a2cb2c9cc8
proposal: Add selection flags to clone() method
...
This avoids having to call strip_dh() in child_cfg_t::get_proposals().
It also inverts the ALLOW_PRIVATE flag (i.e. makes it SKIP_PRIVATE) so
nothing has to be supplied to clone complete proposals.
2019-10-24 17:43:21 +02:00
9486a2e5b0
ike-cfg: Pass arguments as struct
2019-04-25 14:31:33 +02:00
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
53827a5fde
load-tester: Start numbering IDs from 1 again
...
ref_get() increments the number before returning it.
Fixes: 2cbaa63295
2018-03-07 15:41:56 +01:00
2ba5dadb12
peer-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
8a00a8452d
child-cfg: Use struct to pass data to constructor
2016-04-09 16:51:01 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
8394ea2a42
libhydra: Move kernel interface to libcharon
...
This moves hydra->kernel_interface to charon->kernel.
2016-03-03 17:36:11 +01:00
45ab5b0fca
load-tester: Support initiating XAuth authentication
...
As with other configuration backends, XAuth is activated with a two round
client authentication using pubkey and xauth. In load-tester, this is configured
with initiator_auth=pubkey|xauth.
Fixes #835 .
2015-02-20 14:04:23 +01:00
22e6a06b8c
mem-pool: Pass the remote IKE address, to re-acquire() an address during reauth
...
With make-before-break IKEv2 re-authentication, virtual IP addresses must be
assigned overlapping to the same peer. With the remote IKE address, the backend
can detect re-authentication attempts by comparing the remote host address and
port. This allows proper reassignment of the virtual IP if it is re-requested.
This change removes the mem-pool.reassign_online option, as it is obsolete now.
IPs get automatically reassigned if a peer re-requests the same address, and
additionally connects from the same address and port.
2015-02-20 13:34:57 +01:00
2cbaa63295
load-tester: Fix race condition issuing same identity
...
Due to an unprotected incrementation, two load-tester initiators occasionally
use the same identifier under high load. The responder typically drops one of
the connections.
Use an atomic incrementation to avoid this race condition.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
2014-04-24 17:54:15 +02:00
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
1dd58b0e21
Fixed some typos
2013-10-29 11:44:23 +01:00
1fd5c7fbac
load-tester: support extended traffic selector syntax, as in leftsubnet
...
In addition the initiator may use %unique as port, using a distinct port for
each connection, starting from 1025.
2013-09-04 10:49:48 +02:00
47b4a51402
load-tester: add an option to test transport/beet connections
2013-09-04 10:49:48 +02:00
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
dd3c243844
Add a load-tester option to keep allocated external address until shutdown
2013-03-21 10:29:23 +01:00
a0f1c4cf29
Add an "esp" load-tester option to configure custom CHILD_SA ESP proposal
2013-03-18 14:30:21 +01:00
d6b6d1ecdb
Support mutliple subnets and ranges as external load-tester addresses
2013-03-11 15:16:13 +01:00
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
a1db77de7c
Use a complete port range in traffic_selector_create_from_{subnet,cidr}
2013-02-21 11:52:33 +01:00
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
d9d0f12222
If load-tester requests a virtual IP, use a dynamic local traffic selector
2012-12-17 14:22:25 +01:00
48828ff0db
Store load-tester address leases in a hashtable for fast removal
2012-11-29 10:22:52 +01:00
d88597f0dd
Don't wait while removing external IPs used for load testing
2012-11-29 10:22:51 +01:00
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
0a54d3e1a1
load-tester can dynamically install a dedicated external IP for each IKE_SA
...
For consistency, the local/remote parameters have been replaced by the
initiator/responder options. As initiator, the initiator option can
be overriden by an addrs section taking key/value pairs with address
pools to use on a specific interface.
2012-11-29 10:22:51 +01:00
c4894cc172
Send certificate requests in load-tester
2012-10-24 13:25:45 +02:00
0f3c5f8502
Add load-tester traffic selector configuration options
2012-10-24 13:25:13 +02:00
b2265a2738
Add a load-tester option to define the IKE version to use for testing
2012-10-24 10:19:33 +02:00
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
db97d67825
Add a load-tester initiator_match option to match custom initiator_id
2012-10-16 13:43:54 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
b223d517c8
Replaced usages of CHARON_*_PORT with calls to get_port().
2012-08-08 15:12:25 +02:00
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
d4078ca796
Load tester can enforce a local IP to use
2012-05-14 10:03:05 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
5ce59d4c06
Added an aggressive mode peer_cfg option
2012-03-20 17:31:34 +01:00
f7a8fcedc0
Use enum to define IKE version on peer_cfg_t.
...
Replaced all those magic numbers.
2012-03-20 17:30:41 +01:00
0b04bdde30
Added a DPD option for load-tester
2011-05-16 15:24:14 +02:00
ac96ca80eb
Added initiator/responder_id load tester options to enforce different identities
2011-05-16 15:24:14 +02:00
187bf24e4d
Migrated load_tester_config to INIT/METHOD macros
2011-05-16 15:24:13 +02:00
Tobias Brunner