[strongSwan-dev] strongswan plugin interface
razvan.ghitulete at gmail.com
Fri Mar 16 14:44:28 CET 2012
If you are just interested in changing the configuration dynamically at
> runtime (in an easier way than to modify ipsec.conf) have a look at the
> sql plugin . This allows you to store the configuration and the
> credentials in a database from which the charon daemon fetches them when
The sql plugin's behaviour was exactly the one that I was trying to
replicate, but without using the actual databases, as this would become
quite troublesome when you are dealing with a rather large number of hosts,
as you have to keep a database for each of these. There would be the
possibility to use a single big database to store all individual host
configs, but this would just end up being a bottleneck (again, for a large
enough number of machines).
> While it is true that the plugins are loaded by the daemon (if that's
> what you mean by "triggered"), they are free to interact with external
> processes however they want. There are lots of examples for this.
I got that from the code, but as the plugins don't actually have a
while(true) loop inside of them, and they are just basically a set of
methods, they are called by the daemon in the end(or at least that's what I
get from the code). Of course you could do this with a signal, but, again I
would like to avoid this as much as possible, because for example in java
you don't have a library to send signals, and you will have to use
something like Runtime.exec().
Also, there is the smp plugin (see ), which was never finished, but
> allows some control of the daemon via XML sent to a TCP socket.
The SMP plugin seems a pretty good starting point, though it is only used
after the connection configurations have been made.
Also, would it be ok, if a plugin, when created, started a running in a
separate thread as far as the charon daemon is concerned? I am asking this
because due to the numerous lines of code, and the Object oriented style
used in the code, cscope is overwhelmed and I can't exactly browse as
extensively as I would want to.
Vrije Universiteit Amsterdam
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev