[Swan-dev] bug in parser?
Antony Antony
antony at phenome.org
Thu Dec 9 09:05:39 EET 2021
Hi,
While working on xfrm sa expire messages and extending the parser with
binary prefixes I noticed a bug in our parser, libipsecconf code?
May be it is something for parser experts! Hugh, would you please take a look?
test cases: libipsecconf-09-time-prefix and libipsecconf-10-percentage-prefix
For time
conn time-good
left=192.1.2.45
right=192.1.2.23
rekeymargin=10s
conn time-wip
left=192.1.2.45
right=192.1.2.23
rekeymargin=10seconds
The connection "time-wip" should be an error instead it seems to accept a
random value.
https://testing.libreswan.org/v4.5-688-gfd96fdd15c-main/libipsecconf-09-time-prefix/OUTPUT/west.console.txt
the same for % for rekey_fuzz
https://testing.libreswan.org/v4.5-688-gfd96fdd15c-main/libipsecconf-10-percentage-prefix/OUTPUT/west.console.txt
in the output
ipsec status | grep margin
000 "percentage-good": ike_life: 28800s; ipsec_life: 28800s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 10%; keyingtries: 0;
000 "percentage-wip": ike_life: 28800s; ipsec_life: 28800s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
west #
PS: sa-expire branch where I extend with for bytes KiB,MiB,.. and also
binary prefix for packets Ki, Mi...
# sa-expire
https://github.com/antonyantony/libreswan/tree/sa-expire
More information about the Swan-dev
mailing list