aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/load_tester
Commit message (Collapse)AuthorAgeFilesLines
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-181-7/+0
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-181-1/+1
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-5/+7
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* Use strpfx() helper where appropriateTobias Brunner2013-07-081-1/+1
|
* capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-251-0/+6
| | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-251-2/+2
|
* kernel-interface: add an exchange initiator parameter to add_sa()Martin Willi2013-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new flag gives the kernel-interface a hint how it should priorize the use of newly installed SAs during rekeying. Consider the following rekey procedure in IKEv2: Initiator --- Responder I1 -------CREATE-------> R1 I2 <------CREATE-------- -------DELETE-------> R2 I3 <------DELETE-------- SAs are always handled as pairs, the following happens at the SA level: * Initiator starts the exchange at I1 * Responder installs new SA pair at R1 * Initiator installs new SA pair at I2 * Responder removes old SA pair at R2 * Initiator removes old SA pair at I3 This makes sure SAs get installed/removed overlapping during rekeying. However, to avoid any packet loss, it is crucial that the new outbound SA gets activated at the correct position: * as exchange initiator, in I2 * as exchange responder, in R2 This should guarantee that we don't use the new outbound SA before the peer could install its corresponding inbound SA. The new parameter allows the kernel backend to install the new SA with appropriate priorities, i.e. it should: * as exchange inititator, have the new outbound SA installed with higher priority than the old SA * as exchange responder, have the new outbound SA installed with lower priority than the old SA While we could split up the SA installation at the responder, this approach has another advantage: it allows the kernel backend to switch SAs based on other criteria, for example when receiving traffic on the new inbound SA.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-061-1/+1
|
* Add a load-tester option to keep allocated external address until shutdownMartin Willi2013-03-212-1/+50
|
* Add an "esp" load-tester option to configure custom CHILD_SA ESP proposalMartin Willi2013-03-181-3/+16
|
* kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-141-2/+2
|
* Support mutliple subnets and ranges as external load-tester addressesMartin Willi2013-03-111-15/+59
|
* Merge branch 'opaque-ports'Martin Willi2013-03-011-1/+1
|\ | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-211-1/+1
| |
* | Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-2/+2
|/
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-121-2/+4
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-2/+2
|
* If load-tester requests a virtual IP, use a dynamic local traffic selectorMartin Willi2012-12-171-2/+8
|
* Store load-tester address leases in a hashtable for fast removalMartin Willi2012-11-291-24/+81
|
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-291-1/+1
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-29/+13
| | | | required
* load-tester can dynamically install a dedicated external IP for each IKE_SAMartin Willi2012-11-295-15/+220
| | | | | | | For consistency, the local/remote parameters have been replaced by the initiator/responder options. As initiator, the initiator option can be overriden by an addrs section taking key/value pairs with address pools to use on a specific interface.
* Add a delay option to load-tester socketMartin Willi2012-11-292-7/+11
|
* Indicate message retransmissions while initiating load-test batchesMartin Willi2012-11-291-0/+26
|
* Initiate each load-testing connection with a fresh peer configMartin Willi2012-11-291-19/+23
|
* Initiate IKE_SAs trigger over load-tester socket in parallelMartin Willi2012-11-291-9/+145
|
* Add a simple load-tester utility to initiate over control socketMartin Willi2012-11-293-0/+108
|
* Add a load-tester control socket to manually trigger initiationMartin Willi2012-11-294-1/+271
|
* Send certificate requests in load-testerMartin Willi2012-10-241-2/+2
|
* Add load-tester traffic selector configuration optionsMartin Willi2012-10-241-5/+67
|
* Add a load-tester option to define the IKE version to use for testingMartin Willi2012-10-241-2/+9
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-1/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-3/+4
|
* Remove unused this parameter to load_issuer_cert/key(), as it is uninitializedMartin Willi2012-10-161-4/+4
|
* Generate a load-tester certificate only for DN or subjectAltName identitiesMartin Willi2012-10-161-7/+17
|
* Add a load-tester initiator_match option to match custom initiator_idMartin Willi2012-10-161-2/+15
|
* Encode non-DN load-tester identities as subjectAltNamesMartin Willi2012-10-161-1/+16
|
* Add a load-tester digest option for issuing peer certificatesMartin Willi2012-10-161-1/+16
|
* Load a multiple load-tester CA certificates from a directoryMartin Willi2012-10-161-4/+63
|
* Added load-tester options to read issuing CA certificate and key from filesMartin Willi2012-10-161-7/+45
|
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-1/+5
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-1/+4
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+1
|
* Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.Tobias Brunner2012-08-081-7/+2
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+1
| | | | configurable.
* implemented the right|leftallowany featureAndreas Steffen2012-06-081-2/+4
|
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-171-1/+9
|
* Register load-tester faked kernel interface before other kernel interfacesMartin Willi2012-05-141-8/+9
|
* Load tester can enforce a local IP to useMartin Willi2012-05-141-2/+9
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 21:41:28 +0000