aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/load_tester
Commit message (Collapse)AuthorAgeFilesLines
* load-tester: Add a crl option to include a CRL uri in generated certificatesMartin Willi2014-06-191-1/+21
|
* kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-171-2/+3
|
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-3/+1
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* load-tester: Fix race condition issuing same SPIChristophe Gouault2014-04-241-2/+2
| | | | | | | | | | Due to an unprotected incrementation, two load-tester initiators occasionally use the same SPI under high load, and hence generate 2 IPsec SAs with the same identifier. The responder IPsec stack will refuse to configure the second SA. Use an atomic incrementation to avoid this race condition. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* load-tester: Fix race condition issuing same identityChristophe Gouault2014-04-241-2/+2
| | | | | | | | | | Due to an unprotected incrementation, two load-tester initiators occasionally use the same identifier under high load. The responder typically drops one of the connections. Use an atomic incrementation to avoid this race condition. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-125-45/+44
|
* Fixed some typosTobias Brunner2013-10-291-1/+1
|
* kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-111-1/+1
|
* kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-111-1/+1
|
* load-tester: Fix crash if private key was not loaded successfullyTobias Brunner2013-09-241-1/+1
| | | | Fixes #417.
* load-tester: support extended traffic selector syntax, as in leftsubnetMartin Willi2013-09-041-13/+168
| | | | | In addition the initiator may use %unique as port, using a distinct port for each connection, starting from 1025.
* load-tester: add an option to test transport/beet connectionsMartin Willi2013-09-041-1/+21
|
* ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-041-5/+4
| | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-041-1/+1
|
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-181-7/+0
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* load-tester: use a stream service to dispatch control connectionsMartin Willi2013-07-182-93/+27
|
* capabilities: Some plugins don't actually require capabilities at runtimeTobias Brunner2013-07-181-1/+1
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-5/+7
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* Use strpfx() helper where appropriateTobias Brunner2013-07-081-1/+1
|
* capabilities: CAP_CHOWN might be required by many plugins opening UNIX socketsTobias Brunner2013-06-251-0/+6
| | | | | But as the sockets will be created with the user/group of the running process this might not be required as no change may be needed.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-251-2/+2
|
* kernel-interface: add an exchange initiator parameter to add_sa()Martin Willi2013-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new flag gives the kernel-interface a hint how it should priorize the use of newly installed SAs during rekeying. Consider the following rekey procedure in IKEv2: Initiator --- Responder I1 -------CREATE-------> R1 I2 <------CREATE-------- -------DELETE-------> R2 I3 <------DELETE-------- SAs are always handled as pairs, the following happens at the SA level: * Initiator starts the exchange at I1 * Responder installs new SA pair at R1 * Initiator installs new SA pair at I2 * Responder removes old SA pair at R2 * Initiator removes old SA pair at I3 This makes sure SAs get installed/removed overlapping during rekeying. However, to avoid any packet loss, it is crucial that the new outbound SA gets activated at the correct position: * as exchange initiator, in I2 * as exchange responder, in R2 This should guarantee that we don't use the new outbound SA before the peer could install its corresponding inbound SA. The new parameter allows the kernel backend to install the new SA with appropriate priorities, i.e. it should: * as exchange inititator, have the new outbound SA installed with higher priority than the old SA * as exchange responder, have the new outbound SA installed with lower priority than the old SA While we could split up the SA installation at the responder, this approach has another advantage: it allows the kernel backend to switch SAs based on other criteria, for example when receiving traffic on the new inbound SA.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-061-1/+1
|
* Add a load-tester option to keep allocated external address until shutdownMartin Willi2013-03-212-1/+50
|
* Add an "esp" load-tester option to configure custom CHILD_SA ESP proposalMartin Willi2013-03-181-3/+16
|
* kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-141-2/+2
|
* Support mutliple subnets and ranges as external load-tester addressesMartin Willi2013-03-111-15/+59
|
* Merge branch 'opaque-ports'Martin Willi2013-03-011-1/+1
|\ | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-211-1/+1
| |
* | Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-2/+2
|/
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-121-2/+4
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-2/+2
|
* If load-tester requests a virtual IP, use a dynamic local traffic selectorMartin Willi2012-12-171-2/+8
|
* Store load-tester address leases in a hashtable for fast removalMartin Willi2012-11-291-24/+81
|
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-291-1/+1
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-29/+13
| | | | required
* load-tester can dynamically install a dedicated external IP for each IKE_SAMartin Willi2012-11-295-15/+220
| | | | | | | For consistency, the local/remote parameters have been replaced by the initiator/responder options. As initiator, the initiator option can be overriden by an addrs section taking key/value pairs with address pools to use on a specific interface.
* Add a delay option to load-tester socketMartin Willi2012-11-292-7/+11
|
* Indicate message retransmissions while initiating load-test batchesMartin Willi2012-11-291-0/+26
|
* Initiate each load-testing connection with a fresh peer configMartin Willi2012-11-291-19/+23
|
* Initiate IKE_SAs trigger over load-tester socket in parallelMartin Willi2012-11-291-9/+145
|
* Add a simple load-tester utility to initiate over control socketMartin Willi2012-11-293-0/+108
|
* Add a load-tester control socket to manually trigger initiationMartin Willi2012-11-294-1/+271
|
* Send certificate requests in load-testerMartin Willi2012-10-241-2/+2
|
* Add load-tester traffic selector configuration optionsMartin Willi2012-10-241-5/+67
|
* Add a load-tester option to define the IKE version to use for testingMartin Willi2012-10-241-2/+9
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-1/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-3/+4
|
* Remove unused this parameter to load_issuer_cert/key(), as it is uninitializedMartin Willi2012-10-161-4/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 08:28:37 +0000