projects / strongswan.git / blob
? search:


47ce6fa711f47bedc2cf4ddb202a4cb462830ab7
[strongswan.git] / src / libcharon / plugins / load_tester / load_tester_config.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "load_tester_config.h"
17
18 #include <daemon.h>
19
20 typedef struct private_load_tester_config_t private_load_tester_config_t;
21
22 /**
23 * Private data of an load_tester_config_t object
24 */
25 struct private_load_tester_config_t {
26
27 /**
28 * Public part
29 */
30 load_tester_config_t public;
31
32 /**
33 * peer config
34 */
35 peer_cfg_t *peer_cfg;
36
37 /**
38 * virtual IP, if any
39 */
40 host_t *vip;
41
42 /**
43 * Remote address
44 */
45 char *remote;
46
47 /**
48 * Local address
49 */
50 char *local;
51
52 /**
53 * IP address pool
54 */
55 char *pool;
56
57 /**
58 * IKE proposal
59 */
60 proposal_t *proposal;
61
62 /**
63 * Authentication method(s) to use/expect from initiator
64 */
65 char *initiator_auth;
66
67 /**
68 * Authentication method(s) use/expected from responder
69 */
70 char *responder_auth;
71
72 /**
73 * Initiator ID to enforce
74 */
75 char *initiator_id;
76
77 /**
78 * Responder ID to enforce
79 */
80 char *responder_id;
81
82 /**
83 * IKE_SA rekeying delay
84 */
85 u_int ike_rekey;
86
87 /**
88 * CHILD_SA rekeying delay
89 */
90 u_int child_rekey;
91
92 /**
93 * DPD check delay
94 */
95 u_int dpd_delay;
96
97 /**
98 * incremental numbering of generated configs
99 */
100 u_int num;
101
102 /**
103 * Dynamic source port, if used
104 */
105 u_int16_t port;
106 };
107
108 /**
109 * Generate auth config from string
110 */
111 static void generate_auth_cfg(private_load_tester_config_t *this, char *str,
112 peer_cfg_t *peer_cfg, bool local, int num)
113 {
114 enumerator_t *enumerator;
115 auth_cfg_t *auth;
116 identification_t *id;
117 auth_class_t class;
118 eap_type_t type;
119 char buf[128];
120 int rnd = 0;
121
122 enumerator = enumerator_create_token(str, "|", " ");
123 while (enumerator->enumerate(enumerator, &str))
124 {
125 id = NULL;
126 auth = auth_cfg_create();
127 rnd++;
128
129 if (this->initiator_id)
130 {
131 if ((local && num) || (!local && !num))
132 {
133 snprintf(buf, sizeof(buf), this->initiator_id, num, rnd);
134 id = identification_create_from_string(buf);
135 }
136 }
137 if (this->responder_id)
138 {
139 if ((local && !num) || (!local && num))
140 {
141 snprintf(buf, sizeof(buf), this->responder_id, num, rnd);
142 id = identification_create_from_string(buf);
143 }
144 }
145
146 if (streq(str, "psk"))
147 { /* PSK authentication, use FQDNs */
148 class = AUTH_CLASS_PSK;
149 if (!id)
150 {
151 if ((local && !num) || (!local && num))
152 {
153 id = identification_create_from_string("srv.strongswan.org");
154 }
155 else if (local)
156 {
157 snprintf(buf, sizeof(buf), "c%d-r%d.strongswan.org",
158 num, rnd);
159 id = identification_create_from_string(buf);
160 }
161 else
162 {
163 id = identification_create_from_string("*.strongswan.org");
164 }
165 }
166 }
167 else if (strneq(str, "eap", strlen("eap")))
168 { /* EAP authentication, use a NAI */
169 class = AUTH_CLASS_EAP;
170 if (*(str + strlen("eap")) == '-')
171 {
172 type = eap_type_from_string(str + strlen("eap-"));
173 if (type)
174 {
175 auth->add(auth, AUTH_RULE_EAP_TYPE, type);
176 }
177 }
178 if (!id)
179 {
180 if (local && num)
181 {
182 snprintf(buf, sizeof(buf), "1%.10d%.4d@strongswan.org",
183 num, rnd);
184 id = identification_create_from_string(buf);
185 }
186 else
187 {
188 id = identification_create_from_encoding(ID_ANY, chunk_empty);
189 }
190 }
191 }
192 else
193 {
194 if (!streq(str, "pubkey"))
195 {
196 DBG1(DBG_CFG, "invalid authentication: '%s', fallback to pubkey",
197 str);
198 }
199 /* certificate authentication, use distinguished names */
200 class = AUTH_CLASS_PUBKEY;
201 if (!id)
202 {
203 if ((local && !num) || (!local && num))
204 {
205 id = identification_create_from_string(
206 "CN=srv, OU=load-test, O=strongSwan");
207 }
208 else if (local)
209 {
210 snprintf(buf, sizeof(buf),
211 "CN=c%d-r%d, OU=load-test, O=strongSwan", num, rnd);
212 id = identification_create_from_string(buf);
213 }
214 else
215 {
216 id = identification_create_from_string(
217 "CN=*, OU=load-test, O=strongSwan");
218 }
219 }
220 }
221 auth->add(auth, AUTH_RULE_AUTH_CLASS, class);
222 auth->add(auth, AUTH_RULE_IDENTITY, id);
223 peer_cfg->add_auth_cfg(peer_cfg, auth, local);
224 }
225 enumerator->destroy(enumerator);
226 }
227
228 /**
229 * Generate a new initiator config, num = 0 for responder config
230 */
231 static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
232 {
233 ike_cfg_t *ike_cfg;
234 child_cfg_t *child_cfg;
235 peer_cfg_t *peer_cfg;
236 traffic_selector_t *ts;
237 proposal_t *proposal;
238 lifetime_cfg_t lifetime = {
239 .time = {
240 .life = this->child_rekey * 2,
241 .rekey = this->child_rekey,
242 .jitter = 0
243 }
244 };
245
246 if (this->port && num)
247 {
248 ike_cfg = ike_cfg_create(FALSE, FALSE,
