Return to daemon.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon |
1.1 ! misho 1: /* ! 2: * Copyright (C) 2006-2017 Tobias Brunner ! 3: * Copyright (C) 2005-2009 Martin Willi ! 4: * Copyright (C) 2006 Daniel Roethlisberger ! 5: * Copyright (C) 2005 Jan Hutter ! 6: * HSR Hochschule fuer Technik Rapperswil ! 7: * ! 8: * This program is free software; you can redistribute it and/or modify it ! 9: * under the terms of the GNU General Public License as published by the ! 10: * Free Software Foundation; either version 2 of the License, or (at your ! 11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ! 12: * ! 13: * This program is distributed in the hope that it will be useful, but ! 14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ! 15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ! 16: * for more details. ! 17: */ ! 18: ! 19: /* ! 20: * Copyright (C) 2016 secunet Security Networks AG ! 21: * Copyright (C) 2016 Thomas Egerer ! 22: * ! 23: * Permission is hereby granted, free of charge, to any person obtaining a copy ! 24: * of this software and associated documentation files (the "Software"), to deal ! 25: * in the Software without restriction, including without limitation the rights ! 26: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ! 27: * copies of the Software, and to permit persons to whom the Software is ! 28: * furnished to do so, subject to the following conditions: ! 29: * ! 30: * The above copyright notice and this permission notice shall be included in ! 31: * all copies or substantial portions of the Software. ! 32: * ! 33: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ! 34: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ! 35: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ! 36: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ! 37: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ! 38: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ! 39: * THE SOFTWARE. ! 40: */ ! 41: ! 42: /** ! 43: * @defgroup libcharon libcharon ! 44: * ! 45: * @defgroup attributes attributes ! 46: * @ingroup libcharon ! 47: * ! 48: * @defgroup bus bus ! 49: * @ingroup libcharon ! 50: * ! 51: * @defgroup listeners listeners ! 52: * @ingroup bus ! 53: * ! 54: * @defgroup config config ! 55: * @ingroup libcharon ! 56: * ! 57: * @defgroup control control ! 58: * @ingroup libcharon ! 59: * ! 60: * @defgroup encoding encoding ! 61: * @ingroup libcharon ! 62: * ! 63: * @defgroup payloads payloads ! 64: * @ingroup encoding ! 65: * ! 66: * @defgroup kernel kernel ! 67: * @ingroup libcharon ! 68: * ! 69: * @defgroup network network ! 70: * @ingroup libcharon ! 71: * ! 72: * @defgroup cplugins plugins ! 73: * @ingroup libcharon ! 74: * ! 75: * @defgroup cprocessing processing ! 76: * @ingroup libcharon ! 77: * ! 78: * @defgroup cjobs jobs ! 79: * @ingroup cprocessing ! 80: * ! 81: * @defgroup sa sa ! 82: * @ingroup libcharon ! 83: * ! 84: * @defgroup ikev1 ikev1 ! 85: * @ingroup sa ! 86: * ! 87: * @defgroup ikev2 ikev2 ! 88: * @ingroup sa ! 89: * ! 90: * @defgroup authenticators_v1 authenticators ! 91: * @ingroup ikev1 ! 92: * ! 93: * @defgroup authenticators_v2 authenticators ! 94: * @ingroup ikev2 ! 95: * ! 96: * @defgroup eap eap ! 97: * @ingroup sa ! 98: * ! 99: * @defgroup xauth xauth ! 100: * @ingroup sa ! 101: * ! 102: * @defgroup tasks_v1 tasks ! 103: * @ingroup ikev1 ! 104: * ! 105: * @defgroup tasks_v2 tasks ! 106: * @ingroup ikev2 ! 107: * ! 108: * @addtogroup libcharon ! 109: * @{ ! 110: * ! 111: * IKEv2 keying daemon. ! 112: * ! 113: * All IKEv2 stuff is handled in charon. It uses a newer and more flexible ! 114: * architecture than pluto. Charon uses a thread-pool (called processor), ! 115: * which allows parallel execution SA-management. All threads originate ! 116: * from the processor. Work is delegated to the processor by queueing jobs ! 117: * to it. ! 118: @verbatim ! 119: ! 120: +---------------------------------+ +----------------------------+ ! 121: | controller | | config | ! 122: +---------------------------------+ +----------------------------+ ! 123: | | | ^ ^ ^ ! 124: V V V | | | ! 125: ! 126: +----------+ +-----------+ +------+ +----------+ +----+ ! 127: | receiver | | | | | +------+ | CHILD_SA | | K | ! 128: +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e | ! 129: | | | | SA |--| SA | | CHILD_SA | | r | ! 