Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(302)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ipsec_manager.h

Issue 6508016: vpn-manager: Add l2tp/ipsec vpn manager (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master
Patch Set: respond to petkov Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « inherit-review-settings-ok ('k') | ipsec_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef _VPN_MANAGER_IPSEC_MANAGER_H_
6 #define _VPN_MANAGER_IPSEC_MANAGER_H_
7
8 #include <string>
9
10 #include "base/scoped_ptr.h"
11 #include "base/time.h"
12 #include "gtest/gtest_prod.h" // for FRIEND_TEST
13 #include "vpn-manager/service_manager.h"
14
15 class FilePath;
16 namespace chromeos {
17 class Process;
18 }
19
20 // Manages the ipsec daemon. This manager orchestrates configuring and
21 // launching the strongswan starter process which in turn launches the
22 // appropriate IKE v1 (pluto) or IKE v2 (charon) daemon.
23 class IpsecManager : public ServiceManager {
24 public:
25 IpsecManager();
26
27 // Initialize the object to control IKE version |ike_version| daemon,
28 // connecting to the give |remote_address|, with given paths to
29 // pre-shared key file |psk_file|, server certificate authority file
30 // |server_ca_file|, client key file |client_key_file|, and client
31 // certificate file |client_cert_file|.
32 bool Initialize(int ike_version,
33 const std::string& remote_address,
34 const std::string& psk_file,
35 const std::string& server_ca_file,
36 const std::string& client_key_file,
37 const std::string& client_cert_file);
38
39 virtual bool Start();
40 virtual void Stop();
41 virtual int Poll();
42 virtual void ProcessOutput();
43 virtual bool IsChild(pid_t pid);
44
45 // Returns the stderr output file descriptor of our child process.
46 int output_fd() const { return output_fd_; }
47
48 private:
49 friend class IpsecManagerTest;
50 FRIEND_TEST(IpsecManagerTest, CreateIpsecRunDirectory);
51 FRIEND_TEST(IpsecManagerTest, PollWaitIfNotUpYet);
52 FRIEND_TEST(IpsecManagerTest, PollTimeoutWaiting);
53 FRIEND_TEST(IpsecManagerTest, PollTransitionToUp);
54 FRIEND_TEST(IpsecManagerTest, PollNothingIfRunning);
55 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatPsk);
56 FRIEND_TEST(IpsecManagerTestIkeV1Psk, FormatStarterConfigFile);
57 FRIEND_TEST(IpsecManagerTestIkeV1Psk, GetLocalAddressForRemote);
58 FRIEND_TEST(IpsecManagerTestIkeV1Psk, Start);
59 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterAlreadyRunning);
60 FRIEND_TEST(IpsecManagerTestIkeV1Psk, StartStarterNotYetRunning);
61 FRIEND_TEST(IpsecManagerTestIkeV1Psk, WriteConfigFiles);
62
63 bool GetLocalAddressForRemote(const std::string& remote_address_text,
64 std::string* local_address_text);
65 bool FormatPsk(const FilePath& input_file, std::string* formatted);
66 void KillCurrentlyRunning();
67 bool WriteConfigFiles();
68 bool CreateIpsecRunDirectory();
69 std::string FormatStarterConfigFile();
70 bool StartStarter();
71 bool SetIpsecGroup(const FilePath& file_path);
72
73 // for testing, always return this value from GetLocalAddressForRemote.
74 const char* force_local_address_;
75 // ipsec daemon stderr pipe file descriptor.
76 int output_fd_;
77 // IKE key exchange version to use.
78 int ike_version_;
79 // Group id of the "ipsec" group on this machine. This is the group
80 // that we expect the underlying IKE daemons to run as.
81 gid_t ipsec_group_;
82 // Writeable directory to which we can write configuration files for
83 // ipsec daemons.
84 std::string stateful_container_;
85 // Directory containing run files for ipsec that we create with
86 // permissions locked to ipsec group.
87 std::string ipsec_run_path_;
88 // File whose existence signifies ipsec is now up.
89 std::string ipsec_up_file_;
90 // String with which to prefix ipsec output log lines.
91 std::string ipsec_prefix_;
92 // File containing starter process's process id.
93 std::string starter_pid_file_;
94 // Remote IP of IPsec connection.
95 std::string remote_address_;
96 // File containing the IPsec pre-shared key.
97 std::string psk_file_;
98 // File containing the server certificate authority.
99 std::string server_ca_file_;
100 // File containing the client private key.
101 std::string client_key_file_;
102 // File containing the client certificate.
103 std::string client_cert_file_;
104 // Last partial line read from output_fd_.
105 std::string partial_output_line_;
106 // Time when ipsec was started.
107 base::TimeTicks start_ticks_;
108 // IPsec starter process.
109 scoped_ptr<chromeos::Process> starter_;
110 };
111
112 #endif // _VPN_MANAGER_IPSEC_MANAGER_H_
OLDNEW
« no previous file with comments | « inherit-review-settings-ok ('k') | ipsec_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698