Hi, > > 1) Which is the main missing functionality that restricts load-tester > from taking traffic?
The load-tester plugin currently generates IKEv2 protocol exchanges, mainly to test the daemon itself. It can simulate many clients, but only the key exchange part. All application data is processed by the kernel, and any tool can be used to generated this traffic. You can extend the load tester by generating traffic to process by the kernel, but it won't have much in common with the existing load-tester functionality. > > 2) Is load-tester plugin the only part of the code that needs to be > modified? Or should I look elsewhere as well? You'd have to generate the traffic that matches an existing IPsec connection. This can be done in the load-tester plugin, or in a dedicated tool. > > 3) Am I after big and many changes or something trivial? Generating traffic is probably not that difficult, but it depends on what you actually want to test. > > 4) I've seen revision 015c1568: "Don't simulate traffic on load-tester > kernel interface". Is this correction made in order not to allow > traffic simulation? No. The load-tester can use a "faked" kernel interface stub, so that the negotiated IPsec SAs won't get installed to the system. This is useful in the load-tester if many identical tunnels get established that would conflict in the kernel. This fix just changes the behavior of this stub. > > 5) Something else that I should take into account? What's wrong with using iperf or a similar tool to test your IPsec tunnel? Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