130: +------+---+ +-----------+ | | +------+ +----------+ | n | ! 131: <->| socket | | | Man- | | e | ! 132: +------+---+ +-----------+ | ager | +------+ +----------+ | l | ! 133: | | | | | | IKE- |--| CHILD_SA | | - | ! 134: +---+------+ | Processor |---| |--| SA | +----------+ | I | ! 135: | sender | | | | | +------+ | f | ! 136: +----------+ +-----------+ +------+ +----+ ! 137: ! 138: | | | | | | ! 139: V V V V V V ! 140: +---------------------------------+ +----------------------------+ ! 141: | Bus | | credentials | ! 142: +---------------------------------+ +----------------------------+ ! 143: ! 144: @endverbatim ! 145: * The scheduler is responsible to execute timed events. Jobs may be queued to ! 146: * the scheduler to get executed at a defined time (e.g. rekeying). The ! 147: * scheduler does not execute the jobs itself, it queues them to the processor. ! 148: * ! 149: * The IKE_SA manager managers all IKE_SA. It further handles the ! 150: * synchronization: ! 151: * Each IKE_SA must be checked out strictly and checked in again after use. The ! 152: * manager guarantees that only one thread may check out a single IKE_SA. This ! 153: * allows us to write the (complex) IKE_SAs routines non-threadsafe. ! 154: * The IKE_SA contain the state and the logic of each IKE_SA and handle the ! 155: * messages. ! 156: * ! 157: * The CHILD_SA contains state about a IPsec security association and manages ! 158: * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel ! 159: * takes place here through the kernel interface. ! 160: * ! 161: * The kernel interface installs IPsec security associations, policies, routes ! 162: * and virtual addresses. It further provides methods to enumerate interfaces ! 163: * and may notify the daemon about state changes at lower layers. ! 164: * ! 165: * The bus receives signals from the different threads and relays them to ! 166: * interested listeners. Debugging signals, but also important state changes or ! 167: * error messages are sent over the bus. ! 168: * Its listeners are not only for logging, but also to track the state of an ! 169: * IKE_SA. ! 170: * ! 171: * The controller, credential_manager, bus and backend_manager (config) are ! 172: * places where a plugin ca register itself to provide information or observe ! 173: * and control the daemon. ! 174: */ ! 175: ! 176: #ifndef DAEMON_H_ ! 177: #define DAEMON_H_ ! 178: ! 179: typedef struct daemon_t daemon_t; ! 180: ! 181: #include <attributes/attribute_manager.h> ! 182: #include <kernel/kernel_interface.h> ! 183: #include <network/sender.h> ! 184: #include <network/receiver.h> ! 185: #include <network/socket_manager.h> ! 186: #include <control/controller.h> ! 187: #include <bus/bus.h> ! 188: #include <bus/listeners/custom_logger.h> ! 189: #include <sa/ike_sa_manager.h> ! 190: #include <sa/child_sa_manager.h> ! 191: #include <sa/trap_manager.h> ! 192: #include <sa/shunt_manager.h> ! 193: #include <sa/redirect_manager.h> ! 194: #include <config/backend_manager.h> ! 195: #include <sa/eap/eap_manager.h> ! 196: #include <sa/xauth/xauth_manager.h> ! 197: ! 198: #ifdef ME ! 199: #include <sa/ikev2/connect_manager.h> ! 200: #include <sa/ikev2/mediation_manager.h> ! 201: #endif /* ME */ ! 202: ! 203: /** ! 204: * Number of threads in the thread pool, if not specified in config. ! 205: */ ! 206: #define DEFAULT_THREADS 16 ! 207: ! 208: /** ! 209: * Primary UDP port used by IKE. ! 210: */ ! 211: #define IKEV2_UDP_PORT 500 ! 212: ! 213: /** ! 214: * UDP port defined for use in case a NAT is detected. ! 215: */ ! 216: #define IKEV2_NATT_PORT 4500 ! 217: ! 218: /** ! 219: * UDP port on which the daemon will listen for incoming traffic (also used as ! 220: * source port for outgoing traffic). ! 221: */ ! 222: #ifndef CHARON_UDP_PORT ! 223: #define CHARON_UDP_PORT IKEV2_UDP_PORT ! 224: #endif ! 225: ! 226: /** ! 227: * UDP port used by the daemon in case a NAT is detected. ! 228: */ ! 229: #ifndef CHARON_NATT_PORT ! 230: #define CHARON_NATT_PORT IKEV2_NATT_PORT ! 231: #endif ! 232: ! 233: /** ! 234: * Main class of daemon, contains some globals. ! 235: */ ! 236: struct daemon_t { ! 237: ! 238: /** ! 239: * Socket manager instance ! 240: */ ! 241: socket_manager_t *socket; ! 242: ! 243: /** ! 244: * Kernel interface to communicate with kernel ! 245: */ ! 246: kernel_interface_t *kernel; ! 