* Add configurable timeout for the setup of the control connection.
This is specified using the new --connect-timeout option, with an
integer parameter in ms. The iperf3 client will wait for this
amount of time for the setup of the control connection to the
server. If this option is not given, the OS default for TCP
connection setup is used. Specifying a smaller connection timeout
allows faster detection of a down / unresponsive iperf3 server.
The implementation uses a variation on the timeout_connect()
function from OpenBSD's netcat utility.
Fixes#216.
Add an optional mode that requires clients to authenticate with the server.
In this mode, clients need to provide a username and a password, which are checked against a password file on the server. The authentication credentials are protected by an RSA public keypair...the encrypted credentials are sent along with the test parameters.
Operationally the use of this feature places the following additional requirements on the build and installation of iperf3:
o The presence of the OpenSSL headers and libraries to build iperf3, and the libraries available on the client and server at runtime.
o Generation of an RSA public keypair; the private part is used by the server and the public part must be distributed to the clients.
o Username/password pairs for all authorized users, to be stored in a file on the server.
o Loose time synchronization between the server and clients (to within approximately 30 seconds).
o Appropriate command-line flags given on the client and server.
Note that iperf3 can be built and run as before, without fulfilling any of these requirements.
Partial documentation for this feature is included in this commit. It is anticipated that additional documentation text and editing will follow this merge.
Submitted by @ralcini. First suggested by @codyhanson in pull request #242.
* Remove unused hstrerror(), bad nanosleep() message in configure.ac (#503)
* Remove dead code involving h_errno and hstrerror()
h_errno was formerly set as a side effect of a failed
gethostbyname(3) call, but this function has been
deprecated.
malformed JSON string was passed on the control channel. This issue,
present in the cJSON library, was already fixed upstream, so was
addressed here in iperf3 by importing a newer version of cJSON (plus
local ESnet modifications).
Discovered and reported by Dave McDaniel, Cisco Talos.
Based on a patch by @dopheide-esnet, with input from @DaveGamble.
Cross-references: TALOS-CAN-0164, ESNET-SECADV-2016-0001,
CVE-2016-4303
commit 2dc03630a736be2ae9f64823aabb5776e7074c2a
Merge: 61e325c 0da552c
Author: Bruce A. Mah <bmah@es.net>
Date: Thu May 26 09:40:58 2016 -0700
Merge branch 'master' into issue-325
commit 61e325c5d0a4e7a9823221ce507db0f478fc98b5
Merge: 227992f ccbcee6
Author: Bruce A. Mah <bmah@es.net>
Date: Thu May 26 11:09:54 2016 -0400
Merge branch 'issue-325' of github.com:esnet/iperf into issue-325
Conflicts:
src/iperf3.1
commit 227992f366e7f4895b6762011576ba22a42a752e
Author: Bruce A. Mah <bmah@es.net>
Date: Thu May 26 11:07:01 2016 -0400
Don't set SO_MAX_PACING_RATE if the rate is 0. Also tweak some help text.
Towards #325, in response to feedback from @bltierney.
commit ccbcee6366d50ec632fc00eb11fde8a886f8febe
Author: Bruce A. Mah <bmah@es.net>
Date: Tue May 24 09:19:41 2016 -0700
Fix manpage formatting for consistency.
commit 90ac5a9ce09bd746ca5f943a8226ab864da3ebf8
Author: Bruce A. Mah <bmah@es.net>
Date: Tue May 24 12:14:16 2016 -0400
Add some documentation for fair-queueing per-socket pacing.
For #325.
commit 5571059870f7aefefb574816de70b6406848888f
Author: Bruce A. Mah <bmah@es.net>
Date: Tue May 24 11:55:44 2016 -0400
Change the fair-queueing socket pacing logic in response to feedback.
By default, on platforms where per-socket pacing is available, it
will be used. If not available, iperf3 will fall back to application-
level pacing.
The --no-fq-socket-pacing option can be used to forcibly disable
fair-queueing per-socket pacing. (The earlier --socket-pacing option
has been removed.)
Tested on CentOS 7, more testing on other platforms is required to
be sure it didn't break the old application-level pacing behavior.
