Annotation of embedaddon/strongswan/src/libcharon/daemon.h, revision 1.1

1.1     ! misho       1: /*
        !             2:  * Copyright (C) 2006-2017 Tobias Brunner
        !             3:  * Copyright (C) 2005-2009 Martin Willi
        !             4:  * Copyright (C) 2006 Daniel Roethlisberger
        !             5:  * Copyright (C) 2005 Jan Hutter
        !             6:  * HSR Hochschule fuer Technik Rapperswil
        !             7:  *
        !             8:  * This program is free software; you can redistribute it and/or modify it
        !             9:  * under the terms of the GNU General Public License as published by the
        !            10:  * Free Software Foundation; either version 2 of the License, or (at your
        !            11:  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
        !            12:  *
        !            13:  * This program is distributed in the hope that it will be useful, but
        !            14:  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
        !            15:  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
        !            16:  * for more details.
        !            17:  */
        !            18: 
        !            19: /*
        !            20:  * Copyright (C) 2016 secunet Security Networks AG
        !            21:  * Copyright (C) 2016 Thomas Egerer
        !            22:  *
        !            23:  * Permission is hereby granted, free of charge, to any person obtaining a copy
        !            24:  * of this software and associated documentation files (the "Software"), to deal
        !            25:  * in the Software without restriction, including without limitation the rights
        !            26:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        !            27:  * copies of the Software, and to permit persons to whom the Software is
        !            28:  * furnished to do so, subject to the following conditions:
        !            29:  *
        !            30:  * The above copyright notice and this permission notice shall be included in
        !            31:  * all copies or substantial portions of the Software.
        !            32:  *
        !            33:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        !            34:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        !            35:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        !            36:  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        !            37:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        !            38:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
        !            39:  * THE SOFTWARE.
        !            40:  */
        !            41: 
        !            42: /**
        !            43:  * @defgroup libcharon libcharon
        !            44:  *
        !            45:  * @defgroup attributes attributes
        !            46:  * @ingroup libcharon
        !            47:  *
        !            48:  * @defgroup bus bus
        !            49:  * @ingroup libcharon
        !            50:  *
        !            51:  * @defgroup listeners listeners
        !            52:  * @ingroup bus
        !            53:  *
        !            54:  * @defgroup config config
        !            55:  * @ingroup libcharon
        !            56:  *
        !            57:  * @defgroup control control
        !            58:  * @ingroup libcharon
        !            59:  *
        !            60:  * @defgroup encoding encoding
        !            61:  * @ingroup libcharon
        !            62:  *
        !            63:  * @defgroup payloads payloads
        !            64:  * @ingroup encoding
        !            65:  *
        !            66:  * @defgroup kernel kernel
        !            67:  * @ingroup libcharon
        !            68:  *
        !            69:  * @defgroup network network
        !            70:  * @ingroup libcharon
        !            71:  *
        !            72:  * @defgroup cplugins plugins
        !            73:  * @ingroup libcharon
        !            74:  *
        !            75:  * @defgroup cprocessing processing
        !            76:  * @ingroup libcharon
        !            77:  *
        !            78:  * @defgroup cjobs jobs
        !            79:  * @ingroup cprocessing
        !            80:  *
        !            81:  * @defgroup sa sa
        !            82:  * @ingroup libcharon
        !            83:  *
        !            84:  * @defgroup ikev1 ikev1
        !            85:  * @ingroup sa
        !            86:  *
        !            87:  * @defgroup ikev2 ikev2
        !            88:  * @ingroup sa
        !            89:  *
        !            90:  * @defgroup authenticators_v1 authenticators
        !            91:  * @ingroup ikev1
        !            92:  *
        !            93:  * @defgroup authenticators_v2 authenticators
        !            94:  * @ingroup ikev2
        !            95:  *
        !            96:  * @defgroup eap eap
        !            97:  * @ingroup sa
        !            98:  *
        !            99:  * @defgroup xauth xauth
        !           100:  * @ingroup sa
        !           101:  *
        !           102:  * @defgroup tasks_v1 tasks
        !           103:  * @ingroup ikev1
        !           104:  *
        !           105:  * @defgroup tasks_v2 tasks
        !           106:  * @ingroup ikev2
        !           107:  *
        !           108:  * @addtogroup libcharon
        !           109:  * @{
        !           110:  *
        !           111:  * IKEv2 keying daemon.
