[Swan-dev] bug in parser?

Thu Dec 9 09:05:39 EET 2021

Hi,
While working on xfrm sa expire messages and extending the parser with 
binary prefixes I noticed a bug in our parser, libipsecconf code?

May be it is something for parser experts! Hugh, would you please take a look?

test cases: libipsecconf-09-time-prefix and libipsecconf-10-percentage-prefix 

For time
conn time-good
        left=192.1.2.45
        right=192.1.2.23
        rekeymargin=10s

conn time-wip
        left=192.1.2.45
        right=192.1.2.23
	rekeymargin=10seconds

The connection "time-wip" should be an error instead it seems to accept a 
random value.

https://testing.libreswan.org/v4.5-688-gfd96fdd15c-main/libipsecconf-09-time-prefix/OUTPUT/west.console.txt

the same for % for rekey_fuzz
https://testing.libreswan.org/v4.5-688-gfd96fdd15c-main/libipsecconf-10-percentage-prefix/OUTPUT/west.console.txt
in the output 

ipsec status | grep margin
000 "percentage-good":   ike_life: 28800s; ipsec_life: 28800s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 10%; keyingtries: 0;
000 "percentage-wip":   ike_life: 28800s; ipsec_life: 28800s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
west #

PS: sa-expire branch where I extend with for bytes KiB,MiB,.. and also
binary prefix for packets Ki, Mi...

# sa-expire 
https://github.com/antonyantony/libreswan/tree/sa-expire