[strongSwan-dev] Embedded application integration - best practice

Thomas Egerer thomas.egerer at secunet.com
Fri Mar 5 11:30:19 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ian,

> 1.) Programatically configure StrongSwan (Charon).
> 2.) Be able to up/down connections.
> 3.) Get indications when connections go down (e.g. through DPD).

- From my own experience I'd go with one plugin (you could also with three
seperate ones if you like this approach better). This plugin includes a
listener_t registered via the bus_t to catch particular messages on
charon's bus (for 3.), a backend_t to provide configurations to charon
(for 1.) and some kind of communication mechanism to announce changes in
connection status from your listener, receive your configuration
(updates) and the commands to control your connections from.
Depending on your architecture you might choose dbus as your means of
communication or else unix domain sockets or whatever floats your boat.

Best starting point to write your own plugin is to take an existing one,
strip it down to the bones, and then add the functionality required. The
updown plugin is a nice example how to implement a listener (3.), I'd
take the guts from stroke's backend part (stroke/stroke_config.c) to see
how to implement a backend (1.). And stroke's controller part
(stroke/stroke_control.c) gives you a nice impression of how to
implement a controller (2.). In the end you add your communication
interface to dispatch the messages received to the backend/controller
and you're done.

Regards,

Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkuQ3TsACgkQDXd94wpQmdy/CQCgpzrArNy9r0+wVCwPozu+8jB0
5zAAn0ne8plQknGemVeW9b2NJmtW1CIk
=AIwa
-----END PGP SIGNATURE-----




More information about the Dev mailing list