diff options
Diffstat (limited to 'src/libcharon/plugins/load_tester')
5 files changed, 36 insertions, 13 deletions
diff --git a/src/libcharon/plugins/load_tester/Makefile.am b/src/libcharon/plugins/load_tester/Makefile.am index e7c08783f..31e1b5c6f 100644 --- a/src/libcharon/plugins/load_tester/Makefile.am +++ b/src/libcharon/plugins/load_tester/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-load-tester.la diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 561d69a23..df75c0f4b 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -276,6 +276,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -294,6 +295,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -321,6 +323,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -412,6 +415,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -429,7 +433,7 @@ AM_CPPFLAGS = \ -DIPSEC_PIDDIR=\"${piddir}\" AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-load-tester.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-load-tester.la diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index e133190b4..bc7c0ffbc 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -150,7 +150,7 @@ struct private_load_tester_config_t { /** * incremental numbering of generated configs */ - u_int num; + refcount_t num; /** * Dynamic source port, if used @@ -802,7 +802,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, { if (streq(name, "load-test")) { - return generate_config(this, this->num++); + return generate_config(this, (u_int)ref_get(&this->num)); } return NULL; } diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index f17d41f46..d62c7295d 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c @@ -68,6 +68,11 @@ struct private_load_tester_creds_t { * Password for EAP */ shared_key_t *pwd; + + /** + * List of certificate distribution points to include in generated certs + */ + linked_list_t *cdps; }; /** @@ -377,6 +382,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24, BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24, BUILD_SERIAL, chunk_from_thing(serial), + BUILD_CRL_DISTRIBUTION_POINTS, this->cdps, BUILD_END); peer_key->destroy(peer_key); sans->destroy(sans); @@ -436,13 +442,14 @@ METHOD(load_tester_creds_t, destroy, void, DESTROY_IF(this->ca); this->psk->destroy(this->psk); this->pwd->destroy(this->pwd); + this->cdps->destroy_function(this->cdps, free); free(this); } load_tester_creds_t *load_tester_creds_create() { private_load_tester_creds_t *this; - char *pwd, *psk, *digest; + char *pwd, *psk, *digest, *crl; psk = lib->settings->get_str(lib->settings, "%s.plugins.load-tester.preshared_key", default_psk, lib->ns); @@ -450,6 +457,8 @@ load_tester_creds_t *load_tester_creds_create() "%s.plugins.load-tester.eap_password", default_pwd, lib->ns); digest = lib->settings->get_str(lib->settings, "%s.plugins.load-tester.digest", "sha1", lib->ns); + crl = lib->settings->get_str(lib->settings, + "%s.plugins.load-tester.crl", NULL, lib->ns); INIT(this, .public = { @@ -465,7 +474,7 @@ load_tester_creds_t *load_tester_creds_create() .private = load_issuer_key(), .ca = load_issuer_cert(), .cas = linked_list_create(), - .digest = enum_from_name(hash_algorithm_short_names, digest), + .cdps = linked_list_create(), .psk = shared_key_create(SHARED_IKE, chunk_clone(chunk_create(psk, strlen(psk)))), .pwd = shared_key_create(SHARED_EAP, @@ -477,14 +486,23 @@ load_tester_creds_t *load_tester_creds_create() this->cas->insert_last(this->cas, this->ca->get_ref(this->ca)); } - if (this->digest == -1) + if (!enum_from_name(hash_algorithm_short_names, digest, &this->digest)) { DBG1(DBG_CFG, "invalid load-tester digest: '%s', using sha1", digest); this->digest = HASH_SHA1; } + if (crl) + { + x509_cdp_t *cdp; + + INIT(cdp, + .uri = crl, + ); + this->cdps->insert_last(this->cdps, cdp); + } + load_ca_certs(this); return &this->public; } - diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 02b1d4216..3f256ddd0 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -31,14 +31,14 @@ struct private_load_tester_ipsec_t { /** * faked SPI counter */ - u_int32_t spi; + refcount_t spi; }; METHOD(kernel_ipsec_t, get_spi, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) { - *spi = ++this->spi; + *spi = (uint32_t)ref_get(&this->spi); return SUCCESS; } @@ -53,8 +53,9 @@ METHOD(kernel_ipsec_t, add_sa, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, + u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, + bool initiator, bool encap, bool esn, bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { return SUCCESS; |