From cd6b61f5499cef3037f8eb07861a8ec7d54fd5f9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 19 Dec 2006 10:57:49 +0000 Subject: renamed to appear in doxygen build --- src/charon/doc/Architecture.txt | 56 ----------------------------------------- src/charon/doc/architecture.h | 56 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 56 deletions(-) delete mode 100644 src/charon/doc/Architecture.txt create mode 100644 src/charon/doc/architecture.h (limited to 'src') diff --git a/src/charon/doc/Architecture.txt b/src/charon/doc/Architecture.txt deleted file mode 100644 index 14b99274c..000000000 --- a/src/charon/doc/Architecture.txt +++ /dev/null @@ -1,56 +0,0 @@ -/** @mainpage - -@section design strongSwans overall design - -IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is -completely handled in pluto, as it was all the times. IKEv2 is handled in the -new keying daemon, which is called #charon. -Daemon control is done over unix sockets. Pluto uses whack, as it did for years. -Charon uses another socket interface, called stroke. Stroke uses another -format as whack and therefore is not compatible to whack. The starter utility, -wich does fast configuration parsing, speaks both the protocols, whack and -stroke. It also handles daemon startup and termination. -Pluto uses starter for some commands, for other it uses the whack utility. To be -as close to pluto as possible, charon has the same split up of commands to -starter and stroke. All commands are wrapped together in the ipsec script, which -allows transparent control of both daemons. -@verbatim - - +-----------------------------------------+ - | ipsec | - +-----+--------------+---------------+----+ - | | | - | | | - | +-----+-----+ | - +-----+----+ | | +-----+----+ - | | | starter | | | - | stroke | | | | whack | - | | +---+--+----+ | | - +------+---+ | | +--+-------+ - | | | | - +---+------+ | | +------+--+ - | | | | | | - | charon +----+ +----+ pluto | - | | | | - +-----+----+ +----+----+ - | | - +-----+----+ | - | LSF | | - +-----+----+ | - | | - +-----+----+ +----+----+ - | RAW Sock | | UDP/500 | - +----------+ +---------+ - -@endverbatim -Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port -500. Under Linux, there is no clean way to set up two sockets at the same port. -To reslove this problem, charon uses a RAW socket, as they are used in network -sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2 -traffic. Pluto receives any IKE message, independant of charons behavior. -Therefore plutos behavior is changed to discard any IKEv2 traffic silently. - -To gain some reusability of the code, generic crypto and utility functions are -separeted in a shared library, libstrongswan. - -*/ \ No newline at end of file diff --git a/src/charon/doc/architecture.h b/src/charon/doc/architecture.h new file mode 100644 index 000000000..14b99274c --- /dev/null +++ b/src/charon/doc/architecture.h @@ -0,0 +1,56 @@ +/** @mainpage + +@section design strongSwans overall design + +IKEv1 and IKEv2 is handled in different keying daemons. The ole IKEv1 stuff is +completely handled in pluto, as it was all the times. IKEv2 is handled in the +new keying daemon, which is called #charon. +Daemon control is done over unix sockets. Pluto uses whack, as it did for years. +Charon uses another socket interface, called stroke. Stroke uses another +format as whack and therefore is not compatible to whack. The starter utility, +wich does fast configuration parsing, speaks both the protocols, whack and +stroke. It also handles daemon startup and termination. +Pluto uses starter for some commands, for other it uses the whack utility. To be +as close to pluto as possible, charon has the same split up of commands to +starter and stroke. All commands are wrapped together in the ipsec script, which +allows transparent control of both daemons. +@verbatim + + +-----------------------------------------+ + | ipsec | + +-----+--------------+---------------+----+ + | | | + | | | + | +-----+-----+ | + +-----+----+ | | +-----+----+ + | | | starter | | | + | stroke | | | | whack | + | | +---+--+----+ | | + +------+---+ | | +--+-------+ + | | | | + +---+------+ | | +------+--+ + | | | | | | + | charon +----+ +----+ pluto | + | | | | + +-----+----+ +----+----+ + | | + +-----+----+ | + | LSF | | + +-----+----+ | + | | + +-----+----+ +----+----+ + | RAW Sock | | UDP/500 | + +----------+ +---------+ + +@endverbatim +Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port +500. Under Linux, there is no clean way to set up two sockets at the same port. +To reslove this problem, charon uses a RAW socket, as they are used in network +sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2 +traffic. Pluto receives any IKE message, independant of charons behavior. +Therefore plutos behavior is changed to discard any IKEv2 traffic silently. + +To gain some reusability of the code, generic crypto and utility functions are +separeted in a shared library, libstrongswan. + +*/ \ No newline at end of file -- cgit v1.2.3