generating different initiator identities, configs and certificates on the fly
authorMartin Willi <martin@strongswan.org>
Mon, 8 Dec 2008 19:18:28 +0000 (19:18 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 8 Dec 2008 19:18:28 +0000 (19:18 -0000)
src/charon/plugins/load_tester/load_tester_config.c
src/charon/plugins/load_tester/load_tester_creds.c
src/charon/plugins/load_tester/load_tester_plugin.c

index b184ad2..63a56a5 100644 (file)
@@ -35,9 +35,89 @@ struct private_load_tester_config_t {
         * peer config
         */
        peer_cfg_t *peer_cfg;
+       
+       /**
+        * virtual IP, if any
+        */
+       host_t *vip;
+       
+       /**
+        * Remote address
+        */
+       char *remote;
+       
+       /**
+        * IP address pool
+        */
+       char *pool;
+       
+       /**
+        * IKE proposal
+        */
+       proposal_t *proposal;
+       
+       /**
+        * Authentication method to use
+        */
+       auth_class_t class;
+       
+       /**
+        * incremental numbering of generated configs
+        */
+       u_int num;
 };
 
 /**
+ * Generate a new initiator config, num = 0 for responder config
+ */
+static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
+{
+       ike_cfg_t *ike_cfg;
+       child_cfg_t *child_cfg;
+       peer_cfg_t *peer_cfg;
+       traffic_selector_t *ts;
+       auth_info_t *auth;
+       identification_t *local, *remote;
+       proposal_t *proposal;
+       char buf[128];
+       
+       if (num)
+       {       /* initiator */
+               snprintf(buf, sizeof(buf), "CN=cli-%d, OU=load-test, O=strongSwan", num);
+               local = identification_create_from_string(buf);
+               snprintf(buf, sizeof(buf), "CN=srv, OU=load-test, O=strongSwan", num);
+               remote = identification_create_from_string(buf);
+       }
+       else
+       {       /* responder */
+               local = identification_create_from_string(
+                                                                               "CN=srv, OU=load-test, O=strongSwan");
+               remote = identification_create_from_string(
+                                                                               "CN=*, OU=load-test, O=strongSwan");
+       }
+       
+       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", this->remote);
+       ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
+       peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, local, remote,
+                       CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */
+                       0, 0, TRUE, 60, /* jitter, overtime, mobike, dpddelay */
+                       this->vip ? this->vip->clone(this->vip) : NULL,
+                       this->pool, FALSE, NULL, NULL);
+       auth = peer_cfg->get_auth(peer_cfg);
+       auth->add_item(auth, AUTHN_AUTH_CLASS, &this->class);
+       child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE,
+                                                                MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
+       proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
+       child_cfg->add_proposal(child_cfg, proposal);
+       ts = traffic_selector_create_dynamic(0, 0, 65535);
+       child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+       ts = traffic_selector_create_dynamic(0, 0, 65535);
+       child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+       peer_cfg->add_child_cfg(peer_cfg, child_cfg);
+       return peer_cfg;
+}
+
+/**
  * Implementation of backend_t.create_peer_cfg_enumerator.
  */
 static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this,
@@ -67,7 +147,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this,
 {
        if (streq(name, "load-test"))
        {
-               return this->peer_cfg->get_ref(this->peer_cfg);
+               return generate_config(this, this->num++);
        }
        return NULL;
 }
@@ -78,6 +158,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_load_tester_config_t *this,
 static void destroy(private_load_tester_config_t *this)
 {
        this->peer_cfg->destroy(this->peer_cfg);
+       DESTROY_IF(this->proposal);
+       DESTROY_IF(this->vip);
        free(this);
 }
 
@@ -87,65 +169,45 @@ static void destroy(private_load_tester_config_t *this)
 load_tester_config_t *load_tester_config_create()
 {
        private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t);
-       ike_cfg_t *ike_cfg;
-       child_cfg_t *child_cfg;
-       proposal_t *proposal;
-       traffic_selector_t *ts;
-       auth_info_t *auth;
-       auth_class_t class;
-       char *remote, *pool, *authstr;
-       host_t *vip = NULL;
+       char *authstr;
        
        this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator;
        this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator;
        this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name;
        this->public.destroy = (void(*)(load_tester_config_t*))destroy;
        
