[strongSwan-dev] strongswan plugin interface

Ghitulete Razvan razvan.ghitulete at gmail.com
Fri Mar 16 14:44:28 CET 2012 

Hi Tobias,

If you are just interested in changing the configuration dynamically at
> runtime (in an easier way than to modify ipsec.conf) have a look at the
> sql plugin [1].  This allows you to store the configuration and the
> credentials in a database from which the charon daemon fetches them when
> needed.

    The sql plugin's behaviour was exactly the one that I was trying to
replicate, but without using the actual databases, as this would become
quite troublesome when you are dealing with a rather large number of hosts,
as you have to keep a database for each of these. There would be the
possibility to use a single big database to store all individual host
configs, but this would just end up being a bottleneck (again, for a large
enough number of machines).


> While it is true that the plugins are loaded by the daemon (if that's
> what you mean by "triggered"), they are free to interact with external
> processes however they want.  There are lots of examples for this.
>
I got that from the code, but as the plugins don't actually have a
while(true) loop inside of them, and they are just basically a set of
methods, they are called by the daemon in the end(or at least that's what I
get from the code). Of course you could do this with a signal, but, again I
would like to avoid this as much as possible, because for example in java
you don't have a library to send signals, and you will have to use
something like Runtime.exec().

  Also, there is the smp plugin (see [2]), which was never finished, but
> allows some control of the daemon via XML sent to a TCP socket.

The SMP plugin seems a pretty good starting point, though it is only used
after the connection configurations have been made.

Also, would it be ok, if a plugin, when created, started a running in a
separate thread as far as the charon daemon is concerned? I am asking this
because due to the numerous lines of code, and the Object oriented style
used in the code, cscope is overwhelmed and I can't exactly browse as
extensively as I would want to.


-- 
Razvan Ghitulete
Vrije Universiteit Amsterdam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20120316/e6e750ab/attachment.html>

More information about the Dev mailing list