        !           112:  *
        !           113:  * All IKEv2 stuff is handled in charon. It uses a newer and more flexible
        !           114:  * architecture than pluto. Charon uses a thread-pool (called processor),
        !           115:  * which allows parallel execution SA-management. All threads originate
        !           116:  * from the processor. Work is delegated to the processor by queueing jobs
        !           117:  * to it.
        !           118:    @verbatim
        !           119: 
        !           120:       +---------------------------------+       +----------------------------+
        !           121:       |           controller            |       |          config            |
        !           122:       +---------------------------------+       +----------------------------+
        !           123:                |      |      |                           ^     ^    ^
        !           124:                V      V      V                           |     |    |
        !           125: 
        !           126:        +----------+  +-----------+   +------+            +----------+    +----+
        !           127:        | receiver |  |           |   |      |  +------+  | CHILD_SA |    | K  |
        !           128:        +---+------+  | Scheduler |   | IKE- |  | IKE- |--+----------+    | e  |
        !           129:            |         |           |   | SA   |--| SA   |  | CHILD_SA |    | r  |
        !           130:     +------+---+     +-----------+   |      |  +------+  +----------+    | n  |
        !           131:  <->|  socket  |           |         | Man- |                            | e  |
        !           132:     +------+---+     +-----------+   | ager |  +------+  +----------+    | l  |
        !           133:            |         |           |   |      |  | IKE- |--| CHILD_SA |    | -  |
        !           134:        +---+------+  | Processor |---|      |--| SA   |  +----------+    | I  |
        !           135:        |  sender  |  |           |   |      |  +------+                  | f  |
        !           136:        +----------+  +-----------+   +------+                            +----+
        !           137: 
        !           138:                |      |      |                        |      |      |
        !           139:                V      V      V                        V      V      V
        !           140:       +---------------------------------+       +----------------------------+
        !           141:       |               Bus               |       |         credentials        |
        !           142:       +---------------------------------+       +----------------------------+
        !           143: 
        !           144:    @endverbatim
        !           145:  * The scheduler is responsible to execute timed events. Jobs may be queued to
        !           146:  * the scheduler to get executed at a defined time (e.g. rekeying). The
        !           147:  * scheduler does not execute the jobs itself, it queues them to the processor.
        !           148:  *
        !           149:  * The IKE_SA manager managers all IKE_SA. It further handles the
        !           150:  * synchronization:
        !           151:  * Each IKE_SA must be checked out strictly and checked in again after use. The
        !           152:  * manager guarantees that only one thread may check out a single IKE_SA. This
        !           153:  * allows us to write the (complex) IKE_SAs routines non-threadsafe.
        !           154:  * The IKE_SA contain the state and the logic of each IKE_SA and handle the
        !           155:  * messages.
        !           156:  *
        !           157:  * The CHILD_SA contains state about a IPsec security association and manages
        !           158:  * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel
        !           159:  * takes place here through the kernel interface.
        !           160:  *
        !           161:  * The kernel interface installs IPsec security associations, policies, routes
        !           162:  * and virtual addresses. It further provides methods to enumerate interfaces
        !           163:  * and may notify the daemon about state changes at lower layers.
        !           164:  *
        !           165:  * The bus receives signals from the different threads and relays them to
        !           166:  * interested listeners. Debugging signals, but also important state changes or
        !           167:  * error messages are sent over the bus.
        !           168:  * Its listeners are not only for logging, but also to track the state of an
        !           169:  * IKE_SA.
        !           170:  *
        !           171:  * The controller, credential_manager, bus and backend_manager (config) are
        !           172:  * places where a plugin ca register itself to provide information or observe
        !           173:  * and control the daemon.
