diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-02-28 22:02:31 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-02-28 22:02:31 +0000 |
| commit | 19364e11c66714324bd3d5d0dc9212db397085cb (patch) | |
| tree | fe7f5e55f0474dad1d0c29ba7c0a6f4546c99c3a /src/charon/plugins/load_tester | |
| parent | c7f1b0530b85bc7654e68992f25ed8ced5d0a80d (diff) | |
| download | vyos-strongswan-19364e11c66714324bd3d5d0dc9212db397085cb.tar.gz vyos-strongswan-19364e11c66714324bd3d5d0dc9212db397085cb.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.12)
Diffstat (limited to 'src/charon/plugins/load_tester')
| -rw-r--r-- | src/charon/plugins/load_tester/Makefile.am | 3 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/Makefile.in | 25 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_config.c | 141 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_creds.c | 172 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_diffie_hellman.c | 69 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_diffie_hellman.h | 50 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_listener.c | 37 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_listener.h | 5 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_plugin.c | 130 |
9 files changed, 504 insertions, 128 deletions
diff --git a/src/charon/plugins/load_tester/Makefile.am b/src/charon/plugins/load_tester/Makefile.am index 88a6b688c..121f0b080 100644 --- a/src/charon/plugins/load_tester/Makefile.am +++ b/src/charon/plugins/load_tester/Makefile.am @@ -10,7 +10,8 @@ libstrongswan_load_tester_la_SOURCES = \ load_tester_config.c load_tester_config.h \ load_tester_creds.c load_tester_creds.h \ load_tester_ipsec.c load_tester_ipsec.h \ - load_tester_listener.c load_tester_listener.h + load_tester_listener.c load_tester_listener.h \ + load_tester_diffie_hellman.c load_tester_diffie_hellman.h libstrongswan_load_tester_la_LDFLAGS = -module diff --git a/src/charon/plugins/load_tester/Makefile.in b/src/charon/plugins/load_tester/Makefile.in index a0a749b87..5a24e83e9 100644 --- a/src/charon/plugins/load_tester/Makefile.in +++ b/src/charon/plugins/load_tester/Makefile.in @@ -52,7 +52,8 @@ LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_load_tester_la_LIBADD = am_libstrongswan_load_tester_la_OBJECTS = load_tester_plugin.lo \ load_tester_config.lo load_tester_creds.lo \ - load_tester_ipsec.lo load_tester_listener.lo + load_tester_ipsec.lo load_tester_listener.lo \ + load_tester_diffie_hellman.lo libstrongswan_load_tester_la_OBJECTS = \ $(am_libstrongswan_load_tester_la_OBJECTS) libstrongswan_load_tester_la_LINK = $(LIBTOOL) --tag=CC \ @@ -88,22 +89,17 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ -ECHO = @ECHO@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GPERF = @GPERF@ GREP = @GREP@ INSTALL = @INSTALL@ @@ -113,6 +109,7 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ @@ -121,12 +118,16 @@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LINUX_HEADERS = @LINUX_HEADERS@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +NM = @NM@ NMEDIT = @NMEDIT@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ @@ -149,8 +150,7 @@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -189,6 +189,7 @@ libstrongswan_plugins = @libstrongswan_plugins@ linuxdir = @linuxdir@ localedir = @localedir@ localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ @@ -220,7 +221,8 @@ libstrongswan_load_tester_la_SOURCES = \ load_tester_config.c load_tester_config.h \ load_tester_creds.c load_tester_creds.h \ load_tester_ipsec.c load_tester_ipsec.h \ - load_tester_listener.c load_tester_listener.h + load_tester_listener.c load_tester_listener.h \ + load_tester_diffie_hellman.c load_tester_diffie_hellman.h libstrongswan_load_tester_la_LDFLAGS = -module all: all-am @@ -294,6 +296,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load_tester_config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load_tester_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load_tester_diffie_hellman.