Hi All, I'm working on support for a new option in iperf 2.0.14 currently called *--permit-key*. This prevents rogue or accidental access to an iperf server. It's expected that a script will set these values and pass them over a secure channel like ssh. Usage also expects -t to time out the server and hence the key after a reasonable duration. It's expected the keys will be one-time use over the public internet. There is no support on the server for multiple keys and this is intentional. It's expected a controlling device will generate the keys and initiate the iperf server and client over ssh pipes pairing the endpoints.
Please do comment and possibly suggest a better option name. The permit-key does two things 1. verifies a string match before accepting traffic 2. updates the transfer-id to include this string *--permit-key [=<value>]* *Set a key value that must match for the server to accept traffic on a connection. A key value will be autogenerated on the server and displayed in its initial settings report if the option is given without a value. The value is required on clients. The value will also be used as the transfer id in reports.* The iperf server auto generated key is guaranteed to be globally unique. Here is an example where the key is auto generated [rjmcmahon@localhost iperf2-code]$ src/iperf -s -i 1 --permit-key ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 128 KByte (default) *Permit key is '1609535250.258-ln12mwAhUc0O5twV'* ------------------------------------------------------------ [1609535250.258-ln12mwAhUc0O5twV(1)] local 192.168.1.62 port 5001 connected with 192.168.1.10 port 51008 [ ID] Interval Transfer Bandwidth [1609535250.258-ln12mwAhUc0O5twV(1)] 0.00-1.00 sec 1.09 GBytes 9.34 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 1.00-2.00 sec 1.10 GBytes 9.42 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 2.00-3.00 sec 1.10 GBytes 9.41 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 3.00-4.00 sec 1.09 GBytes 9.37 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 4.00-5.00 sec 1.10 GBytes 9.41 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 5.00-6.00 sec 1.10 GBytes 9.41 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 6.00-7.00 sec 1.10 GBytes 9.41 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 7.00-8.00 sec 1.10 GBytes 9.41 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 8.00-9.00 sec 1.09 GBytes 9.40 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 9.00-10.00 sec 1.10 GBytes 9.41 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 0.00-10.00 sec 10.9 GBytes 9.40 Gbits/sec REJECT: key value mismatch per 1609535250.258-ln12mwAhUc0O5twU [rjmcmahon@localhost iperf2-code]$ src/iperf -c 192.168.1.62 -i 1 --permit-key=*1609535250.258-ln12mwAhUc0O5twV* ------------------------------------------------------------ Client connecting to 192.168.1.62, TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [1609535250.258-ln12mwAhUc0O5twV(1)] local 192.168.1.10 port 51008 connected with 192.168.1.62 port 5001 [ ID] Interval Transfer Bandwidth [1609535250.258-ln12mwAhUc0O5twV(1)] 0.00-1.00 sec 1.09 GBytes 9.39 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 1.00-2.00 sec 1.10 GBytes 9.42 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 2.00-3.00 sec 1.10 GBytes 9.42 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 3.00-4.00 sec 1.09 GBytes 9.38 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 4.00-5.00 sec 1.09 GBytes 9.40 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 5.00-6.00 sec 1.10 GBytes 9.43 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 6.00-7.00 sec 1.09 GBytes 9.39 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 7.00-8.00 sec 1.10 GBytes 9.42 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 8.00-9.00 sec 1.09 GBytes 9.40 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 9.00-10.00 sec 1.09 GBytes 9.40 Gbits/sec [1609535250.258-ln12mwAhUc0O5twV(1)] 0.00-10.00 sec 10.9 GBytes 9.41 Gbits/sec [rjmcmahon@localhost iperf2-code]$ src/iperf -c 192.168.1.62 -i 1 - -permit-key=1609535250.258-ln12mwAhUc0O5tw*U* ------------------------------------------------------------ Client connecting to 192.168.1.62, TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ tcp write failed: Connection reset by peer shutdown failed: Transport endpoint is not connected [ ID] Interval Transfer Bandwidth Bob -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Iperf-users mailing list Iperf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iperf-users