For #325.
commit 3e3f506fe9f375a5771c9e3ddfe8677c1a7146e7
Merge: 50a379e 3b23112
Author: Bruce A. Mah <bmah@es.net>
Date: Tue May 24 09:54:39 2016 -0400
Merge branch 'master' into issue-325
commit 50a379eddfa89d1313d2aeeb62a6fbc82f00ea17
Author: Bruce A. Mah <bmah@es.net>
Date: Sat Apr 16 02:55:42 2016 -0400
Regen.
commit 200d3fe3917b3d298bdf52a0bde32c47cf2727b0
Author: Bruce A. Mah <bmah@es.net>
Date: Sat Apr 16 02:41:32 2016 -0400
Checkpoint for initial work on #325 to add socket pacing.
This works only on Linux and depends on the availability of
the SO_MAX_PACING_RATE socket option and the fq queue discipline.
Use --socket-pacing to use SO_MAX_PACING_RATE instead of the
default iperf3 user-level rate limiting; in either case, the
--bandwidth parameter controls the desired rate.
Lightly tested with both --tcp and --udp, normal and --reverse.
Real testing requires analysis of packet timestamps between
multiple hosts.
Solaris implements an (older?) version of the API for SCTP_MAXSEG,
which takes an integer argument rather than a struct sctp_assoc_val.
We need to test for that and handle it appropriately. There are some
signs it doesn't even work correctly if we do this, so quietly ignore
errors that happen if the OS complains it's unsupported.
Also, Solaris doesn't support SCTP_DISABLE_FRAGMENTS even though it
defines the preprocessor symbol for this. Rather than aborting when
we try to unsuccessfully unset this option, just ignore the error.
Lightly tested with SCTP over IPv6 on localhost.
Contains an alternate implementation of previously-submitted patches
to set the maximum segment size and no-delay options.
As a result of this change, SCTP functionality on Linux will generally
require the libsctp library (on CentOS and similar distributions this
is provided by the lksctp-tools RPM).
Part of #131.
Submitted by: Bruce Simpson <bs48@st-andrews.ac.uk>
Only do -Wall by default if on GCC (or something that looks like
GCC, such as clang/llvm).
Turn on -Werror so we can get some better error-checking, but
we also need -Wno-deprecated-declarations at least for MacOS,
because daemon(3) is deprecated starting with MacOS 10.5.
Fixes#174 (I think).
Submitted by: @marksolaris
not including it.
To fix this required us to change config.h to iperf_config.h (to
avoid potential filename collisions with this generic name). Then
iperf.h could include this.
Adjust the existing header file inclusions to track this, and also
canonicalize their inclusion to be at the top of *.c files.
As with several other recent commits, don't check explicitly for an
OS platform, but rather detect the various API bits that are used
to implement CPU affinity setting.
We check at configure-time to see if IPV6_FLOWLABEL_MGR is defined
in <linux/in.6>, if it is we set a HAVE_FLOWLABEL CPP symbol to
turn on conditional compilation of the support for this feature.
Rather than checking for anything Linux-specific at configure-time,
see if TCP_CONGESTION is defined in <netinet/tcp.h> and if so define
a CPP variable HAVE_TCP_CONGESTION, which we then use to enable
conditional compilation of the code for this feature.
Rather than doing checks for platforms that we believe support SCTP,
instead look for an indication (notably the presence of <netinet/sctp.h>)
that it's supported. This makes the conditionals for SCTP more obvious.
In addition, it opens up the possibility that SCTP might work on some
new OS that's not FreeBSD or Linux.
This change may force some additional build-time requirements on Linux,
such as lksctp-tools-devel on CentOS / Fedora or libsctp-dev on
Ubuntu.
Committing this first cut for review and to enable testing on multiple
platforms. So far this works correctly on Linux (SCTP support) and
MacOS (no SCTP support).
Also bumped package id from 3.0a4 to 3.0a5.
This changeset consists of a one-line edit to configure.ac, plus
about fifty kilolines of diffs to a bunch of other config files
generated by bootstrap.sh.
The main iperf binary is compiled, along with a static libiperf, the unit
tests, and a profiled iperf binary.
The tests, and the profiled iperf binary do not get installed.
To compile, run:
./bootstrap.sh
./configure
make
It has all the normal make options (they come mostly for free). e.g.:
You can run "make install" to install it.
You can run "make dist" which will create a distribution tarball.
You can run "make check" to run all the tests.
I backed up the existing Makefile as "src/Makefile.old" in case folks want to
use that still.