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load_tester_ipsec.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load_tester_listener.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load_tester_plugin.Plo@am__quote@ diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c index 8e93d24bb..f3cd33b61 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/charon/plugins/load_tester/load_tester_config.c @@ -35,9 +35,89 @@ struct private_load_tester_config_t { * peer config */ peer_cfg_t *peer_cfg; + + /** + * virtual IP, if any + */ + host_t *vip; + + /** + * Remote address + */ + char *remote; + + /** + * IP address pool + */ + char *pool; + + /** + * IKE proposal + */ + proposal_t *proposal; + + /** + * Authentication method to use + */ + auth_class_t class; + + /** + * incremental numbering of generated configs + */ + u_int num; }; /** + * Generate a new initiator config, num = 0 for responder config + */ +static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) +{ + ike_cfg_t *ike_cfg; + child_cfg_t *child_cfg; + peer_cfg_t *peer_cfg; + traffic_selector_t *ts; + auth_info_t *auth; + identification_t *local, *remote; + proposal_t *proposal; + char buf[128]; + + if (num) + { /* initiator */ + snprintf(buf, sizeof(buf), "CN=cli-%d, OU=load-test, O=strongSwan", num); + local = identification_create_from_string(buf); + snprintf(buf, sizeof(buf), "CN=srv, OU=load-test, O=strongSwan", num); + remote = identification_create_from_string(buf); + } + else + { /* responder */ + local = identification_create_from_string( + "CN=srv, OU=load-test, O=strongSwan"); + remote = identification_create_from_string( + "CN=*, OU=load-test, O=strongSwan"); + } + + ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote); + ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); + peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, local, remote, + CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */ + 0, 0, FALSE, 0, /* jitter, overtime, mobike, dpddelay */ + this->vip ? this->vip->clone(this->vip) : NULL, + this->pool, FALSE, NULL, NULL); + auth = peer_cfg->get_auth(peer_cfg); + auth->add_item(auth, AUTHN_AUTH_CLASS, &this->class); + child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE, + MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); + proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); + child_cfg->add_proposal(child_cfg, proposal); + ts = traffic_selector_create_dynamic(0, 0, 65535); + child_cfg->add_traffic_selector(child_cfg, TRUE, ts); + ts = traffic_selector_create_dynamic(0, 0, 65535); + child_cfg->add_traffic_selector(child_cfg, FALSE, ts); + peer_cfg->add_child_cfg(peer_cfg, child_cfg); + return peer_cfg; +} + +/** * Implementation of backend_t.create_peer_cfg_enumerator. */ static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this, @@ -67,7 +147,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this, { if (streq(name, "load-test")) { - return this->peer_cfg->get_ref(this->peer_cfg);; + return generate_config(this, this->num++); } return NULL; } @@ -78,6 +158,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this, static void destroy(private_load_tester_config_t *this) { this->peer_cfg->destroy(this->peer_cfg); + DESTROY_IF(this->proposal); + DESTROY_IF(this->vip); free(this); } @@ -87,56 +169,45 @@ static void destroy(private_load_tester_config_t *this) load_tester_config_t *load_tester_config_create() { private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t); - ike_cfg_t *ike_cfg; - child_cfg_t *child_cfg; - proposal_t *proposal; - traffic_selector_t *ts; - auth_info_t *auth; - auth_class_t class; - char *remote, *pool; - host_t *vip = NULL; + char *authstr; this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(load_tester_config_t*))destroy; + this->vip = NULL; if (lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.request_virtual_ip", FALSE)) { - vip = host_create_from_string("0.0.0.0", 0); + this->vip = host_create_from_string("0.0.0.0", 0); } - pool = lib->settings->get_str(lib->settings, + this->pool = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.pool", NULL); - remote = lib->settings->get_str(lib->settings, + this->remote = lib->settings->get_str(lib->settings, "charon.plugins.load_tester.remote", "127.0.0.1"); - ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", remote); - proposal = proposal_create_from_string(PROTO_IKE, + + this->proposal = proposal_create_from_string(PROTO_IKE, lib->settings->get_str(lib->settings, "charon.plugins.load_tester.proposal", "aes128-sha1-modp768")); - if (!proposal) + if (!this->proposal) { /* fallback */ - proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha1-modp768"); + this->proposal = proposal_create_from_string(PROTO_IKE, + "aes128-sha1-modp768"); } - ike_cfg->add_proposal(ike_cfg, proposal); - this->peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, - identification_create_from_string("load-test@strongswan.org"), - identification_create_from_string("load-test@strongswan.org"), - CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */ - 0, 0, TRUE, 60, /* jitter, overtime, mobike, dpddelay */ - vip, pool, FALSE, NULL, NULL); - auth = this->peer_cfg->get_auth(this->peer_cfg); - class = AUTH_CLASS_PUBKEY; - auth->add_item(auth, AUTHN_AUTH_CLASS, &class); - child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE, - MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); - proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); - child_cfg->add_proposal(child_cfg, proposal); - ts = traffic_selector_create_dynamic(0, 0, 65535); - child_cfg->add_traffic_selector(child_cfg, TRUE, ts); - ts = traffic_selector_create_dynamic(0, 0, 65535); - child_cfg->add_traffic_selector(child_cfg, FALSE, ts); - this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg); + authstr = lib->settings->get_str(lib->settings, + "charon.plugins.load_tester.auth", "pubkey"); + if (streq(authstr, "psk")) + { + this->class = AUTH_CLASS_PSK; + } + else + { + this->class = AUTH_CLASS_PUBKEY; + } + + this->num = 1; + this->peer_cfg = generate_config(this, 0); return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/charon/plugins/load_tester/load_tester_creds.c index ec69a1ac9..476a90b9f 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.c +++ b/src/charon/plugins/load_tester/load_tester_creds.c @@ -17,8 +17,11 @@ #include "load_tester_creds.h" +#include <time.h> + #include <daemon.h> #include <credentials/keys/shared_key.h> +#include <credentials/certificates/x509.h> #include <utils/identification.h> typedef struct private_load_tester_creds_t private_load_tester_creds_t; @@ -38,9 +41,24 @@ struct private_load_tester_creds_t { private_key_t *private; /** - * Trusted certificate to verify signatures + * CA certificate, to issue/verify peer certificates + */ + certificate_t *ca; + + /** + * serial number to issue certificates + */ + u_int32_t serial; + + /** + * Preshared key + */ + shared_key_t *shared; + + /** + * Identification for shared key */ - certificate_t *cert; + identification_t *id; }; /** @@ -106,28 +124,33 @@ static char private[] = { /** * And an associated self-signed certificate -----BEGIN CERTIFICATE----- -MIIB2zCCAUSgAwIBAgIRAKmSLQc+3QV4WswVkpxqY5kwDQYJKoZIhvcNAQEFBQAw -FzEVMBMGA1UEAxMMbG9hZC10ZXN0aW5nMB4XDTA4MTAyMTEyNDk0MFoXDTEzMTAy -MDEyNDk0MFowFzEVMBMGA1UEAxMMbG9hZC10ZXN0aW5nMIGfMA0GCSqGSIb3DQEB +MIIB9DCCAV2gAwIBAgIBADANBgkqhkiG9w0BAQUFADA3MQwwCgYDVQQDEwNzcnYx +EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0wODEy +MDgxODU4NDhaFw0xODEyMDYxODU4NDhaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE +CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID -AQABoycwJTAjBgNVHREEHDAagRhsb2FkLXRlc3RAc3Ryb25nc3dhbi5vcmcwDQYJ -KoZIhvcNAQEFBQADgYEATyQ3KLVU13Q3U3uZZtQL56rm680wMLu0+2z164PnxcTu -Donp19AwPfvl4y0kjCdQYqUA6NXczub40ZrCMfmZEbVarW9oAys9lWef8sqfW0pv -asNWsTOOwgg4gcASh1VCYsMX73C8R1pegWM/btyX2SEa7+R1rBEZwHVtIxgFcnM= +AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF39Xedyk2wj +qOcaaZ7ypb8RDlLvS0uaJMVtLtIhtb2weMMlgdmOnKXEYrJL2/mbp14Fhe+XYME9 +nZLAnmUnX8bQWCsQlajb7YGE8w6QDMwXUVgSXTMhRl+PRX2CMIUzU21h1EIx65Po +CwMLbJ7vQqwPHXRitDmNkEOK9H+vRnDf -----END CERTIFICATE----- + */ -static char cert[] = { - 0x30,0x82,0x01,0xdb,0x30,0x82,0x01,0x44,0xa0,0x03,0x02,0x01,0x02,0x02,0x11,0x00, - 0xa9,0x92,0x2d,0x07,0x3e,0xdd,0x05,0x78,0x5a,0xcc,0x15,0x92,0x9c,0x6a,0x63,0x99, +char cert[] = { + 0x30,0x82,0x01,0xf4,0x30,0x82,0x01,0x5d,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30, - 0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x13,0x0c,0x6c,0x6f,0x61,0x64, - 0x2d,0x74,0x65,0x73,0x74,0x69,0x6e,0x67,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x30, - 0x32,0x31,0x31,0x32,0x34,0x39,0x34,0x30,0x5a,0x17,0x0d,0x31,0x33,0x31,0x30,0x32, - 0x30,0x31,0x32,0x34,0x39,0x34,0x30,0x5a,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03, - 0x55,0x04,0x03,0x13,0x0c,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x69,0x6e, - 0x67,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, + 0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31, + 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74, + 0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74, + 0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x32, + 0x30,0x38,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x17,0x0d,0x31,0x38,0x31,0x32,0x30, + 0x36,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03, + 0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04, + 0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11, + 0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61, + 0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, 0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e, 0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b, 0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04, @@ -137,18 +160,25 @@ static char cert[] = { 0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7, 0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06, 0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03, - 0x01,0x00,0x01,0xa3,0x27,0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x11,0x04,0x1c, - 0x30,0x1a,0x81,0x18,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x40,0x73,0x74, - 0x72,0x6f,0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f,0x72,0x67,0x30,0x0d,0x06,0x09, - 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x4f, - 0x24,0x37,0x28,0xb5,0x54,0xd7,0x74,0x37,0x53,0x7b,0x99,0x66,0xd4,0x0b,0xe7,0xaa, - 0xe6,0xeb,0xcd,0x30,0x30,0xbb,0xb4,0xfb,0x6c,0xf5,0xeb,0x83,0xe7,0xc5,0xc4,0xee, - 0x0e,0x89,0xe9,0xd7,0xd0,0x30,0x3d,0xfb,0xe5,0xe3,0x2d,0x24,0x8c,0x27,0x50,0x62, - 0xa5,0x00,0xe8,0xd5,0xdc,0xce,0xe6,0xf8,0xd1,0x9a,0xc2,0x31,0xf9,0x99,0x11,0xb5, - 0x5a,0xad,0x6f,0x68,0x03,0x2b,0x3d,0x95,0x67,0x9f,0xf2,0xca,0x9f,0x5b,0x4a,0x6f, - 0x6a,0xc3,0x56,0xb1,0x33,0x8e,0xc2,0x08,0x38,0x81,0xc0,0x12,0x87,0x55,0x42,0x62, - 0xc3,0x17,0xef,0x70,0xbc,0x47,0x5a,0x5e,0x81,0x63,0x3f,0x6e,0xdc,0x97,0xd9,0x21, - 0x1a,0xef,0xe4,0x75,0xac,0x11,0x19,0xc0,0x75,0x6d,0x23,0x18,0x05,0x72,0x73, + 0x01,0x00,0x01,0xa3,0x10,0x30,0x0e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x04,0x05, + 0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01, + 0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x5d,0xfd,0x5d,0xe7,0x72,0x93,0x6c,0x23, + 