]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eee93b9)
configuration and scripts to test high load UDP -> TLS proxying
authorAlan T. DeKok <aland@freeradius.org>
Wed, 5 Apr 2023 20:48:55 +0000 (16:48 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Wed, 5 Apr 2023 21:07:43 +0000 (17:07 -0400)
src/tests/tls/README.md [new file with mode: 0644] patch | blob
src/tests/tls/home/radiusd.conf [new file with mode: 0644] patch | blob
src/tests/tls/proxy/proxy.conf [new file with mode: 0644] patch | blob
src/tests/tls/proxy/radiusd.conf [new file with mode: 0644] patch | blob
src/tests/tls/radclient.sh [new file with mode: 0755] patch | blob
src/tests/tls/radiusd-home.sh [new file with mode: 0755] patch | blob
src/tests/tls/radiusd-proxy.sh [new file with mode: 0755] patch | blob
src/tests/tls/user_password [new file with mode: 0644] patch | blob

diff --git a/src/tests/tls/README.md b/src/tests/tls/README.md
new file mode 100644 (file)
index 0000000..e614c59
--- /dev/null
+++ b/src/tests/tls/README.md
@@ -0,0 +1,34 @@
+# Tests for TLS
+
+You will need at least 3 terminal windows:
+
+1. Home Server
+
+```
+./radiusd-home.sh
+```
+
+This server receives Access-Request packets over TLS, and sends Access-Accept.
+
+2. Proxy server
+
+```
+./radiusd-proxy.sh
+```
+
+This server receives Access-Request packets over UDP, and proxies them to the home server.
+
+3. Client(s)
+
+Send one packet:
+
+```
+./radclient.sh
+```
+
+Send 500,000 packets:
+
+```
+./radclient.sh -c 500000
+```
+
diff --git a/src/tests/tls/home/radiusd.conf b/src/tests/tls/home/radiusd.conf
new file mode 100644 (file)
index 0000000..46e66a8
--- /dev/null
+++ b/src/tests/tls/home/radiusd.conf
@@ -0,0 +1,69 @@
+#
+#  Minimal radiusd.conf for testing
+#
+raddb        = $ENV{RADDB}
+modconfdir   = ${raddb}/mods-config
+testdir      = $ENV{TEST_PATH}
+pidfile      = ${testdir}/radiusd.pid
+panic_action = "gdb -batch -x $${testdir}/panic.gdb %e %p > $${testdir}/gdb-radiusd.log 2>&1; cat $${testdir}/gdb-radiusd.log"
+certdir      = ${raddb}/certs
+cadir        = ${raddb}/certs
+libdir       = $ENV{LIB_PATH}
+
+max_requests = 1048576
+
+thread pool {
+       start_servers = 5
+       max_servers = 32
+       min_spare_servers = 3
+       max_spare_servers = 10
+       max_requests_per_server = 0
+       cleanup_delay = 5
+       max_queue_size = 65536
+       auto_limit_acct = no
+}
+
+#
+#  Referenced by some modules for default thread pool configuration
+#
+modules {
+}
+
+clients radsec {
+       client home {
+               ipaddr = 127.0.0.1
+               proto = tls
+       }
+}
+
+listen {
+       type = auth
+
+       ipaddr = 127.0.0.1
+       port = 2083
+       proto = tcp
+
+       clients = radsec
+
+       virtual_server = default
+
+       tls {
+               private_key_password = whatever
+               private_key_file = ${certdir}/server.pem
+               certificate_file = ${certdir}/server.pem
+               ca_file = ${cadir}/ca.pem
+               fragment_size = 8192
+               ca_path = ${cadir}
+               cipher_list = "DEFAULT"
+               tls_min_version = "1.3"
+               tls_max_version = "1.3"
+       }
+}
+
+server default {
+       authorize {
+               update control {
+                       Auth-Type := accept
+               }
+       }
+}
diff --git a/src/tests/tls/proxy/proxy.conf b/src/tests/tls/proxy/proxy.conf
new file mode 100644 (file)
index 0000000..56b3453
--- /dev/null
+++ b/src/tests/tls/proxy/proxy.conf
@@ -0,0 +1,29 @@
+home_server home {
+       ipaddr = 127.0.0.1
+       port = 2083
+       type = auth
+       secret = radsec
+       proto = tcp
+       status_check = none
+
+#      nonblock = yes
+
+       revive_interval = 10
+
+       tls {
+               private_key_password = whatever