+       this->vip = NULL;
        if (lib->settings->get_bool(lib->settings,
                                "charon.plugins.load_tester.request_virtual_ip", FALSE))
        {
-               vip = host_create_from_string("0.0.0.0", 0);
+               this->vip = host_create_from_string("0.0.0.0", 0);
        }
-       pool = lib->settings->get_str(lib->settings,
+       this->pool = lib->settings->get_str(lib->settings,
                                "charon.plugins.load_tester.pool", NULL);
-       remote = lib->settings->get_str(lib->settings, 
+       this->remote = lib->settings->get_str(lib->settings, 
                                "charon.plugins.load_tester.remote", "127.0.0.1");
-       ike_cfg = ike_cfg_create(TRUE, FALSE, "0.0.0.0", remote);
-       proposal = proposal_create_from_string(PROTO_IKE,
+                               
+       this->proposal = proposal_create_from_string(PROTO_IKE,
                        lib->settings->get_str(lib->settings,
                                "charon.plugins.load_tester.proposal", "aes128-sha1-modp768"));
-       if (!proposal)
+       if (!this->proposal)
        {       /* fallback */
-               proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha1-modp768");
+               this->proposal = proposal_create_from_string(PROTO_IKE,
+                                                                                                        "aes128-sha1-modp768");
        }
-       ike_cfg->add_proposal(ike_cfg, proposal);
-       this->peer_cfg = peer_cfg_create("load-test", 2, ike_cfg,
-                       identification_create_from_string("load-test@strongswan.org"),
-                       identification_create_from_string("load-test@strongswan.org"),
-                       CERT_SEND_IF_ASKED, UNIQUE_NO, 1, 0, 0, /* keytries, rekey, reauth */
-                       0, 0, TRUE, 60, /* jitter, overtime, mobike, dpddelay */
-                       vip, pool, FALSE, NULL, NULL);
-       auth = this->peer_cfg->get_auth(this->peer_cfg);
        authstr = lib->settings->get_str(lib->settings,
                                                                "charon.plugins.load_tester.auth", "pubkey");
        if (streq(authstr, "psk"))
        {
-               class = AUTH_CLASS_PSK;
+               this->class = AUTH_CLASS_PSK;
        }
        else
        {
-               class = AUTH_CLASS_PUBKEY;
+               this->class = AUTH_CLASS_PUBKEY;
        }
-       auth->add_item(auth, AUTHN_AUTH_CLASS, &class);
-       child_cfg = child_cfg_create("load-test", 600, 400, 100, NULL, TRUE,
-                                                                MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
-       proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
-       child_cfg->add_proposal(child_cfg, proposal);
-       ts = traffic_selector_create_dynamic(0, 0, 65535);
-       child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
-       ts = traffic_selector_create_dynamic(0, 0, 65535);
-       child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
-       this->peer_cfg->add_child_cfg(this->peer_cfg, child_cfg);
+       
+       this->num = 1;
+       this->peer_cfg = generate_config(this, 0);
        
        return &this->public;
 }
index f3f5a12..a208726 100644 (file)
 
 #include "load_tester_creds.h"
 
+#include <time.h>
+
 #include <daemon.h>
 #include <credentials/keys/shared_key.h>
+#include <credentials/certificates/x509.h>
 #include <utils/identification.h>
 
 typedef struct private_load_tester_creds_t private_load_tester_creds_t;
@@ -38,9 +41,14 @@ struct private_load_tester_creds_t {
        private_key_t *private;
        
        /**
-        * Trusted certificate to verify signatures
+        * CA certificate, to issue/verify peer certificates
+        */
+       certificate_t *ca;
+       
+       /**
+        * serial number to issue certificates
         */
-       certificate_t *cert;
+       u_int32_t serial;
        