0xa8,0xe7,0x1a,0x69,0x9e,0xf2,0xa5,0xbf,0x11,0x0e,0x52,0xef,0x4b,0x4b,0x9a,0x24, + 0xc5,0x6d,0x2e,0xd2,0x21,0xb5,0xbd,0xb0,0x78,0xc3,0x25,0x81,0xd9,0x8e,0x9c,0xa5, + 0xc4,0x62,0xb2,0x4b,0xdb,0xf9,0x9b,0xa7,0x5e,0x05,0x85,0xef,0x97,0x60,0xc1,0x3d, + 0x9d,0x92,0xc0,0x9e,0x65,0x27,0x5f,0xc6,0xd0,0x58,0x2b,0x10,0x95,0xa8,0xdb,0xed, + 0x81,0x84,0xf3,0x0e,0x90,0x0c,0xcc,0x17,0x51,0x58,0x12,0x5d,0x33,0x21,0x46,0x5f, + 0x8f,0x45,0x7d,0x82,0x30,0x85,0x33,0x53,0x6d,0x61,0xd4,0x42,0x31,0xeb,0x93,0xe8, + 0x0b,0x03,0x0b,0x6c,0x9e,0xef,0x42,0xac,0x0f,0x1d,0x74,0x62,0xb4,0x39,0x8d,0x90, + 0x43,0x8a,0xf4,0x7f,0xaf,0x46,0x70,0xdf, +}; + + +/** + * A preshared key + */ +static char psk[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; /** @@ -185,7 +215,13 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) { - if (this->cert == NULL) + certificate_t *peer_cert; + public_key_t *peer_key, *ca_key; + u_int32_t serial; + time_t now; + identification_t *keyid = NULL; + + if (this->ca == NULL) { return NULL; } @@ -197,11 +233,62 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, { return NULL; } - if (id && !this->cert->has_subject(this->cert, id)) + ca_key = this->ca->get_public_key(this->ca); + if (ca_key && id) + { + keyid = ca_key->get_id(ca_key, id->get_type(id)); + } + if (!id || this->ca->has_subject(this->ca, id) || + (keyid && id->equals(id, keyid))) + { /* ca certificate */ + DESTROY_IF(ca_key); + return enumerator_create_single(this->ca, NULL); + } + DESTROY_IF(ca_key); + if (!trusted) + { + /* peer certificate, generate on demand */ + serial = htonl(++this->serial); + now = time(NULL); + peer_key = this->private->get_public_key(this->private); + peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_SIGNING_KEY, this->private, + BUILD_SIGNING_CERT, this->ca, + BUILD_PUBLIC_KEY, peer_key, + BUILD_SUBJECT, id, + BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24, + BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24, + BUILD_SERIAL, chunk_from_thing(serial), + BUILD_END); + peer_key->destroy(peer_key); + if (peer_cert) + { + return enumerator_create_single(peer_cert, (void*)peer_cert->destroy); + } + } + return NULL; +} + +/** + * Implements credential_set_t.create_shared_enumerator + */ +static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, + shared_key_type_t type, identification_t *me, + identification_t *other) +{ + if (type != SHARED_ANY && type != SHARED_IKE) + { + return NULL; + } + if (me && !me->matches(me, this->id)) + { + return NULL; + } + if (other && !other->matches(other, this->id)) { return NULL; } - return enumerator_create_single(this->cert, NULL); + return enumerator_create_single(this->shared, NULL); } /** @@ -210,7 +297,9 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, static void destroy(private_load_tester_creds_t *this) { DESTROY_IF(this->private); - DESTROY_IF(this->cert); + DESTROY_IF(this->ca); + this->shared->destroy(this->shared); + this->id->destroy(this->id); free(this); } @@ -218,7 +307,7 @@ load_tester_creds_t *load_tester_creds_create() { private_load_tester_creds_t *this = malloc_thing(private_load_tester_creds_t); - this->public.credential_set.create_shared_enumerator = (enumerator_t*(*)(credential_set_t*, shared_key_type_t, identification_t*, identification_t*))return_null; + this->public.credential_set.create_shared_enumerator = (enumerator_t*(*)(credential_set_t*, shared_key_type_t, identification_t*, identification_t*))create_shared_enumerator; this->public.credential_set.create_private_enumerator = (enumerator_t*(*) (credential_set_t*, key_type_t, identification_t*))create_private_enumerator; this->public.credential_set.create_cert_enumerator = (enumerator_t*(*) (credential_set_t*, certificate_type_t, key_type_t,identification_t *, bool))create_cert_enumerator; this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; @@ -226,11 +315,18 @@ load_tester_creds_t *load_tester_creds_create() this->public.destroy = (void(*) (load_tester_creds_t*))destroy; this->private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), BUILD_END); + BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), + BUILD_END); - this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), BUILD_END); + this->ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), + BUILD_X509_FLAG, X509_CA, + BUILD_END); + this->shared = shared_key_create(SHARED_IKE, + chunk_clone(chunk_create(psk, sizeof(psk)))); + this->id = identification_create_from_string("CN=*, OU=load-test, O=strongSwan"); + this->serial = 0; return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c new file mode 100644 index 000000000..4cc9dbc48 --- /dev/null +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "load_tester_diffie_hellman.h" + +/** + * Implementation of gmp_diffie_hellman_t.get_my_public_value. + */ +static void get_my_public_value(load_tester_diffie_hellman_t *this, + chunk_t *value) +{ + *value = chunk_empty; +} + +/** + * Implementation of gmp_diffie_hellman_t.get_shared_secret. + */ +static status_t get_shared_secret(load_tester_diffie_hellman_t *this, + chunk_t *secret) +{ + *secret = chunk_empty; + return SUCCESS; +} + +/** + * Implementation of gmp_diffie_hellman_t.get_dh_group. + */ +static diffie_hellman_group_t get_dh_group(load_tester_diffie_hellman_t *this) +{ + return MODP_NULL; +} + +/** + * See header + */ +load_tester_diffie_hellman_t *load_tester_diffie_hellman_create( + diffie_hellman_group_t group) +{ + load_tester_diffie_hellman_t *this; + + if (group != MODP_NULL) + { + return NULL; + } + + this = malloc_thing(load_tester_diffie_hellman_t); + + this->dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *))get_shared_secret; + this->dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t ))nop; + this->dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *))get_my_public_value; + this->dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *))get_dh_group; + this->dh.destroy = (void (*)(diffie_hellman_t *))free; + + return this; +} diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h new file mode 100644 index 000000000..1f66e7f2b --- /dev/null +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup load_tester_diffie_hellman load_tester_diffie_hellman + * @{ @ingroup load_tester + */ + +#ifndef LOAD_TESTER_DIFFIE_HELLMAN_H_ +#define LOAD_TESTER_DIFFIE_HELLMAN_H_ + +#include <crypto/diffie_hellman.h> + +typedef struct load_tester_diffie_hellman_t load_tester_diffie_hellman_t; + +/** + * A NULL Diffie Hellman implementation to avoid calculation overhead in tests. + */ +struct load_tester_diffie_hellman_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new gmp_diffie_hellman_t object. + * + * @param group Diffie Hellman group, supports MODP_NULL only + * @return gmp_diffie_hellman_t object + */ +load_tester_diffie_hellman_t *load_tester_diffie_hellman_create( + diffie_hellman_group_t group); + +#endif /* LOAD_TESTER_DIFFIE_HELLMAN_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_listener.c b/src/charon/plugins/load_tester/load_tester_listener.c index 991408a44..fe9e16fe7 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.c +++ b/src/charon/plugins/load_tester/load_tester_listener.c @@ -17,6 +17,8 @@ #include "load_tester_listener.h" +#include <signal.h> + #include <daemon.h> #include <processing/jobs/delete_ike_sa_job.h> @@ -35,6 +37,16 @@ struct private_load_tester_listener_t { * Delete IKE_SA after it has been established */ bool delete_after_established; + + /** + * Number of established SAs + */ + u_int established; + + /** + * Shutdown the daemon if we have established this SA count + */ + u_int shutdown_on; }; /** @@ -43,10 +55,24 @@ struct private_load_tester_listener_t { static bool ike_state_change(private_load_tester_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) { - if (this->delete_after_established && state == IKE_ESTABLISHED) + if (state == IKE_ESTABLISHED) { - charon->processor->queue_job(charon->processor, - (job_t*)delete_ike_sa_job_create(ike_sa->get_id(ike_sa), TRUE)); + ike_sa_id_t *id = ike_sa->get_id(ike_sa); + + if (this->delete_after_established) + { + charon->processor->queue_job(charon->processor, + (job_t*)delete_ike_sa_job_create(id, TRUE)); + } + + if (id->is_initiator(id)) + { + if (this->shutdown_on == ++this->established) + { + DBG1(DBG_CFG, "load-test complete, raising SIGTERM"); + pthread_kill(charon->main_thread_id, SIGTERM); + } + } } return TRUE; } @@ -59,7 +85,7 @@ static void destroy(private_load_tester_listener_t *this) free(this); } -load_tester_listener_t *load_tester_listener_create() +load_tester_listener_t *load_tester_listener_create(u_int shutdown_on) { private_load_tester_listener_t *this = malloc_thing(private_load_tester_listener_t); @@ -70,6 +96,9 @@ load_tester_listener_t *load_tester_listener_create() this->delete_after_established = lib->settings->get_bool(lib->settings, "charon.plugins.load_tester.delete_after_established", FALSE); + this->shutdown_on = shutdown_on; + this->established = 0; + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/charon/plugins/load_tester/load_tester_listener.h index 28bb57d05..6ef749b96 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.h +++ b/src/charon/plugins/load_tester/load_tester_listener.h @@ -46,8 +46,9 @@ struct load_tester_listener_t { /** * Create a listener to handle special events during load test * - * @return listener + * @param shutdown_on shut down the daemon after this many SAs are established + * @return listener */ -load_tester_listener_t *load_tester_listener_create(); +load_tester_listener_t *load_tester_listener_create(u_int shutdown_on); #endif /* LOAD_TESTER_LISTENER_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/charon/plugins/load_tester/load_tester_plugin.c index aff83a9a7..444a92e2b 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.c +++ b/src/charon/plugins/load_tester/load_tester_plugin.c @@ -20,11 +20,13 @@ #include "load_tester_creds.h" #include "load_tester_ipsec.h" #include "load_tester_listener.h" +#include "load_tester_diffie_hellman.h" #include <unistd.h> #include <daemon.h> #include <processing/jobs/callback_job.h> +#include <utils/mutex.h> typedef struct private_load_tester_plugin_t private_load_tester_plugin_t; @@ -59,14 +61,29 @@ struct private_load_tester_plugin_t { int iterations; /** - * number of threads + * number desired initiator threads */ int initiators; /** + * currenly running initiators + */ + int running; + + /** * delay between initiations, in ms */ int delay; + + /** + * mutex to lock running field + */ + mutex_t *mutex; + + /** + * condvar to wait for initiators + */ + condvar_t *condvar; }; /** @@ -74,48 +91,56 @@ struct private_load_tester_plugin_t { */ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) { - peer_cfg_t *peer_cfg; - child_cfg_t *child_cfg = NULL;; - enumerator_t *enumerator; int i, s = 0, ms = 0; + this->mutex->lock(this->mutex); + if (!this->running) + { + this->running = this->initiators; + } + this->mutex->unlock(this->mutex); if (this->delay) { s = this->delay / 1000; ms = this->delay % 1000; } - peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, - "load-test"); - if (peer_cfg) + + for (i = 0; this->iterations == 0 || i < this->iterations; i++) { + peer_cfg_t *peer_cfg; + child_cfg_t *child_cfg = NULL; + enumerator_t *enumerator; + + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, + "load-test"); + if (!peer_cfg) + { + break; + } enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); - if (enumerator->enumerate(enumerator, &child_cfg)) + if (!enumerator->enumerate(enumerator, &child_cfg)) { - child_cfg->get_ref(child_cfg); + enumerator->destroy(enumerator); + break; } enumerator->destroy(enumerator); - if (child_cfg) - { - for (i = 0; this->iterations == 0 || i < this->iterations; i++) - { - charon->controller->initiate(charon->controller, - peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), + charon->controller->initiate(charon->controller, + peer_cfg, child_cfg->get_ref(child_cfg), NULL, NULL); - - if (s) - { - sleep(s); - } - if (ms) - { - usleep(ms * 1000); - } - } - child_cfg->destroy(child_cfg); + if (s) + { + sleep(s); + } + if (ms) + { + usleep(ms * 1000); } - peer_cfg->destroy(peer_cfg); } + this->mutex->lock(this->mutex); + this->running--; + this->mutex->unlock(this->mutex); + this->condvar->signal(this->condvar); return JOB_REQUEUE_NONE; } @@ -124,6 +149,13 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) */ static void destroy(private_load_tester_plugin_t *this) { + this->iterations = -1; + this->mutex->lock(this->mutex); + while (this->running) + { + this->condvar->wait(this->condvar, this->mutex); + } + this->mutex->unlock(this->mutex); charon->kernel_interface->remove_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); charon->backends->remove_backend(charon->backends, &this->config->backend); @@ -132,6 +164,10 @@ static void destroy(private_load_tester_plugin_t *this) this->config->destroy(this->config); this->creds->destroy(this->creds); this->listener->destroy(this->listener); + lib->crypto->remove_dh(lib->crypto, + (dh_constructor_t)load_tester_diffie_hellman_create); + this->mutex->destroy(this->mutex); + this->condvar->destroy(this->condvar); free(this); } @@ -140,30 +176,50 @@ static void destroy(private_load_tester_plugin_t *this) */ plugin_t *plugin_create() { - private_load_tester_plugin_t *this = malloc_thing(private_load_tester_plugin_t); - int i; + private_load_tester_plugin_t *this; + u_int i, shutdown_on = 0; + if (!lib->settings->get_bool(lib->settings, + "charon.plugins.load_tester.enable", FALSE)) + { + DBG1(DBG_CFG, "disabling load-tester plugin, not configured"); + return NULL; + } + + this = malloc_thing(private_load_tester_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + lib->crypto->add_dh(lib->crypto, MODP_NULL, + (dh_constructor_t)load_tester_diffie_hellman_create); + + this->delay = lib->settings->get_int(lib->settings, + "charon.plugins.load_tester.delay", 0); + this->iterations = lib->settings->get_int(lib->settings, + "charon.plugins.load_tester.iterations", 1); + this->initiators = lib->settings->get_int(lib->settings, + "charon.plugins.load_tester.initiators", 0); + if (lib->settings->get_bool(lib->settings, + "charon.plugins.load_tester.shutdown_when_complete", 0)) + { + shutdown_on = this->iterations * this->initiators; + } + + this->mutex = mutex_create(MUTEX_DEFAULT); + this->condvar = condvar_create(CONDVAR_DEFAULT); this->config = load_tester_config_create(); this->creds = load_tester_creds_create(); - this->listener = load_tester_listener_create(); + this->listener = load_tester_listener_create(shutdown_on); charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); charon->bus->add_listener(charon->bus, &this->listener->listener); if (lib->settings->get_bool(lib->settings, - "charon.plugins.load_tester.fake_kernel", FALSE)) + "charon.plugins.load_tester.fake_kernel", FALSE)) { charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); } - this->delay = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.delay", 0); - this->iterations = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.iterations", 1); - this->initiators = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.initiators", 0); + this->running = 0; for (i = 0; i < this->initiators; i++) { charon->processor->queue_job(charon->processor, |