Tobias Brunner
f6aafb3005
Fixed some typos, courtesy of codespell
...
Main change is the conversion from the British cancelling/-ed to the
American canceling/-ed.
2021-06-25 11:32:29 +02:00
Tobias Brunner
f3f93cade9
load-tester: Also request a virtual IPv6 address
...
Fixes #3595 .
2020-10-27 16:40:38 +01:00
Tobias Brunner
1d232d4954
load-tester: Use appropriate family to request addresses from source IP pools
...
Looks like this wasn't necessary before 40e9089889
("Strictly enforce
address family match while acquiring mem_pool IPs").
Fixes #3595 .
2020-10-27 16:40:05 +01:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
a2cb2c9cc8
proposal: Add selection flags to clone() method
...
This avoids having to call strip_dh() in child_cfg_t::get_proposals().
It also inverts the ALLOW_PRIVATE flag (i.e. makes it SKIP_PRIVATE) so
nothing has to be supplied to clone complete proposals.
2019-10-24 17:43:21 +02:00
Tobias Brunner
9486a2e5b0
ike-cfg: Pass arguments as struct
2019-04-25 14:31:33 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
53827a5fde
load-tester: Start numbering IDs from 1 again
...
ref_get() increments the number before returning it.
Fixes: 2cbaa63295
("load-tester: Fix race condition issuing same identity")
2018-03-07 15:41:56 +01:00
Tobias Brunner
2ba5dadb12
peer-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
Tobias Brunner
8a00a8452d
child-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
8394ea2a42
libhydra: Move kernel interface to libcharon
...
This moves hydra->kernel_interface to charon->kernel.
2016-03-03 17:36:11 +01:00
Martin Willi
45ab5b0fca
load-tester: Support initiating XAuth authentication
...
As with other configuration backends, XAuth is activated with a two round
client authentication using pubkey and xauth. In load-tester, this is configured
with initiator_auth=pubkey|xauth.
Fixes #835 .
2015-02-20 14:04:23 +01:00
Martin Willi
22e6a06b8c
mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth
...
With make-before-break IKEv2 re-authentication, virtual IP addresses must be
assigned overlapping to the same peer. With the remote IKE address, the backend
can detect re-authentication attempts by comparing the remote host address and
port. This allows proper reassignment of the virtual IP if it is re-requested.
This change removes the mem-pool.reassign_online option, as it is obsolete now.
IPs get automatically reassigned if a peer re-requests the same address, and
additionally connects from the same address and port.
2015-02-20 13:34:57 +01:00
Christophe Gouault
2cbaa63295
load-tester: Fix race condition issuing same identity
...
Due to an unprotected incrementation, two load-tester initiators occasionally
use the same identifier under high load. The responder typically drops one of
the connections.
Use an atomic incrementation to avoid this race condition.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
2014-04-24 17:54:15 +02:00
Tobias Brunner
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
Tobias Brunner
1dd58b0e21
Fixed some typos
2013-10-29 11:44:23 +01:00
Martin Willi
1fd5c7fbac
load-tester: support extended traffic selector syntax, as in leftsubnet
...
In addition the initiator may use %unique as port, using a distinct port for
each connection, starting from 1025.
2013-09-04 10:49:48 +02:00
Martin Willi
47b4a51402
load-tester: add an option to test transport/beet connections
2013-09-04 10:49:48 +02:00
Martin Willi
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
Martin Willi
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
Tobias Brunner
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
Martin Willi
dd3c243844
Add a load-tester option to keep allocated external address until shutdown
2013-03-21 10:29:23 +01:00
Martin Willi
a0f1c4cf29
Add an "esp" load-tester option to configure custom CHILD_SA ESP proposal
2013-03-18 14:30:21 +01:00
Martin Willi
d6b6d1ecdb
Support mutliple subnets and ranges as external load-tester addresses
2013-03-11 15:16:13 +01:00
Martin Willi
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
Martin Willi
a1db77de7c
Use a complete port range in traffic_selector_create_from_{subnet,cidr}
2013-02-21 11:52:33 +01:00
Martin Willi
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Martin Willi
d9d0f12222
If load-tester requests a virtual IP, use a dynamic local traffic selector
2012-12-17 14:22:25 +01:00
Martin Willi
48828ff0db
Store load-tester address leases in a hashtable for fast removal
2012-11-29 10:22:52 +01:00
Martin Willi
d88597f0dd
Don't wait while removing external IPs used for load testing
2012-11-29 10:22:51 +01:00
Martin Willi
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
Martin Willi
0a54d3e1a1
load-tester can dynamically install a dedicated external IP for each IKE_SA
...
For consistency, the local/remote parameters have been replaced by the
initiator/responder options. As initiator, the initiator option can
be overriden by an addrs section taking key/value pairs with address
pools to use on a specific interface.
2012-11-29 10:22:51 +01:00
Martin Willi
c4894cc172
Send certificate requests in load-tester
2012-10-24 13:25:45 +02:00
Martin Willi
0f3c5f8502
Add load-tester traffic selector configuration options
2012-10-24 13:25:13 +02:00
Martin Willi
b2265a2738
Add a load-tester option to define the IKE version to use for testing
2012-10-24 10:19:33 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Martin Willi
db97d67825
Add a load-tester initiator_match option to match custom initiator_id
2012-10-16 13:43:54 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Tobias Brunner
b223d517c8
Replaced usages of CHARON_*_PORT with calls to get_port().
2012-08-08 15:12:25 +02:00
Tobias Brunner
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
Andreas Steffen
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
Andreas Steffen
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
Martin Willi
d4078ca796
Load tester can enforce a local IP to use
2012-05-14 10:03:05 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
5ce59d4c06
Added an aggressive mode peer_cfg option
2012-03-20 17:31:34 +01:00