249 this->local, this->port + num - 1, this->remote, IKEV2_NATT_PORT);
250 }
251 else
252 {
253 ike_cfg = ike_cfg_create(FALSE, FALSE,
254 this->local, IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT);
255 }
256 ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
257 peer_cfg = peer_cfg_create("load-test", IKEV2, ike_cfg,
258 CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
259 this->ike_rekey, 0, /* rekey, reauth */
260 0, this->ike_rekey, /* jitter, overtime */
261 FALSE, FALSE, /* mobike, aggressive mode */
262 this->dpd_delay, /* dpddelay */
263 this->vip ? this->vip->clone(this->vip) : NULL,
264 this->pool, FALSE, NULL, NULL);
265 if (num)
266 { /* initiator */
267 generate_auth_cfg(this, this->initiator_auth, peer_cfg, TRUE, num);
268 generate_auth_cfg(this, this->responder_auth, peer_cfg, FALSE, num);
269 }
270 else
271 { /* responder */
272 generate_auth_cfg(this, this->responder_auth, peer_cfg, TRUE, num);
273 generate_auth_cfg(this, this->initiator_auth, peer_cfg, FALSE, num);
274 }
275
276 child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL,
277 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
278 0, 0, NULL, NULL, 0);
279 proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
280 child_cfg->add_proposal(child_cfg, proposal);
281 ts = traffic_selector_create_dynamic(0, 0, 65535);
282 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
283 ts = traffic_selector_create_dynamic(0, 0, 65535);
284 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
285 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
286 return peer_cfg;
287 }
288
289 METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
290 private_load_tester_config_t *this,
291 identification_t *me, identification_t *other)
292 {
293 return enumerator_create_single(this->peer_cfg, NULL);
294 }
295
296 METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*,
297 private_load_tester_config_t *this, host_t *me, host_t *other)
298 {
299 ike_cfg_t *ike_cfg;
300
301 ike_cfg = this->peer_cfg->get_ike_cfg(this->peer_cfg);
302 return enumerator_create_single(ike_cfg, NULL);
303 }
304
305 METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
306 private_load_tester_config_t *this, char *name)
307 {
308 if (streq(name, "load-test"))
309 {
310 return generate_config(this, this->num++);
311 }
312 return NULL;
313 }
314
315 METHOD(load_tester_config_t, destroy, void,
316 private_load_tester_config_t *this)
317 {
318 this->peer_cfg->destroy(this->peer_cfg);
319 DESTROY_IF(this->proposal);
320 DESTROY_IF(this->vip);
321 free(this);
322 }
323
324 /**
325 * Described in header.
326 */
327 load_tester_config_t *load_tester_config_create()
328 {
329 private_load_tester_config_t *this;
330
331 INIT(this,
332 .public = {
333 .backend = {
334 .create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
335 .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
336 .get_peer_cfg_by_name = _get_peer_cfg_by_name,
337 },
338 .destroy = _destroy,
339 },
340 .num = 1,
341 );
342
343 if (lib->settings->get_bool(lib->settings,
344 "%s.plugins.load-tester.request_virtual_ip", FALSE, charon->name))
345 {
346 this->vip = host_create_from_string("0.0.0.0", 0);
347 }
348 this->pool = lib->settings->get_str(lib->settings,
349 "%s.plugins.load-tester.pool", NULL, charon->name);
350 this->remote = lib->settings->get_str(lib->settings,
351 "%s.plugins.load-tester.remote", "127.0.0.1", charon->name);
352 this->local = lib->settings->get_str(lib->settings,
353 "%s.plugins.load-tester.local", "0.0.0.0", charon->name);
354
355 this->proposal = proposal_create_from_string(PROTO_IKE,
356 lib->settings->get_str(lib->settings,
357 "%s.plugins.load-tester.proposal", "aes128-sha1-modp768",
358 charon->name));
359 if (!this->proposal)
360 { /* fallback */
361 this->proposal = proposal_create_from_string(PROTO_IKE,
362 "aes128-sha1-modp768");
363 }
364 this->ike_rekey = lib->settings->get_int(lib->settings,
365 "%s.plugins.load-tester.ike_rekey", 0, charon->name);
366 this->child_rekey = lib->settings->get_int(lib->settings,
367 "%s.plugins.load-tester.child_rekey", 600, charon->name);
368 this->dpd_delay = lib->settings->get_int(lib->settings,
369 "%s.plugins.load-tester.dpd_delay", 0, charon->name);
370
371 this->initiator_auth = lib->settings->get_str(lib->settings,
372 "%s.plugins.load-tester.initiator_auth", "pubkey", charon->name);
373 this->responder_auth = lib->settings->get_str(lib->settings,
374 "%s.plugins.load-tester.responder_auth", "pubkey", charon->name);
375 this->initiator_id = lib->settings->get_str(lib->settings,
376 "%s.plugins.load-tester.initiator_id", NULL, charon->name);
377 this->responder_id = lib->settings->get_str(lib->settings,
378 "%s.plugins.load-tester.responder_id", NULL, charon->name);
379
380 this->port = lib->settings->get_int(lib->settings,
381 "%s.plugins.load-tester.dynamic_port", 0, charon->name);
382
383 this->peer_cfg = generate_config(this, 0);
384
385 return &this->public;
386 }
387
strongSwan - IPsec VPN