ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,934 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

62 Commits

Author SHA1 Message Date
Tobias Brunner f6aafb3005 Fixed some typos, courtesy of codespell 
Main change is the conversion from the British cancelling/-ed to the
American canceling/-ed.
 2021-06-25 11:32:29 +02:00
Tobias Brunner f3f93cade9 load-tester: Also request a virtual IPv6 address 
Fixes #3595.
 2020-10-27 16:40:38 +01:00
Tobias Brunner 1d232d4954 load-tester: Use appropriate family to request addresses from source IP pools 
Looks like this wasn't necessary before 40e9089889 ("Strictly enforce
address family match while acquiring mem_pool IPs").

Fixes #3595.
 2020-10-27 16:40:05 +01:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner a2cb2c9cc8 proposal: Add selection flags to clone() method 
This avoids having to call strip_dh() in child_cfg_t::get_proposals().
It also inverts the ALLOW_PRIVATE flag (i.e. makes it SKIP_PRIVATE) so
nothing has to be supplied to clone complete proposals.
 2019-10-24 17:43:21 +02:00
Tobias Brunner 9486a2e5b0 ike-cfg: Pass arguments as struct 2019-04-25 14:31:33 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner 53827a5fde load-tester: Start numbering IDs from 1 again 
ref_get() increments the number before returning it.

Fixes: 2cbaa63295 ("load-tester: Fix race condition issuing same identity")
 2018-03-07 15:41:56 +01:00
Tobias Brunner 2ba5dadb12 peer-cfg: Use struct to pass data to constructor 2016-04-09 16:51:01 +02:00
Tobias Brunner 8a00a8452d child-cfg: Use struct to pass data to constructor 2016-04-09 16:51:01 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 8394ea2a42 libhydra: Move kernel interface to libcharon 
This moves hydra->kernel_interface to charon->kernel.
 2016-03-03 17:36:11 +01:00
Martin Willi 45ab5b0fca load-tester: Support initiating XAuth authentication 
As with other configuration backends, XAuth is activated with a two round
client authentication using pubkey and xauth. In load-tester, this is configured
with initiator_auth=pubkey|xauth.

Fixes #835.
 2015-02-20 14:04:23 +01:00
Martin Willi 22e6a06b8c mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth 
With make-before-break IKEv2 re-authentication, virtual IP addresses must be
assigned overlapping to the same peer. With the remote IKE address, the backend
can detect re-authentication attempts by comparing the remote host address and
port. This allows proper reassignment of the virtual IP if it is re-requested.

This change removes the mem-pool.reassign_online option, as it is obsolete now.
IPs get automatically reassigned if a peer re-requests the same address, and
additionally connects from the same address and port.
 2015-02-20 13:34:57 +01:00
Christophe Gouault 2cbaa63295 load-tester: Fix race condition issuing same identity 
Due to an unprotected incrementation, two load-tester initiators occasionally
use the same identifier under high load. The responder typically drops one of
the connections.

Use an atomic incrementation to avoid this race condition.

Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
 2014-04-24 17:54:15 +02:00
Tobias Brunner d223fe807a libcharon: Use lib->ns instead of charon->name 2014-02-12 14:34:32 +01:00
Tobias Brunner 1dd58b0e21 Fixed some typos 2013-10-29 11:44:23 +01:00
Martin Willi 1fd5c7fbac load-tester: support extended traffic selector syntax, as in leftsubnet 
In addition the initiator may use %unique as port, using a distinct port for
each connection, starting from 1025.
 2013-09-04 10:49:48 +02:00
Martin Willi 47b4a51402 load-tester: add an option to test transport/beet connections 2013-09-04 10:49:48 +02:00
Martin Willi 3070697f9f ike: support multiple addresses, ranges and subnets in IKE address config 
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
 2013-09-04 10:38:37 +02:00
Martin Willi 9aeaa7396e peer-cfg: add a pull/push mode option to use with mode config 2013-09-04 10:33:37 +02:00
Tobias Brunner d27f225d9a Use strpfx() helper where appropriate 2013-07-08 18:49:30 +02:00
Martin Willi dd3c243844 Add a load-tester option to keep allocated external address until shutdown 2013-03-21 10:29:23 +01:00
Martin Willi a0f1c4cf29 Add an "esp" load-tester option to configure custom CHILD_SA ESP proposal 2013-03-18 14:30:21 +01:00
Martin Willi d6b6d1ecdb Support mutliple subnets and ranges as external load-tester addresses 2013-03-11 15:16:13 +01:00
Martin Willi a36b49f3cb Merge branch 'opaque-ports' 
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
 2013-03-01 11:27:12 +01:00
Martin Willi a1db77de7c Use a complete port range in traffic_selector_create_from_{subnet,cidr} 2013-02-21 11:52:33 +01:00
Martin Willi 306a269e34 Add a DSCP configuration value to IKE configs 2013-02-06 15:20:32 +01:00
Tobias Brunner 365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00
Tobias Brunner 97973f8609 Use a connection specific option to en-/disable IKEv1 fragmentation 2012-12-24 13:00:01 +01:00
Martin Willi d9d0f12222 If load-tester requests a virtual IP, use a dynamic local traffic selector 2012-12-17 14:22:25 +01:00
Martin Willi 48828ff0db Store load-tester address leases in a hashtable for fast removal 2012-11-29 10:22:52 +01:00
Martin Willi d88597f0dd Don't wait while removing external IPs used for load testing 2012-11-29 10:22:51 +01:00
Martin Willi b185cdd16d Install virtual IPs via interface name, and use an interface lookup where required 2012-11-29 10:22:51 +01:00
Martin Willi 0a54d3e1a1 load-tester can dynamically install a dedicated external IP for each IKE_SA 
For consistency, the local/remote parameters have been replaced by the
initiator/responder options. As initiator, the initiator option can
be overriden by an addrs section taking key/value pairs with address
pools to use on a specific interface.
 2012-11-29 10:22:51 +01:00
Martin Willi c4894cc172 Send certificate requests in load-tester 2012-10-24 13:25:45 +02:00
Martin Willi 0f3c5f8502 Add load-tester traffic selector configuration options 2012-10-24 13:25:13 +02:00
Martin Willi b2265a2738 Add a load-tester option to define the IKE version to use for testing 2012-10-24 10:19:33 +02:00
Martin Willi 1fdd62ffce Remove version argument on peer_cfg constructor, use ike_cfg version instead 2012-10-24 10:19:33 +02:00
Martin Willi 9fc7cc6f9b Add IKE version information to ike_cfg_t 2012-10-24 10:18:35 +02:00
Martin Willi db97d67825 Add a load-tester initiator_match option to match custom initiator_id 2012-10-16 13:43:54 +02:00
Martin Willi 497ce2cf51 Support multiple address pools configured on a peer_cfg 2012-08-30 16:43:42 +02:00
Martin Willi 101d26babe Support multiple virtual IPs on peer_cfg and ike_sa classes 2012-08-30 16:43:42 +02:00
Tobias Brunner b223d517c8 Replaced usages of CHARON_*_PORT with calls to get_port(). 2012-08-08 15:12:25 +02:00
Tobias Brunner e7ea057fd2 Make the UDP ports charon listens for packets on (and uses as source ports) configurable. 2012-08-08 15:07:43 +02:00
Andreas Steffen 1d315bddd3 implemented the right|leftallowany feature 2012-06-08 21:24:41 +02:00
Andreas Steffen 80c5b17d1a make IKEv1 DPD timeout configurable in charon 2012-05-17 19:49:22 +02:00
Martin Willi d4078ca796 Load tester can enforce a local IP to use 2012-05-14 10:03:05 +02:00
Tobias Brunner 42500c274a Use name from initialization to access settings in libcharon. 
Also fixes several whitespace errors.
 2012-05-03 13:57:04 +02:00
Martin Willi 5ce59d4c06 Added an aggressive mode peer_cfg option 2012-03-20 17:31:34 +01:00