strongswan源代码结构与数据结构

风流网民

已于 2022-03-16 14:39:05 修改

阅读量7.8k

点赞数 2

分类专栏： IPsec 文章标签：安全

于 2022-03-12 17:34:29 首次发布

本文链接：https://blog.csdn.net/wq897387/article/details/123446862

版权

IPsec 专栏收录该内容

11 篇文章 5 订阅

订阅专栏

文章目录

源代码结构
Components
数据结构

strongswan Github下载地址

源代码结构

目录下内容

strongswan$ ls
Android.common.mk.in  ChangeLog        COPYING      HACKING  m4           README            SECURITY.md               TODO
Android.mk            conf             doc          init     Makefile.am  README_LEGACY.md  sonar-project.properties
AUTHORS               configure.ac     Doxyfile.in  INSTALL  man          README.md         src
autogen.sh            CONTRIBUTING.md  fuzz         LICENSE  NEWS         scripts           testing

文件夹	描述
conf	配置文件
doc	RFC标准文档
init	初始化信息
src	源代码文件
scripts	脚本信息
testing	测试程序

Components

The src directory in the strongSwan distribution contains the following components:

Component	Description
aikgen	Utility to generate an Attestation Identity Key bound to a TPM 1.2
charon	The IKE keying daemon
charon-cmd	A command line IKE client
charon-nm	The back end for the NetworkManager D-BUS plugin
charon-svc	The Windows IKE service
charon-systemd	An IKE daemon similar to charon but specifically designed for use with systemd
charon-tkm	A variant of charon that is backed by a Trusted Key Manager (TKM)
checksum	Utility to generate checksums of built executables and libraries
conftest	Conformance test tool
frontends/android	VPN client for Android
frontends/gnome	NetworkManager plugin
frontends/osx	charon-xpc helper daemon for the native macOS application
ipsec	The legacy ipsec command line tool wrapping commands and other tools
libcharon	Contains most of the code and the plugins of the charon daemon
libfast	A lightweight framework to build native web applications using ClearSilver and FastCGI
libimcv	Various Integrity Measurement Collectors (IMCs), Integrity Measuremeent Validators (IMVs) and the library code shared by them
libipsec	A userland IPsec implementation used by kernel-libipsec and the Android VPN Client app
libpts	Contains code for TPM-based Platform Trust Services (PTS) and SWID tag handling
libpttls	Implements the PT-TLS protocol
libradius	RADIUS protocol implementation used by e.g. the eap-radius and tnc-pdp plugins
libsimaka	Contains code shared by several EAP-SIM/AKA plugins
libstrongswan	The strongSwan library with basic functions used by the daemons and utilities
libtls	TLS implementation used by the eap-tls, eap-ttls, eap-peap and other plugins
libtnccs	Implements the IF-TNCCS interface
libtncif	Implmements the IF-IMC/IF-IMV interfaces
manager	A deprecated graphical management application for charon based on libfast
medsrv	An experimental management front end for mediation servers based on libfast
pki	Public Key Infrastructure utility
pool	Utility to manage attributes and IP address pools provided by the attr-sql plugin
pt-tls-client	Integrity measurement client using the PT-TLS protocol
scepclient	Utility to enroll certificates using the SCEP protocol
sec-updater	Utility extracting information about security updates and backports of Linux repositories (e.g. Debian or Ubuntu)
starter	Legacy daemon that reads ipsec.conf and controls the keying daemon charon
stroke	Legacy command line utility to control charon via the stroke protocol
swanctl	Configuration and control utility that communicates via the vici interface
sw-collector	Utility extracting information about software package installation, update or removal events from the apt history log
tpm_extendpcr	Tool that extends a digest into a TPM PCR
_updown	Default script called by the updown plugin on tunnel up/down events
xfrmi	Create an XFRM interface

libstrongswan/目录下文件描述

文件	描述
backtrace.c backtrace.h	回溯
chunk.c chunk.h	块
debug.c debug.h	调试
integrity_checker.c integrity_checker.h	完整性检查
lexparser.c lexparser.h
printf_hook/
utils/ utils.c utils.h
compat/	兼容性
enum.c enum.h	枚举
optionsfrom.c optionsfrom.h	参数
process.c process.h	处理
capabilities.c capabilities.h	能力
cpu_feature.c cpu_feature.h	CPU特性
leak_detective.c leak_detective.h	丢包检测
identification.c identification.h	识别
parser_helper.c parser_helper.h	解析帮助
test.c test.h	测试

