diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
| commit | b34738ed08c2227300d554b139e2495ca5da97d6 (patch) | |
| tree | 62f33b52820f2e49f0e53c0f8c636312037c8054 /src/libcharon/plugins/load_tester | |
| parent | 0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff) | |
| download | vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip | |
Imported Upstream version 4.6.4
Diffstat (limited to 'src/libcharon/plugins/load_tester')
7 files changed, 303 insertions, 169 deletions
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 1e9a5fe82..bbd20d4b9 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -197,6 +197,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -205,6 +208,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -221,11 +225,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -269,6 +275,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 71391d593..6bc6f91e4 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -65,6 +65,16 @@ struct private_load_tester_config_t { char *responder_auth; /** + * Initiator ID to enforce + */ + char *initiator_id; + + /** + * Responder ID to enforce + */ + char *responder_id; + + /** * IKE_SA rekeying delay */ u_int ike_rekey; @@ -75,6 +85,11 @@ struct private_load_tester_config_t { u_int child_rekey; /** + * DPD check delay + */ + u_int dpd_delay; + + /** * incremental numbering of generated configs */ u_int num; @@ -102,24 +117,46 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, enumerator = enumerator_create_token(str, "|", " "); while (enumerator->enumerate(enumerator, &str)) { + id = NULL; auth = auth_cfg_create(); rnd++; - if (streq(str, "psk")) - { /* PSK authentication, use FQDNs */ - class = AUTH_CLASS_PSK; - if ((local && !num) || (!local && num)) + if (this->initiator_id) + { + if ((local && num) || (!local && !num)) { - id = identification_create_from_string("srv.strongswan.org"); + snprintf(buf, sizeof(buf), this->initiator_id, num, rnd); + id = identification_create_from_string(buf); } - else if (local) + } + if (this->responder_id) + { + if ((local && !num) || (!local && num)) { - snprintf(buf, sizeof(buf), "c%d-r%d.strongswan.org", num, rnd); + snprintf(buf, sizeof(buf), this->responder_id, num, rnd); id = identification_create_from_string(buf); } - else + } + + if (streq(str, "psk")) + { /* PSK authentication, use FQDNs */ + class = AUTH_CLASS_PSK; + if (!id) { - id = identification_create_from_string("*.strongswan.org"); + if ((local && !num) || (!local && num)) + { + id = identification_create_from_string("srv.strongswan.org"); + } + else if (local) + { + snprintf(buf, sizeof(buf), "c%d-r%d.strongswan.org", + num, rnd); + id = identification_create_from_string(buf); + } + else + { + id = identification_create_from_string("*.strongswan.org"); + } } } else if (strneq(str, "eap", strlen("eap"))) @@ -133,14 +170,18 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, auth->add(auth, AUTH_RULE_EAP_TYPE, type); } } - if (local && num) + if (!id) { - snprintf(buf, sizeof(buf), "1%.10d%.4d@strongswan.org", num, rnd); - id = identification_create_from_string(buf); - } - else - { - id = identification_create_from_encoding(ID_ANY, chunk_empty); + if (local && num) + { + snprintf(buf, sizeof(buf), "1%.10d%.4d@strongswan.org", + num, rnd); + id = identification_create_from_string(buf); + } + else + { + id = identification_create_from_encoding(ID_ANY, chunk_empty); + } } } else @@ -152,21 +193,24 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, } /* certificate authentication, use distinguished names */ class = AUTH_CLASS_PUBKEY; - if ((local && !num) || (!local && num)) - { - id = identification_create_from_string( - "CN=srv, OU=load-test, O=strongSwan"); - } - else if (local) + if (!id) { - snprintf(buf, sizeof(buf), - "CN=c%d-r%d, OU=load-test, O=strongSwan", num, rnd); - id = identification_create_from_string(buf); - } - else - { - id = identification_create_from_string( - "CN=*, OU=load-test, O=strongSwan"); + if ((local && !num) || (!local && num)) + { + id = identification_create_from_string( + "CN=srv, OU=load-test, O=strongSwan"); + } + else if (local) + { + snprintf(buf, sizeof(buf), + "CN=c%d-r%d, OU=load-test, O=strongSwan", num, rnd); + id = identification_create_from_string(buf); + } + else + { + id = identification_create_from_string( + "CN=*, OU=load-test, O=strongSwan"); + } } } auth->add(auth, AUTH_RULE_AUTH_CLASS, class); @@ -209,7 +253,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */ this->ike_rekey, 0, /* rekey, reauth */ 0, this->ike_rekey, /* jitter, overtime */ - FALSE, 0, /* mobike, dpddelay */ + FALSE, this->dpd_delay, /* mobike, dpddelay */ this->vip ? this->vip->clone(this->vip) : NULL, this->pool, FALSE, NULL, NULL); if (num) @@ -236,21 +280,15 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) return peer_cfg; } -/** - * Implementation of backend_t.create_peer_cfg_enumerator. - */ -static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this, - identification_t *me, - identification_t *other) +METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, + private_load_tester_config_t *this, + identification_t *me, identification_t *other) { return enumerator_create_single(this->peer_cfg, NULL); } -/** - * Implementation of backend_t.create_ike_cfg_enumerator. - */ -static enumerator_t* create_ike_cfg_enumerator(private_load_tester_config_t *this, - host_t *me, host_t *other) +METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, + private_load_tester_config_t *this, host_t *me, host_t *other) { ike_cfg_t *ike_cfg; @@ -258,11 +296,8 @@ static enumerator_t* create_ike_cfg_enumerator(private_load_tester_config_t *thi return enumerator_create_single(ike_cfg, NULL); } -/** - * implements backend_t.get_peer_cfg_by_name. - */ -static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this, - char *name) +METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, + private_load_tester_config_t *this, char *name) { if (streq(name, "load-test")) { @@ -271,10 +306,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this, return NULL; } -/** - * Implementation of load_tester_config_t.destroy. - */ -static void destroy(private_load_tester_config_t *this) +METHOD(load_tester_config_t, destroy, void, + private_load_tester_config_t *this) { this->peer_cfg->destroy(this->peer_cfg); DESTROY_IF(this->proposal); @@ -287,14 +320,20 @@ static void destroy(private_load_tester_config_t *this) */ load_tester_config_t *load_tester_config_create() { - private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t); - - this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; - this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; - this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; - this->public.destroy = (void(*)(load_tester_config_t*))destroy; + private_load_tester_config_t *this; + + INIT(this, + .public = { + .backend = { + .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, + .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, + .get_peer_cfg_by_name = _get_peer_cfg_by_name, + }, + .destroy = _destroy, + }, + .num = 1, + ); - this->vip = NULL; if (lib->settings->get_bool(lib->settings, "charon.plugins.load-tester.request_virtual_ip", FALSE)) { @@ -317,16 +356,21 @@ load_tester_config_t *load_tester_config_create() "charon.plugins.load-tester.ike_rekey", 0); this->child_rekey = lib->settings->get_int(lib->settings, "charon.plugins.load-tester.child_rekey", 600); + this->dpd_delay = lib->settings->get_int(lib->settings, + "charon.plugins.load-tester.dpd_delay", 0); this->initiator_auth = lib->settings->get_str(lib->settings, "charon.plugins.load-tester.initiator_auth", "pubkey"); this->responder_auth = lib->settings->get_str(lib->settings, "charon.plugins.load-tester.responder_auth", "pubkey"); + this->initiator_id = lib->settings->get_str(lib->settings, + "charon.plugins.load-tester.initiator_id", NULL); + this->responder_id = lib->settings->get_str(lib->settings, + "charon.plugins.load-tester.responder_id", NULL); this->port = lib->settings->get_int(lib->settings, "charon.plugins.load-tester.dynamic_port", 0); - this->num = 1; this->peer_cfg = generate_config(this, 0); return &this->public; diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index 890703c1a..c34ea73c5 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c @@ -49,9 +49,14 @@ struct private_load_tester_creds_t { u_int32_t serial; /** - * Preshared key + * Preshared key for IKE */ - shared_key_t *shared; + shared_key_t *psk; + + /** + * Password for EAP + */ + shared_key_t *pwd; }; /** @@ -131,7 +136,7 @@ CwMLbJ7vQqwPHXRitDmNkEOK9H+vRnDf -----END CERTIFICATE----- */ -char cert[] = { +static char cert[] = { 0x30,0x82,0x01,0xf4,0x30,0x82,0x01,0x5d,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30, 0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31, @@ -168,17 +173,17 @@ char cert[] = { /** - * A preshared key + * Default IKE preshared key */ -static char psk[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 -}; +static char *default_psk = "default-psk"; /** - * Implements credential_set_t.create_private_enumerator + * Default EAP password for EAP */ -static enumerator_t* create_private_enumerator(private_load_tester_creds_t *this, - key_type_t type, identification_t *id) +static char *default_pwd = "default-pwd"; + +METHOD(credential_set_t, create_private_enumerator, enumerator_t*, + private_load_tester_creds_t *this, key_type_t type, identification_t *id) { if (this->private == NULL) { @@ -198,12 +203,9 @@ static enumerator_t* create_private_enumerator(private_load_tester_creds_t *this return enumerator_create_single(this->private, NULL); } -/** - * Implements credential_set_t.create_cert_enumerator - */ -static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, - certificate_type_t cert, key_type_t key, - identification_t *id, bool trusted) +METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, + private_load_tester_creds_t *this, certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) { certificate_t *peer_cert; public_key_t *peer_key, *ca_key; @@ -265,49 +267,87 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, } /** - * Implements credential_set_t.create_shared_enumerator + * Filter function for shared keys, returning ID matches */ -static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, - shared_key_type_t type, identification_t *me, - identification_t *other) +static bool shared_filter(void *null, shared_key_t **in, shared_key_t **out, + void **un1, id_match_t *me, void **un2, id_match_t *other) +{ + *out = *in; + if (me) + { + *me = ID_MATCH_ANY; + } + if (other) + { + *other = ID_MATCH_ANY; + } + return TRUE; +} + +METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, + private_load_tester_creds_t *this, shared_key_type_t type, + identification_t *me, identification_t *other) { - return enumerator_create_single(this->shared, NULL); + shared_key_t *shared; + + switch (type) + { + case SHARED_IKE: + shared = this->psk; + break; + case SHARED_EAP: + shared = this->pwd; + break; + default: + return NULL; + } + return enumerator_create_filter(enumerator_create_single(shared, NULL), + (void*)shared_filter, NULL, NULL); } -/** - * Implementation of load_tester_creds_t.destroy - */ -static void destroy(private_load_tester_creds_t *this) +METHOD(load_tester_creds_t, destroy, void, + private_load_tester_creds_t *this) { DESTROY_IF(this->private); DESTROY_IF(this->ca); - this->shared->destroy(this->shared); + this->psk->destroy(this->psk); + this->pwd->destroy(this->pwd); free(this); } load_tester_creds_t *load_tester_creds_create() { - private_load_tester_creds_t *this = malloc_thing(private_load_tester_creds_t); - - this->public.credential_set.create_shared_enumerator = (enumerator_t*(*)(credential_set_t*, shared_key_type_t, identification_t*, identification_t*))create_shared_enumerator; - this->public.credential_set.create_private_enumerator = (enumerator_t*(*) (credential_set_t*, key_type_t, identification_t*))create_private_enumerator; - this->public.credential_set.create_cert_enumerator = (enumerator_t*(*) (credential_set_t*, certificate_type_t, key_type_t,identification_t *, bool))create_cert_enumerator; - this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; - this->public.credential_set.cache_cert = (void (*)(credential_set_t *, certificate_t *))nop; - this->public.destroy = (void(*) (load_tester_creds_t*))destroy; - - this->private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), - BUILD_END); + private_load_tester_creds_t *this; + char *pwd, *psk; - this->ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), - BUILD_X509_FLAG, X509_CA, - BUILD_END); + psk = lib->settings->get_str(lib->settings, + "charon.plugins.load-tester.preshared_key", default_psk); + pwd = lib->settings->get_str(lib->settings, + "charon.plugins.load-tester.eap_password", default_pwd); - this->shared = shared_key_create(SHARED_IKE, - chunk_clone(chunk_create(psk, sizeof(psk)))); - this->serial = 0; + INIT(this, + .public = { + .credential_set = { + .create_shared_enumerator = _create_shared_enumerator, + .create_private_enumerator = _create_private_enumerator, + .create_cert_enumerator = _create_cert_enumerator, + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)nop, + }, + .destroy = _destroy, + }, + .private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), + BUILD_END), + .ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), + BUILD_X509_FLAG, X509_CA, + BUILD_END), + .psk = shared_key_create(SHARED_IKE, + chunk_clone(chunk_create(psk, strlen(psk)))), + .pwd = shared_key_create(SHARED_EAP, + chunk_clone(chunk_create(pwd, strlen(pwd)))), + ); return &this->public; } diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index fdec5300e..440197260 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -35,75 +35,75 @@ struct private_load_tester_ipsec_t { }; METHOD(kernel_ipsec_t, get_spi, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) + private_load_tester_ipsec_t *this, host_t *src, host_t *dst, + u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) { *spi = ++this->spi; return SUCCESS; } METHOD(kernel_ipsec_t, get_cpi, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) + private_load_tester_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t reqid, u_int16_t *cpi) { return FAILED; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool encap, bool esn, bool inbound, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts) + private_load_tester_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, + u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, + u_int16_t cpi, bool encap, bool esn, bool inbound, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { return SUCCESS; } METHOD(kernel_ipsec_t, update_sa, status_t, - private_load_tester_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, - host_t *new_dst, bool encap, bool new_encap, mark_t mark) + private_load_tester_ipsec_t *this, u_int32_t spi, u_int8_t protocol, + u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, + host_t *new_dst, bool encap, bool new_encap, mark_t mark) { return SUCCESS; } METHOD(kernel_ipsec_t, query_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) + private_load_tester_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_load_tester_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) { return SUCCESS; } METHOD(kernel_ipsec_t, add_policy, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, bool routed) + private_load_tester_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, + mark_t mark, policy_priority_t priority) { return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - u_int32_t *use_time) + private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, + u_int32_t *use_time) { - *use_time = time_monotonic(NULL); + *use_time = 1; return SUCCESS; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - bool unrouted) + private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + mark_t mark, policy_priority_t priority) { return SUCCESS; } @@ -115,7 +115,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, destroy, void, - private_load_tester_ipsec_t *this) + private_load_tester_ipsec_t *this) { free(this); } @@ -136,9 +136,11 @@ load_tester_ipsec_t *load_tester_ipsec_create() .update_sa = _update_sa, .query_sa = _query_sa, .del_sa = _del_sa, + .flush_sas = (void*)return_failed, .add_policy = _add_policy, .query_policy = _query_policy, .del_policy = _del_policy, + .flush_policies = (void*)return_failed, .bypass_socket = _bypass_socket, .destroy = _destroy, }, diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c index cf6dd0562..7c96f7d97 100644 --- a/src/libcharon/plugins/load_tester/load_tester_listener.c +++ b/src/libcharon/plugins/load_tester/load_tester_listener.c @@ -42,21 +42,25 @@ struct private_load_tester_listener_t { u_int established; /** + * Number of terminated SAs + */ + u_int terminated; + + /** * Shutdown the daemon if we have established this SA count */ u_int shutdown_on; }; -/** - * Implementation of listener_t.ike_state_change - */ -static bool ike_state_change(private_load_tester_listener_t *this, - ike_sa_t *ike_sa, ike_sa_state_t state) +METHOD(listener_t, ike_updown, bool, + private_load_tester_listener_t *this, ike_sa_t *ike_sa, bool up) { - if (state == IKE_ESTABLISHED) + if (up) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); + this->established++; + if (this->delete_after_established) { lib->processor->queue_job(lib->processor, @@ -65,37 +69,48 @@ static bool ike_state_change(private_load_tester_listener_t *this, if (id->is_initiator(id)) { - if (this->shutdown_on == ++this->established) + if (this->shutdown_on == this->established) { DBG1(DBG_CFG, "load-test complete, raising SIGTERM"); kill(0, SIGTERM); } } } + else + { + this->terminated++; + } return TRUE; } -/** - * Implementation of load_tester_listener_t.destroy - */ -static void destroy(private_load_tester_listener_t *this) +METHOD(load_tester_listener_t, get_established, u_int, + private_load_tester_listener_t *this) +{ + return this->established - this->terminated; +} + +METHOD(load_tester_listener_t, destroy, void, + private_load_tester_listener_t *this) { free(this); } load_tester_listener_t *load_tester_listener_create(u_int shutdown_on) { - private_load_tester_listener_t *this = malloc_thing(private_load_tester_listener_t); - - memset(&this->public.listener, 0, sizeof(listener_t)); - this->public.listener.ike_state_change = (void*)ike_state_change; - this->public.destroy = (void(*) (load_tester_listener_t*))destroy; - - this->delete_after_established = lib->settings->get_bool(lib->settings, - "charon.plugins.load-tester.delete_after_established", FALSE); - - this->shutdown_on = shutdown_on; - this->established = 0; + private_load_tester_listener_t *this; + + INIT(this, + .public = { + .listener = { + .ike_updown = _ike_updown, + }, + .get_established = _get_established, + .destroy = _destroy, + }, + .delete_after_established = lib->settings->get_bool(lib->settings, + "charon.plugins.load-tester.delete_after_established", FALSE), + .shutdown_on = shutdown_on, + ); return &this->public; } diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.h b/src/libcharon/plugins/load_tester/load_tester_listener.h index b9599294c..2621798c8 100644 --- a/src/libcharon/plugins/load_tester/load_tester_listener.h +++ b/src/libcharon/plugins/load_tester/load_tester_listener.h @@ -36,6 +36,13 @@ struct load_tester_listener_t { listener_t listener; /** + * Get the number of established IKE_SAs. + * + * @return number of SAs currently established + */ + u_int (*get_established)(load_tester_listener_t *this); + + /** * Destroy the backend. */ void (*destroy)(load_tester_listener_t *this); diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 94115e307..b260a9741 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -68,7 +68,7 @@ struct private_load_tester_plugin_t { int initiators; /** - * currenly running initiators + * currently running initiators */ int running; @@ -78,6 +78,11 @@ struct private_load_tester_plugin_t { int delay; /** + * Throttle initiation if half-open IKE_SA count reached + */ + int init_limit; + + /** * mutex to lock running field */ mutex_t *mutex; @@ -96,10 +101,7 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) int i, s = 0, ms = 0; this->mutex->lock(this->mutex); - if (!this->running) - { - this->running = this->initiators; - } + this->running++; this->mutex->unlock(this->mutex); if (this->delay) { @@ -113,6 +115,23 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) child_cfg_t *child_cfg = NULL; enumerator_t *enumerator; + if (this->init_limit) + { + while ((charon->ike_sa_manager->get_count(charon->ike_sa_manager) - + this->listener->get_established(this->listener)) > + this->init_limit) + { + if (s) + { + sleep(s); + } + if (ms) + { + usleep(ms * 1000); + } + } + } + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, "load-test"); if (!peer_cfg) @@ -129,7 +148,7 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) charon->controller->initiate(charon->controller, peer_cfg, child_cfg->get_ref(child_cfg), - NULL, NULL); + NULL, NULL, 0); if (s) { sleep(s); @@ -141,8 +160,8 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) } this->mutex->lock(this->mutex); this->running--; - this->mutex->unlock(this->mutex); this->condvar->signal(this->condvar); + this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } @@ -206,25 +225,26 @@ plugin_t *load_tester_plugin_create() "charon.plugins.load-tester.iterations", 1), .initiators = lib->settings->get_int(lib->settings, "charon.plugins.load-tester.initiators", 0), + .init_limit = lib->settings->get_int(lib->settings, + "charon.plugins.load-tester.init_limit", 0), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), .config = load_tester_config_create(), .creds = load_tester_creds_create(), - .listener = load_tester_listener_create(shutdown_on), ); lib->crypto->add_dh(lib->crypto, MODP_NULL, plugin_name, (dh_constructor_t)load_tester_diffie_hellman_create); charon->backends->add_backend(charon->backends, &this->config->backend); lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set); - charon->bus->add_listener(charon->bus, &this->listener->listener); if (lib->settings->get_bool(lib->settings, "charon.plugins.load-tester.shutdown_when_complete", 0)) { shutdown_on = this->iterations * this->initiators; } - + this->listener = load_tester_listener_create(shutdown_on); + charon->bus->add_listener(charon->bus, &this->listener->listener); if (lib->settings->get_bool(lib->settings, "charon.plugins.load-tester.fake_kernel", FALSE)) @@ -232,12 +252,11 @@ plugin_t *load_tester_plugin_create() hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); } - this->running = 0; for (i = 0; i < this->initiators; i++) { - lib->processor->queue_job(lib->processor, - (job_t*)callback_job_create((callback_job_cb_t)do_load_test, - this, NULL, NULL)); + lib->processor->queue_job(lib->processor, (job_t*) + callback_job_create_with_prio((callback_job_cb_t)do_load_test, + this, NULL, NULL, JOB_PRIO_CRITICAL)); } return &this->public.plugin; } |