        /**
         * Preshared key
@@ -116,28 +124,33 @@ static char private[] = {
 /**
  * And an associated self-signed certificate
 -----BEGIN CERTIFICATE-----
-MIIB2zCCAUSgAwIBAgIRAKmSLQc+3QV4WswVkpxqY5kwDQYJKoZIhvcNAQEFBQAw
-FzEVMBMGA1UEAxMMbG9hZC10ZXN0aW5nMB4XDTA4MTAyMTEyNDk0MFoXDTEzMTAy
-MDEyNDk0MFowFzEVMBMGA1UEAxMMbG9hZC10ZXN0aW5nMIGfMA0GCSqGSIb3DQEB
+MIIB9DCCAV2gAwIBAgIBADANBgkqhkiG9w0BAQUFADA3MQwwCgYDVQQDEwNzcnYx
+EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0wODEy
+MDgxODU4NDhaFw0xODEyMDYxODU4NDhaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE
+CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB
 AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E
 VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq
 BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID
-AQABoycwJTAjBgNVHREEHDAagRhsb2FkLXRlc3RAc3Ryb25nc3dhbi5vcmcwDQYJ
-KoZIhvcNAQEFBQADgYEATyQ3KLVU13Q3U3uZZtQL56rm680wMLu0+2z164PnxcTu
-Donp19AwPfvl4y0kjCdQYqUA6NXczub40ZrCMfmZEbVarW9oAys9lWef8sqfW0pv
-asNWsTOOwgg4gcASh1VCYsMX73C8R1pegWM/btyX2SEa7+R1rBEZwHVtIxgFcnM=
+AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF39Xedyk2wj
+qOcaaZ7ypb8RDlLvS0uaJMVtLtIhtb2weMMlgdmOnKXEYrJL2/mbp14Fhe+XYME9
+nZLAnmUnX8bQWCsQlajb7YGE8w6QDMwXUVgSXTMhRl+PRX2CMIUzU21h1EIx65Po
+CwMLbJ7vQqwPHXRitDmNkEOK9H+vRnDf
 -----END CERTIFICATE-----
+
  */
-static char cert[] = {
-  0x30,0x82,0x01,0xdb,0x30,0x82,0x01,0x44,0xa0,0x03,0x02,0x01,0x02,0x02,0x11,0x00,
-  0xa9,0x92,0x2d,0x07,0x3e,0xdd,0x05,0x78,0x5a,0xcc,0x15,0x92,0x9c,0x6a,0x63,0x99,
+char cert[] = {
+  0x30,0x82,0x01,0xf4,0x30,0x82,0x01,0x5d,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
   0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,
-  0x17,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x13,0x0c,0x6c,0x6f,0x61,0x64,
-  0x2d,0x74,0x65,0x73,0x74,0x69,0x6e,0x67,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x30,
-  0x32,0x31,0x31,0x32,0x34,0x39,0x34,0x30,0x5a,0x17,0x0d,0x31,0x33,0x31,0x30,0x32,
-  0x30,0x31,0x32,0x34,0x39,0x34,0x30,0x5a,0x30,0x17,0x31,0x15,0x30,0x13,0x06,0x03,
-  0x55,0x04,0x03,0x13,0x0c,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x69,0x6e,
-  0x67,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
+  0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,
+  0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,
+  0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,
+  0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x32,
+  0x30,0x38,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x17,0x0d,0x31,0x38,0x31,0x32,0x30,
+  0x36,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,
+  0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
+  0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11,
+  0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,
+  0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
   0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e,
   0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,
   0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,
@@ -147,20 +160,20 @@ static char cert[] = {
   0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,
   0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,
   0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,
-  0x01,0x00,0x01,0xa3,0x27,0x30,0x25,0x30,0x23,0x06,0x03,0x55,0x1d,0x11,0x04,0x1c,
-  0x30,0x1a,0x81,0x18,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x40,0x73,0x74,
-  0x72,0x6f,0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f,0x72,0x67,0x30,0x0d,0x06,0x09,
-  0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x4f,
-  0x24,0x37,0x28,0xb5,0x54,0xd7,0x74,0x37,0x53,0x7b,0x99,0x66,0xd4,0x0b,0xe7,0xaa,
-  0xe6,0xeb,0xcd,0x30,0x30,0xbb,0xb4,0xfb,0x6c,0xf5,0xeb,0x83,0xe7,0xc5,0xc4,0xee,
-  0x0e,0x89,0xe9,0xd7,0xd0,0x30,0x3d,0xfb,0xe5,0xe3,0x2d,0x24,0x8c,0x27,0x50,0x62,
-  0xa5,0x00,0xe8,0xd5,0xdc,0xce,0xe6,0xf8,0xd1,0x9a,0xc2,0x31,0xf9,0x99,0x11,0xb5,
-  0x5a,0xad,0x6f,0x68,0x03,0x2b,0x3d,0x95,0x67,0x9f,0xf2,0xca,0x9f,0x5b,0x4a,0x6f,
-  0x6a,0xc3,0x56,0xb1,0x33,0x8e,0xc2,0x08,0x38,0x81,0xc0,0x12,0x87,0x55,0x42,0x62,
-  0xc3,0x17,0xef,0x70,0xbc,0x47,0x5a,0x5e,0x81,0x63,0x3f,0x6e,0xdc,0x97,0xd9,0x21,
-  0x1a,0xef,0xe4,0x75,0xac,0x11,0x19,0xc0,0x75,0x6d,0x23,0x18,0x05,0x72,0x73,
+  0x01,0x00,0x01,0xa3,0x10,0x30,0x0e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x04,0x05,
+  0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
+  0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x5d,0xfd,0x5d,0xe7,0x72,0x93,0x6c,0x23,
+  0xa8,0xe7,0x1a,0x69,0x9e,0xf2,0xa5,0xbf,0x11,0x0e,0x52,0xef,0x4b,0x4b,0x9a,0x24,
+  0xc5,0x6d,0x2e,0xd2,0x21,0xb5,0xbd,0xb0,0x78,0xc3,0x25,0x81,0xd9,0x8e,0x9c,0xa5,
+  0xc4,0x62,0xb2,0x4b,0xdb,0xf9,0x9b,0xa7,0x5e,0x05,0x85,0xef,0x97,0x60,0xc1,0x3d,
+  0x9d,0x92,0xc0,0x9e,0x65,0x27,0x5f,0xc6,0xd0,0x58,0x2b,0x10,0x95,0xa8,0xdb,0xed,
+  0x81,0x84,0xf3,0x0e,0x90,0x0c,0xcc,0x17,0x51,0x58,0x12,0x5d,0x33,0x21,0x46,0x5f,
+  0x8f,0x45,0x7d,0x82,0x30,0x85,0x33,0x53,0x6d,0x61,0xd4,0x42,0x31,0xeb,0x93,0xe8,
+  0x0b,0x03,0x0b,0x6c,0x9e,0xef,0x42,0xac,0x0f,0x1d,0x74,0x62,0xb4,0x39,0x8d,0x90,
+  0x43,0x8a,0xf4,0x7f,0xaf,0x46,0x70,0xdf,
 };
 