247: ! 248: /** ! 249: * A ike_sa_manager_t instance. ! 250: */ ! 251: ike_sa_manager_t *ike_sa_manager; ! 252: ! 253: /** ! 254: * A child_sa_manager_t instance. ! 255: */ ! 256: child_sa_manager_t *child_sa_manager; ! 257: ! 258: /** ! 259: * Manager for triggering policies, called traps ! 260: */ ! 261: trap_manager_t *traps; ! 262: ! 263: /** ! 264: * Manager for shunt PASS|DROP policies ! 265: */ ! 266: shunt_manager_t *shunts; ! 267: ! 268: /** ! 269: * Manager for IKE redirect providers ! 270: */ ! 271: redirect_manager_t *redirect; ! 272: ! 273: /** ! 274: * Manager for the different configuration backends. ! 275: */ ! 276: backend_manager_t *backends; ! 277: ! 278: /** ! 279: * The Sender-Thread. ! 280: */ ! 281: sender_t *sender; ! 282: ! 283: /** ! 284: * The Receiver-Thread. ! 285: */ ! 286: receiver_t *receiver; ! 287: ! 288: /** ! 289: * Manager for IKE configuration attributes ! 290: */ ! 291: attribute_manager_t *attributes; ! 292: ! 293: /** ! 294: * The signaling bus. ! 295: */ ! 296: bus_t *bus; ! 297: ! 298: /** ! 299: * Controller to control the daemon ! 300: */ ! 301: controller_t *controller; ! 302: ! 303: /** ! 304: * EAP manager to maintain registered EAP methods ! 305: */ ! 306: eap_manager_t *eap; ! 307: ! 308: /** ! 309: * XAuth manager to maintain registered XAuth methods ! 310: */ ! 311: xauth_manager_t *xauth; ! 312: ! 313: #ifdef ME ! 314: /** ! 315: * Connect manager ! 316: */ ! 317: connect_manager_t *connect_manager; ! 318: ! 319: /** ! 320: * Mediation manager ! 321: */ ! 322: mediation_manager_t *mediation_manager; ! 323: #endif /* ME */ ! 324: ! 325: /** ! 326: * Initialize the daemon. ! 327: * ! 328: * @param plugins list of plugins to load ! 329: * @return TRUE, if successful ! 330: */ ! 331: bool (*initialize)(daemon_t *this, char *plugins); ! 332: ! 333: /** ! 334: * Starts the daemon, i.e. spawns the threads of the thread pool. ! 335: */ ! 336: void (*start)(daemon_t *this); ! 337: ! 338: /** ! 339: * Load/Reload loggers defined in strongswan.conf ! 340: * ! 341: * If none are defined in strongswan.conf default loggers configured via ! 342: * set_default_loggers() are loaded. ! 343: */ ! 344: void (*load_loggers)(daemon_t *this); ! 345: ! 346: /** ! 347: * Configure default loggers if none are defined in strongswan.conf ! 348: * ! 349: * @param levels debug levels used to create default loggers if none are ! 350: * defined in strongswan.conf (NULL to disable) ! 351: * @param to_stderr TRUE to log to stderr/stdout if no loggers are defined ! 352: * in strongswan.conf (logging to syslog is always enabled) ! 353: */ ! 354: void (*set_default_loggers)(daemon_t *this, level_t levels[DBG_MAX], ! 355: bool to_stderr); ! 356: ! 357: /** ! 358: * Set the log level for the given log group for all loaded loggers. ! 359: * ! 360: * This change is not persistent and gets reset if loggers are reloaded ! 361: * via load_loggers(). ! 362: * ! 363: * @param group log group ! 364: * @param level log level ! 365: */ ! 366: void (*set_level)(daemon_t *this, debug_t group, level_t level); ! 367: }; ! 368: ! 369: /** ! 370: * The one and only instance of the daemon. ! 371: * ! 372: * Set between libcharon_init() and libcharon_deinit() calls. ! 373: */ ! 374: extern daemon_t *charon; ! 375: ! 376: /** ! 377: * Initialize libcharon and create the "charon" instance of daemon_t. ! 378: * ! 379: * This function initializes the bus, listeners can be registered before ! 380: * calling initialize(). ! 381: * ! 382: * libcharon_init() may be called multiple times in a single process, but each ! 383: * caller must call libcharon_deinit() for each call to libcharon_init(). ! 384: * ! 385: * @return FALSE if integrity check failed ! 386: */ ! 387: bool libcharon_init(); ! 388: ! 389: /** ! 390: * Deinitialize libcharon and destroy the "charon" instance of daemon_t. ! 391: */ ! 392: void libcharon_deinit(); ! 393: ! 394: /** ! 395: * Register a custom logger constructor. ! 396: * ! 397: * To be called from __attribute__((constructor)) functions. ! 398: * ! 399: * @param name name of the logger (also used for loglevel config) ! 400: * @param constructor constructor to create custom logger ! 401: */ ! 402: void register_custom_logger(char *name, ! 403: custom_logger_constructor_t constructor); ! 404: ! 405: #endif /** DAEMON_H_ @}*/