        !           174:  */
        !           175: 
        !           176: #ifndef DAEMON_H_
        !           177: #define DAEMON_H_
        !           178: 
        !           179: typedef struct daemon_t daemon_t;
        !           180: 
        !           181: #include <attributes/attribute_manager.h>
        !           182: #include <kernel/kernel_interface.h>
        !           183: #include <network/sender.h>
        !           184: #include <network/receiver.h>
        !           185: #include <network/socket_manager.h>
        !           186: #include <control/controller.h>
        !           187: #include <bus/bus.h>
        !           188: #include <bus/listeners/custom_logger.h>
        !           189: #include <sa/ike_sa_manager.h>
        !           190: #include <sa/child_sa_manager.h>
        !           191: #include <sa/trap_manager.h>
        !           192: #include <sa/shunt_manager.h>
        !           193: #include <sa/redirect_manager.h>
        !           194: #include <config/backend_manager.h>
        !           195: #include <sa/eap/eap_manager.h>
        !           196: #include <sa/xauth/xauth_manager.h>
        !           197: 
        !           198: #ifdef ME
        !           199: #include <sa/ikev2/connect_manager.h>
        !           200: #include <sa/ikev2/mediation_manager.h>
        !           201: #endif /* ME */
        !           202: 
        !           203: /**
        !           204:  * Number of threads in the thread pool, if not specified in config.
        !           205:  */
        !           206: #define DEFAULT_THREADS 16
        !           207: 
        !           208: /**
        !           209:  * Primary UDP port used by IKE.
        !           210:  */
        !           211: #define IKEV2_UDP_PORT 500
        !           212: 
        !           213: /**
        !           214:  * UDP port defined for use in case a NAT is detected.
        !           215:  */
        !           216: #define IKEV2_NATT_PORT 4500
        !           217: 
        !           218: /**
        !           219:  * UDP port on which the daemon will listen for incoming traffic (also used as
        !           220:  * source port for outgoing traffic).
        !           221:  */
        !           222: #ifndef CHARON_UDP_PORT
        !           223: #define CHARON_UDP_PORT IKEV2_UDP_PORT
        !           224: #endif
        !           225: 
        !           226: /**
        !           227:  * UDP port used by the daemon in case a NAT is detected.
        !           228:  */
        !           229: #ifndef CHARON_NATT_PORT
        !           230: #define CHARON_NATT_PORT IKEV2_NATT_PORT
        !           231: #endif
        !           232: 
        !           233: /**
        !           234:  * Main class of daemon, contains some globals.
        !           235:  */
        !           236: struct daemon_t {
        !           237: 
        !           238:        /**
        !           239:         * Socket manager instance
        !           240:         */
        !           241:        socket_manager_t *socket;
        !           242: 
        !           243:        /**
        !           244:         * Kernel interface to communicate with kernel
        !           245:         */
        !           246:        kernel_interface_t *kernel;
        !           247: 
        !           248:        /**
        !           249:         * A ike_sa_manager_t instance.
        !           250:         */
        !           251:        ike_sa_manager_t *ike_sa_manager;
        !           252: 
        !           253:        /**
        !           254:         * A child_sa_manager_t instance.
        !           255:         */
        !           256:        child_sa_manager_t *child_sa_manager;
        !           257: 
        !           258:        /**
        !           259:         * Manager for triggering policies, called traps
        !           260:         */
        !           261:        trap_manager_t *traps;
        !           262: 
        !           263:        /**
        !           264:         * Manager for shunt PASS|DROP policies
        !           265:         */
        !           266:        shunt_manager_t *shunts;
        !           267: 
        !           268:        /**
        !           269:         * Manager for IKE redirect providers
        !           270:         */
        !           271:        redirect_manager_t *redirect;
        !           272: 
        !           273:        /**
        !           274:         * Manager for the different configuration backends.
        !           275:         */
        !           276:        backend_manager_t *backends;
        !           277: 
        !           278:        /**
        !           279:         * The Sender-Thread.
        !           280:         */
        !           281:        sender_t *sender;
        !           282: 
        !           283:        /**
        !           284:         * The Receiver-Thread.
        !           285:         */
        !           286:        receiver_t *receiver;
        !           287: 
        !           288:        /**
        !           289:         * Manager for IKE configuration attributes
        !           290:         */
        !           291:        attribute_manager_t *attributes;
        !           292: 
        !           293:        /**
        !           294:         * The signaling bus.