+               private_key_file = ${certdir}/client.pem
+               certificate_file = ${certdir}/client.pem
+               ca_file = ${cadir}/ca.pem
+               fragment_size = 8192
+               ca_path = ${cadir}
+               cipher_list = "DEFAULT"
+               tls_min_version = "1.3"
+               tls_max_version = "1.3"
+       }
+}
+
+home_server_pool home {
+       type = fail-over
+       home_server = home
+}
diff --git a/src/tests/tls/proxy/radiusd.conf b/src/tests/tls/proxy/radiusd.conf
new file mode 100644 (file)
index 0000000..605d531
--- /dev/null
+++ b/src/tests/tls/proxy/radiusd.conf
@@ -0,0 +1,48 @@
+raddb        = $ENV{RADDB}
+modconfdir   = ${raddb}/mods-config
+testdir      = $ENV{TEST_PATH}/proxy
+pidfile      = ${testdir}/radiusd.pid
+panic_action = "gdb -batch -x $${testdir}/panic.gdb %e %p > $${testdir}/gdb-radiusd.log 2>&1; cat $${testdir}/gdb-radiusd.log"
+certdir      = ${raddb}/certs
+cadir        = ${raddb}/certs
+libdir       = $ENV{LIB_PATH}
+
+max_requests = 1048576
+
+thread pool {
+       start_servers = 5
+       max_servers = 32
+       min_spare_servers = 3
+       max_spare_servers = 10
+       max_requests_per_server = 0
+       cleanup_delay = 5
+       max_queue_size = 65536
+       auto_limit_acct = no
+}
+
+#
+# Minimum configuration for Proxy Server -> SRADIUSD
+#
+$INCLUDE ${testdir}/proxy.conf
+
+client local_test {
+       ipaddr = 127.0.0.1
+       secret = testing123
+       proto = *
+}
+
+listen {
+       type = auth
+       ipaddr = 127.0.0.1
+       port = 1812
+       proto = udp
+       virtual_server = default
+}
+
+server default {
+       authorize {
+               update control {
+                       &Home-Server-Pool = "home"
+               }
+       }
+}
diff --git a/src/tests/tls/radclient.sh b/src/tests/tls/radclient.sh
new file mode 100755 (executable)
index 0000000..4b38168
--- /dev/null
+++ b/src/tests/tls/radclient.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+#
+#  Run the home server.
+#
+
+DIR=$(dirname $0)/../../..
+PROGRAM=$(basename $0)
+
+export RADDB=$DIR/raddb
+export TEST_PATH=$(dirname $0)/
+export LIB_PATH=$DIR/build/lib/local/
+
+exec $DIR/build/make/jlibtool --mode=execute $FR_DEBUGGER $DIR/build/bin/local/radclient -d $(dirname $0)/home -D $DIR/share/ -f user_password $@ localhost auth testing123
diff --git a/src/tests/tls/radiusd-home.sh b/src/tests/tls/radiusd-home.sh
new file mode 100755 (executable)
index 0000000..fb1f678
--- /dev/null
+++ b/src/tests/tls/radiusd-home.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+#
+#  Run the home server.
+#
+
+DIR=$(dirname $0)/../../..
+PROGRAM=$(basename $0)
+
+export RADDB=$DIR/raddb
+export TEST_PATH=$(dirname $0)/
+export LIB_PATH=$DIR/build/lib/local/
+
+exec $DIR/build/make/jlibtool --mode=execute $FR_DEBUGGER $DIR/build/bin/local/radiusd -d $(dirname $0)/home -D $DIR/share/ -fxx -l stdout $@
diff --git a/src/tests/tls/radiusd-proxy.sh b/src/tests/tls/radiusd-proxy.sh
new file mode 100755 (executable)
index 0000000..12e8d81
--- /dev/null
+++ b/src/tests/tls/radiusd-proxy.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+#
+#  Run the home server.
+#
+
+DIR=$(dirname $0)/../../..
+PROGRAM=$(basename $0)
+
+export RADDB=$DIR/raddb
+export TEST_PATH=$(dirname $0)/
+export LIB_PATH=$DIR/build/lib/local/
+
+exec $DIR/build/make/jlibtool --mode=execute $FR_DEBUGGER $DIR/build/bin/local/radiusd -d $(dirname $0)/proxy -D $DIR/share/ -fxx -l stdout $@
diff --git a/src/tests/tls/user_password b/src/tests/tls/user_password
new file mode 100644 (file)
index 0000000..9d0a12c
--- /dev/null
+++ b/src/tests/tls/user_password
@@ -0,0 +1,3 @@
+User-Name = "bob"
+User-Password = "bob"
+Message-Authenticator = 0x00
Mirror of https://github.com/FreeRADIUS/freeradius-server.git