. Beside the thread-pool, there are some special purpose + * threads which do their job for the common health of the daemon. + @verbatim + +------+ + | E Q | + | v u |---+ +------+ +------+ + | e e | | | | | IKE- | + | n u | +-----------+ | |--| SA | + | t e | | | | I M | +------+ + +------------+ | - | | Scheduler | | K a | + | receiver | +------+ | | | E n | +------+ + +----+-------+ +-----------+ | - a | | IKE- | + | | +------+ | | S g |--| SA | + +-------+--+ +-----| J Q |---+ +------------+ | A e | +------+ + -| socket | | o u | | | | - r | + +-------+--+ | b e | | Thread- | | | + | | - u | | Pool | | | + +----+-------+ | e |------| |---| | + | sender | +------+ +------------+ +------+ + +------------+ + + @endverbatim + * The thread-pool is the heart of the architecture. It processes jobs from a + * (fully synchronized) job-queue. Mostly, a job is associated with a specific + * IKE SA. These IKE SAs are synchronized, only one thread can work one an IKE SA. + * This makes it unnecesary to use further synchronisation methods once a IKE SA + * is checked out. The (rather complex) synchronization of IKE SAs is completely + * done in the IKE SA manager. + * The sceduler is responsible for event firing. It waits until a event in the + * (fully synchronized) event-queue is ready for processing and pushes the event + * down to the job-queue. A thread form the pool will pick it up as quick as + * possible. Every thread can queue events or jobs. Furter, an event can place a + * packet in the sender. The sender thread waits for those packets and sends + * them over the wire, via the socket. The receiver does exactly the opposite of + * the sender. It waits on the socket, reads in packets an places them on the + * job-queue for further processing by a thread from the pool. + * There are even more threads, not drawn in the upper scheme. The stroke thread + * is responsible for reading and processessing commands from another process. The + * kernel interface thread handles communication from and to the kernel via a + * netlink socket. It waits for kernel events and processes them appropriately. + */ + +/** + * @defgroup config config + * + * Classes implementing configuration related things. + * + * @ingroup charon + */ + +/** + * @defgroup encoding encoding + * + * Classes used to encode and decode IKEv2 messages. + * + * @ingroup charon + */ + + /** + * @defgroup payloads payloads + * + * Classes representing specific IKEv2 payloads. + * + * @ingroup encoding + */ + +/** + * @defgroup network network + * + * Classes for network relevant stuff. + * + * @ingroup charon + */ + +/** + * @defgroup queues queues + * + * Different kind of queues + * (thread save lists). + * + * @ingroup charon + */ + +/** + * @defgroup jobs jobs + * + * Jobs used in job queue and event queue. + * + * @ingroup queues + */ + +/** + * @defgroup sa sa + * + * Security associations for IKE and IPSec, + * and some helper classes. + * + * @ingroup charon + */ + +/** + * @defgroup tasks tasks + * + * Tasks process and build message payloads. They are used to create + * and process multiple exchanges. + * + * @ingroup sa + */ + +/** + * @defgroup authenticators authenticators + * + * Authenticator classes to prove identity of peer. + * + * @ingroup sa + */ + +/** + * @defgroup eap eap + * + * EAP authentication module interface and it's implementations. + * + * @ingroup authenticators + */ + +/** + * @defgroup threads threads + * + * Threaded classes, which will do their job alone. + * + * @ingroup charon + */ + +/** + * @defgroup bus bus + * + * Signaling bus and its listeners. + * + * @ingroup charon + */ + +/** + * Name of the daemon. + * + * @ingroup charon + */ +#define DAEMON_NAME "charon" + +/** + * @brief Number of threads in the thread pool. + * + * There are several other threads, this defines + * only the number of threads in thread_pool_t. + * + * @ingroup charon + */ +#define NUMBER_OF_WORKING_THREADS 4 + +/** + * UDP Port on which the daemon will listen for incoming traffic. + * + * @ingroup charon + */ +#define IKEV2_UDP_PORT 500 + +/** + * UDP Port to which the daemon will float to if NAT is detected. + * + * @ingroup charon + */ +#define IKEV2_NATT_PORT 4500 + +/** + * PID file, in which charon stores its process id + * + * @ingroup charon + */ +#define PID_FILE IPSEC_PIDDIR "/charon.pid" + +/** + * Configuration directory + * + * @ingroup charon + */ +#define CONFIG_DIR IPSEC_CONFDIR + +/** + * Directory of IPsec relevant files + * + * @ingroup charon + */ +#define IPSEC_D_DIR CONFIG_DIR "/ipsec.d" + +/** + * Default directory for private keys + * + * @ingroup charon + */ +#define PRIVATE_KEY_DIR IPSEC_D_DIR "/private" + +/** + * Default directory for end entity certificates + * + * @ingroup charon + */ +#define CERTIFICATE_DIR IPSEC_D_DIR "/certs" + +/** + * Default directory for trusted CA certificates + * + * @ingroup charon + */ +#define CA_CERTIFICATE_DIR IPSEC_D_DIR "/cacerts" + +/** + * Default directory for OCSP signing certificates + * + * @ingroup charon + */ +#define OCSP_CERTIFICATE_DIR IPSEC_D_DIR "/ocspcerts" + +/** + * Default directory for CRLs + * + * @ingroup charon + */ +#define CRL_DIR IPSEC_D_DIR "/crls" + +/** + * Secrets files + * + * @ingroup charon + */ +#define SECRETS_FILE CONFIG_DIR "/ipsec.secrets" + +/** + * @brief Main class of daemon, contains some globals. + * + * @ingroup charon + */ +struct daemon_t { + /** + * A socket_t instance. + */ + socket_t *socket; + + /** + * A job_queue_t instance. + */ + job_queue_t *job_queue; + + /** + * A event_queue_t instance. + */ + event_queue_t *event_queue; + + /** + * A ike_sa_manager_t instance. + */ + ike_sa_manager_t *ike_sa_manager; + + /** + * A configuration_t instance. + */ + configuration_t *configuration; + + /** + * A connection_store_t instance. + */ + connection_store_t *connections; + + /** + * A policy_store_t instance. + */ + policy_store_t *policies; + + /** + * A credential_store_t instance. + */ + credential_store_t *credentials; + + /** + * The Sender-Thread. + */ + sender_t *sender; + + /** + * The Receiver-Thread. + */ + receiver_t *receiver; + + /** + * The Scheduler-Thread. + */ + scheduler_t *scheduler; + + /** + * The Thread pool managing the worker threads. + */ + thread_pool_t *thread_pool; + + /** + * The signaling bus. + */ + bus_t *bus; + + /** + * A bus listener logging to stdout + */ + file_logger_t *outlog; + + /** + * A bus listener logging to syslog + */ + sys_logger_t *syslog; + + /** + * A bus listener logging most important events + */ + sys_logger_t *authlog; + + /** + * Kernel Interface to communicate with kernel + */ + kernel_interface_t *kernel_interface; + + /** + * IPC interface, as whack in pluto + */ + stroke_t *stroke; + + /** + * @brief Shut down the daemon. + * + * @param this the daemon to kill + * @param reason describtion why it will be killed + */ + void (*kill) (daemon_t *this, char *reason); +}; + +/** + * The one and only instance of the daemon. + */ +extern daemon_t *charon; + +#endif /*DAEMON_H_*/ |