        !           295:         */
        !           296:        bus_t *bus;
        !           297: 
        !           298:        /**
        !           299:         * Controller to control the daemon
        !           300:         */
        !           301:        controller_t *controller;
        !           302: 
        !           303:        /**
        !           304:         * EAP manager to maintain registered EAP methods
        !           305:         */
        !           306:        eap_manager_t *eap;
        !           307: 
        !           308:        /**
        !           309:         * XAuth manager to maintain registered XAuth methods
        !           310:         */
        !           311:        xauth_manager_t *xauth;
        !           312: 
        !           313: #ifdef ME
        !           314:        /**
        !           315:         * Connect manager
        !           316:         */
        !           317:        connect_manager_t *connect_manager;
        !           318: 
        !           319:        /**
        !           320:         * Mediation manager
        !           321:         */
        !           322:        mediation_manager_t *mediation_manager;
        !           323: #endif /* ME */
        !           324: 
        !           325:        /**
        !           326:         * Initialize the daemon.
        !           327:         *
        !           328:         * @param plugins       list of plugins to load
        !           329:         * @return                      TRUE, if successful
        !           330:         */
        !           331:        bool (*initialize)(daemon_t *this, char *plugins);
        !           332: 
        !           333:        /**
        !           334:         * Starts the daemon, i.e. spawns the threads of the thread pool.
        !           335:         */
        !           336:        void (*start)(daemon_t *this);
        !           337: 
        !           338:        /**
        !           339:         * Load/Reload loggers defined in strongswan.conf
        !           340:         *
        !           341:         * If none are defined in strongswan.conf default loggers configured via
        !           342:         * set_default_loggers() are loaded.
        !           343:         */
        !           344:        void (*load_loggers)(daemon_t *this);
        !           345: 
        !           346:        /**
        !           347:         * Configure default loggers if none are defined in strongswan.conf
        !           348:         *
        !           349:         * @param levels        debug levels used to create default loggers if none are
        !           350:         *                                      defined in strongswan.conf (NULL to disable)
        !           351:         * @param to_stderr     TRUE to log to stderr/stdout if no loggers are defined
        !           352:         *                                      in strongswan.conf (logging to syslog is always enabled)
        !           353:         */
        !           354:        void (*set_default_loggers)(daemon_t *this, level_t levels[DBG_MAX],
        !           355:                                                                bool to_stderr);
        !           356: 
        !           357:        /**
        !           358:         * Set the log level for the given log group for all loaded loggers.
        !           359:         *
        !           360:         * This change is not persistent and gets reset if loggers are reloaded
        !           361:         * via load_loggers().
        !           362:         *
        !           363:         * @param group         log group
        !           364:         * @param level         log level
        !           365:         */
        !           366:        void (*set_level)(daemon_t *this, debug_t group, level_t level);
        !           367: };
        !           368: 
        !           369: /**
        !           370:  * The one and only instance of the daemon.
        !           371:  *
        !           372:  * Set between libcharon_init() and libcharon_deinit() calls.
        !           373:  */
        !           374: extern daemon_t *charon;
        !           375: 
        !           376: /**
        !           377:  * Initialize libcharon and create the "charon" instance of daemon_t.
        !           378:  *
        !           379:  * This function initializes the bus, listeners can be registered before
        !           380:  * calling initialize().
        !           381:  *
        !           382:  * libcharon_init() may be called multiple times in a single process, but each
        !           383:  * caller must call libcharon_deinit() for each call to libcharon_init().
        !           384:  *
        !           385:  * @return             FALSE if integrity check failed
        !           386:  */
        !           387: bool libcharon_init();
        !           388: 
        !           389: /**
        !           390:  * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
        !           391:  */
        !           392: void libcharon_deinit();
        !           393: 
        !           394: /**
        !           395:  * Register a custom logger constructor.
        !           396:  *
        !           397:  * To be called from __attribute__((constructor)) functions.
        !           398:  *
        !           399:  * @param name                         name of the logger (also used for loglevel config)
        !           400:  * @param constructor          constructor to create custom logger
        !           401:  */
        !           402: void register_custom_logger(char *name,
        !           403:                                                        custom_logger_constructor_t constructor);
        !           404: 
        !           405: #endif /** DAEMON_H_ @}*/

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>