数据结构

strongswan/src/libstrongswan/utils/utils/object.h

/**
 * Object allocation/initialization macro, using designated initializer.
 */
#define INIT(this, ...) { (this) = malloc(sizeof(*(this))); \
                           *(this) = (typeof(*(this))){ __VA_ARGS__ }; }

/**
 * Method declaration/definition macro, providing private and public interface.
 *
 * Defines a method name with this as first parameter and a return value ret,
 * and an alias for this method with a _ prefix, having the this argument
 * safely casted to the public interface iface.
 * _name is provided a function pointer, but will get optimized out by GCC.
 */
#define METHOD(iface, name, ret, this, ...) \
        static ret name(union {iface *_public; this;} \
        __attribute__((transparent_union)), ##__VA_ARGS__); \
        static typeof(name) *_##name = (typeof(name)*)name; \
        static ret name(this, ##__VA_ARGS__)

/**
 * Callback declaration/definition macro, allowing casted first parameter.
 *
 * This is very similar to METHOD, but instead of casting the first parameter
 * to a public interface, it uses a void*. This allows type safe definition
 * of a callback function, while using the real type for the first parameter.
 */
#define CALLBACK(name, ret, param1, ...) \
    static ret _cb_##name(union {void *_generic; param1;} \
    __attribute__((transparent_union)), ##__VA_ARGS__); \
    static typeof(_cb_##name) *name = (typeof(_cb_##name)*)_cb_##name; \
    static ret _cb_##name(param1, ##__VA_ARGS__)

strongswan/src/libstrongswan/utils/enum.h

/**
 * Begin a new enum_name list.
 *
 * @param name  name of the enum_name list
 * @param first enum value of the first enum string
 * @param last  enum value of the last enum string
 * @param ...   a list of strings
 */
#define ENUM_BEGIN(name, first, last, ...) \
    static enum_name_t name##last = {first, last + \
        BUILD_ASSERT(((last)-(first)+1) == countof(((char*[]){__VA_ARGS__}))), \
        NULL, { __VA_ARGS__ }}

/**
 * Continue a enum name list started with ENUM_BEGIN.
 *
 * @param name  name of the enum_name list
 * @param first enum value of the first enum string
 * @param last  enum value of the last enum string
 * @param prev  enum value of the "last" defined in ENUM_BEGIN/previous ENUM_NEXT
 * @param ...   a list of strings
 */
#define ENUM_NEXT(name, first, last, prev, ...) \
    static enum_name_t name##last = {first, last + \
        BUILD_ASSERT(((last)-(first)+1) == countof(((char*[]){__VA_ARGS__}))), \
        &name##prev, { __VA_ARGS__ }}

/**
 * Complete enum name list started with ENUM_BEGIN.
 *
 * @param name  name of the enum_name list
 * @param prev  enum value of the "last" defined in ENUM_BEGIN/previous ENUM_NEXT
 */
#define ENUM_END(name, prev) enum_name_t *name = &name##prev;

/**
 * Define a enum name with only one range.
 *
 * This is a convenience macro to use when a enum_name list contains only
 * one range, and is equal as defining ENUM_BEGIN followed by ENUM_END.
 *
 * @param name  name of the enum_name list
 * @param first enum value of the first enum string
 * @param last  enum value of the last enum string
 * @param ...   a list of strings
 */
#define ENUM(name, first, last, ...) \
    ENUM_BEGIN(name, first, last, __VA_ARGS__); ENUM_END(name, last)

strongswan/src/libstrongswan/utils/chunk.h

typedef struct chunk_t chunk_t;

/**
 * General purpose pointer/length abstraction.
 */
struct chunk_t {
    /** Pointer to start of data */
    u_char *ptr;
    /** Length of data in bytes */
    size_t len;
};