Skip to content

Commit

Permalink
cmd: Fix the computed IPsec max. sequence number
Browse files Browse the repository at this point in the history 
maxSequenceNumber currently iterates over all XFRM states in the ip xfrm
state list output to find the largest sequence number. It however does
so while keeping the parsed sequence numbers as hexadecimal strings.
Hence, a number like "0xc1" is understood as being larger than e.g.
"0x1234".

This commit fixes it by parsing the sequence numbers into int64 before
comparing them.

We also need to adapt the regular expression slightly to avoid
considering the "0x" prefix as part of the number, given
strconv.ParseInt doesn't support it.

Fixes: 2842c49 ("cli: add helper functions for `cilium encrypt`")
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
  • Loading branch information
@pchaigno
pchaigno committed Aug 28, 2023
1 parent 03ac4b1 commit 165db3a
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions cilium/cmd/encrypt_status.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"os/exec"
"reflect"
"regexp"
"strconv"
"strings"

"github.com/prometheus/procfs"
Expand All @@ -30,7 +31,7 @@ type void struct{}
var (
voidType void
countErrors int
regex = regexp.MustCompile("oseq[[:blank:]](0[xX][[:xdigit:]]+)?")
regex = regexp.MustCompile("oseq[[:blank:]]0[xX]([[:xdigit:]]+)")
)

var encryptStatusCmd = &cobra.Command{
Expand Down Expand Up @@ -89,13 +90,17 @@ func countUniqueIPsecKeys() int {
return len(keys)
}

func extractMaxSequenceNumber(ipOutput string) string {
maxSeqNum := "0"
func extractMaxSequenceNumber(ipOutput string) int64 {
maxSeqNum := int64(0)
lines := strings.Split(ipOutput, "\n")
for _, line := range lines {
matched := regex.FindStringSubmatchIndex(line)
if matched != nil {
oseq := line[matched[2]:matched[3]]
oseq, err := strconv.ParseInt(line[matched[2]:matched[3]], 16, 64)
if err != nil {
Fatalf("Failed to parse sequence number '%s': %s",
line[matched[2]:matched[3]], err)
}
if oseq > maxSeqNum {
maxSeqNum = oseq
}
Expand All @@ -111,10 +116,10 @@ func maxSequenceNumber() string {
}
commandOutput := string(out)
maxSeqNum := extractMaxSequenceNumber(commandOutput)
if maxSeqNum == "0" {
if maxSeqNum == 0 {
return "N/A"
}
return fmt.Sprintf("%s/0xffffffff", maxSeqNum)
return fmt.Sprintf("0x%x/0xffffffff", maxSeqNum)
}

func getEncryptionMode() {
Expand Down

0 comments on commit 165db3a

Please sign in to comment.