+
 /**
  * A preshared key
  */
@@ -202,7 +215,13 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this,
                                                        certificate_type_t cert, key_type_t key,
                                                        identification_t *id, bool trusted)
 {
-       if (this->cert == NULL)
+       certificate_t *peer_cert;
+       public_key_t *peer_key, *ca_key;
+       u_int32_t serial;
+       time_t now;
+       identification_t *keyid = NULL;
+       
+       if (this->ca == NULL)
        {
                return NULL;
        }
@@ -214,11 +233,40 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this,
        {
                return NULL;
        }
-       if (id && !this->cert->has_subject(this->cert, id))
+       ca_key = this->ca->get_public_key(this->ca);
+       if (ca_key && id)
        {
-               return NULL;
+               keyid = ca_key->get_id(ca_key, id->get_type(id));
+       }
+       if (!id || this->ca->has_subject(this->ca, id) ||
+               (keyid && id->equals(id, keyid)))
+       {       /* ca certificate */
+               DESTROY_IF(ca_key);
+               return enumerator_create_single(this->ca, NULL);
+       }
+       DESTROY_IF(ca_key);
+       if (!trusted)
+       {
+               /* peer certificate, generate on demand */
+               serial = htonl(++this->serial);
+               now = time(NULL);
+               peer_key = this->private->get_public_key(this->private);
+               peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+                                                                       BUILD_SIGNING_KEY, this->private,
+                                                                       BUILD_SIGNING_CERT, this->ca,
+                                                                       BUILD_PUBLIC_KEY, peer_key,
+                                                                       BUILD_SUBJECT, id,
+                                                                       BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24,
+                                                                       BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24,
+                                                                       BUILD_SERIAL, chunk_from_thing(serial),
+                                                                       BUILD_END);
+               peer_key->destroy(peer_key);
+               if (peer_cert)
+               {
+                       return enumerator_create_single(peer_cert, (void*)peer_cert->destroy);
+               }
        }
-       return enumerator_create_single(this->cert, NULL);
+       return NULL;
 }
 
