Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(692)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ipsec_manager.h

Issue 6508016: vpn-manager: Add l2tp/ipsec vpn manager (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master
Patch Set: compute local address instead of taking option Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « inherit-review-settings-ok ('k') | ipsec_manager.cc » ('j') | ipsec_manager.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef _VPN_MANAGER_IPSEC_MANAGER_H_
6 #define _VPN_MANAGER_IPSEC_MANAGER_H_
7
8 #include <string>
9
10 #include "base/scoped_ptr.h"
11 #include "base/time.h"
12 #include "gtest/gtest_prod.h" // for FRIEND_TEST
13
14 #include "vpn-manager/service_manager.h"
15
16 class FilePath;
17 namespace chromeos {
18 class Process;
19 }
20
21 // Manages the ipsec daemon. This manager orchestrates configuring and
22 // launching the strongswan starter process which in turn launches the
23 // appropriate IKE v1 (pluto) or IKE v2 (charon) daemon.
24 class IpsecManager : public ServiceManager {
25 public:
26 IpsecManager();
27
28 // Initialize the object to control IKE version |ike_version| daemon,
29 // connecting to the give |remote_address|, with given paths to
30 // pre-shared key file |psk_file|, server certificate authority file
31 // |server_ca_file|, client key file |client_key_file|, and client
32 // certificate file |client_cert_file|.
33 bool Initialize(int ike_version,
34 const std::string& remote_address,
35 const std::string& psk_file,
36 const std::string& server_ca_file,
37 const std::string& client_key_file,
38 const std::string& client_cert_file);
39
40 virtual bool Start();
41 virtual void Stop();
42 virtual int Poll();
43 virtual void ProcessOutput();
44 virtual bool IsChild(pid_t pid);
45
46 // Returns the stderr output file descriptor of our child process.
47 int output_fd() const { return output_fd_; }
48
49 private:
50 friend class IpsecManagerTest;
51 FRIEND_TEST(IpsecManagerTest, CreateIpsecRunDirectory);
52 FRIEND_TEST(IpsecManagerTest, PollWaitIfNotUpYet);
53 FRIEND_TEST(IpsecManagerTest, PollTimeoutWaiting);
54 FRIEND_TEST(IpsecManagerTest, PollTransitionToUp);
55 FRIEND_TEST(IpsecManagerTest, PollNothingIfRunning);
56 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatPsk);
57 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile);
58 FRIEND_TEST(IpsecManagerTestIkeV1Psk, GetLocalAddressForRemote);
59 FRIEND_TEST(IpsecManagerTestIkeV1Psk, Start);
60 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning);
61 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning);
62 FRIEND_TEST(IpsecManagerTestIkeV1Psk, WriteConfigFiles);
63
64 bool GetLocalAddressForRemote(const std::string& remote_address_text,
65 std::string* local_address_text);
66 bool FormatPsk(const FilePath& input_file, std::string* formatted);
67 void KillCurrentlyRunning();
68 bool WriteConfigFiles();
69 bool CreateIpsecRunDirectory();
70 std::string FormatStarterConfigFile();
71 bool StartStarter();
72 bool SetIpsecGroup(const FilePath& file_path);
73
74 // for testing, always return this value from GetLocalAddressForRemote.
75 const char* force_local_address_;
76 // ipsec daemon stderr pipe file descriptor.
77 int output_fd_;
78 // IKE key exchange version to use.
79 int ike_version_;
80 // Group id of the "ipsec" group on this machine. This is the group
81 // that we expect the underlying IKE daemons to run as.
82 gid_t ipsec_group_;
83 // Writeable directory to which we can write configuration files for
84 // ipsec daemons.
85 std::string stateful_container_;
86 // Directory containing run files for ipsec that we create with
87 // permissions locked to ipsec group.
88 std::string ipsec_run_path_;
89 // File whose existence signifies ipsec is now up.
90 std::string ipsec_up_file_;
91 // String with which to prefix ipsec output log lines.
92 std::string ipsec_prefix_;
93 // File containing starter process's process id.
94 std::string starter_pid_file_;
95 // Remote IP of IPsec connection.
96 std::string remote_address_;
97 // File containing the IPsec pre-shared key.
98 std::string psk_file_;
99 // File containing the server certificate authority.
100 std::string server_ca_file_;
101 // File containing the client private key.
102 std::string client_key_file_;
103 // File containing the client certificate.
104 std::string client_cert_file_;
105 // Last partial line read from output_fd_.
106 std::string partial_output_line_;
107 // Time when ipsec was started.
108 base::TimeTicks start_ticks_;
109 // IPsec starter process.
110 scoped_ptr<chromeos::Process> starter_;
111 };
112
113 #endif // _VPN_MANAGER_IPSEC_MANAGER_H_
OLDNEW
« no previous file with comments | « inherit-review-settings-ok ('k') | ipsec_manager.cc » ('j') | ipsec_manager.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698