 /**
@@ -249,7 +297,7 @@ static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this,
 static void destroy(private_load_tester_creds_t *this)
 {
        DESTROY_IF(this->private);
-       DESTROY_IF(this->cert);
+       DESTROY_IF(this->ca);
        this->shared->destroy(this->shared);
        this->id->destroy(this->id);
        free(this);
@@ -267,14 +315,18 @@ load_tester_creds_t *load_tester_creds_create()
        this->public.destroy = (void(*) (load_tester_creds_t*))destroy;
        
        this->private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
-               BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), BUILD_END);        
+                               BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)),
+                               BUILD_END);
        
-       this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
-               BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), BUILD_END);                         
+       this->ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+                               BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)),
+                               BUILD_X509_FLAG, X509_CA,
+                               BUILD_END);
        
        this->shared = shared_key_create(SHARED_IKE, 
                                                                         chunk_clone(chunk_create(psk, sizeof(psk))));
-       this->id = identification_create_from_string("load-test@strongswan.org");
+       this->id = identification_create_from_string("CN=*, OU=load-test, O=strongSwan");
+       this->serial = 0;
        return &this->public;
 }
 
index cd4a5f8..257c745 100644 (file)
@@ -91,9 +91,6 @@ struct private_load_tester_plugin_t {
  */
 static job_requeue_t do_load_test(private_load_tester_plugin_t *this)
 {
-       peer_cfg_t *peer_cfg;
-       child_cfg_t *child_cfg = NULL;;
-       enumerator_t *enumerator;
        int i, s = 0, ms = 0;
        
        this->mutex->lock(this->mutex);
@@ -107,37 +104,38 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this)
                s = this->delay / 1000;
                ms = this->delay % 1000;
        }
-       peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
-                                                                                                         "load-test");
-       if (peer_cfg)
+       
+       for (i = 0; this->iterations == 0 || i < this->iterations; i++)
        {
+               peer_cfg_t *peer_cfg;
+               child_cfg_t *child_cfg = NULL;
+               enumerator_t *enumerator;
+       
+               peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends,
+                                                                                                                 "load-test");
+               if (!peer_cfg)
+               {
+                       break;
+               }
                enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
-               if (enumerator->enumerate(enumerator, &child_cfg))
+               if (!enumerator->enumerate(enumerator, &child_cfg))
                {
-                       child_cfg->get_ref(child_cfg);
+                       enumerator->destroy(enumerator);
+                       break;
                }
                enumerator->destroy(enumerator);
                
-               if (child_cfg)
-               {
-                       for (i = 0; this->iterations == 0 || i < this->iterations; i++)
-                       {
-                               charon->controller->initiate(charon->controller,
-                                       peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
+               charon->controller->initiate(charon->controller,
+                                       peer_cfg, child_cfg->get_ref(child_cfg),
                                        NULL, NULL);
-                               
-                               if (s)
-                               {
-                                       sleep(s);
-                               }
-                               if (ms)
-                               {
-                                       usleep(ms * 1000);
-                               }
-                       }
-                       child_cfg->destroy(child_cfg);
+               if (s)
+               {
+                       sleep(s);
+               }
+               if (ms)
+               {
+                       usleep(ms * 1000);
                }
-               peer_cfg->destroy(peer_cfg);
        }
        this->mutex->lock(this->mutex);
        this->running--;