New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix computation of IPsec max. sequence number #27656
Merged
pchaigno
merged 3 commits into
cilium:main
from
pchaigno:fix-ipsec-max-seq-number-parsing
Aug 28, 2023
Merged
Fix computation of IPsec max. sequence number #27656
pchaigno
merged 3 commits into
cilium:main
from
pchaigno:fix-ipsec-max-seq-number-parsing
Aug 28, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pchaigno
added
release-note/bug
This PR fixes an issue in a previous release of Cilium.
area/cli
Impacts the command line interface of any command in the repository.
area/encryption
Impacts encryption support such as IPSec, WireGuard, or kTLS.
needs-backport/1.12
needs-backport/1.13
This PR / issue needs backporting to the v1.13 branch
needs-backport/1.14
This PR / issue needs backporting to the v1.14 branch
labels
Aug 23, 2023
pchaigno
force-pushed
the
fix-ipsec-max-seq-number-parsing
branch
from
August 23, 2023 12:42
a129929
to
946e73e
Compare
gentoo-root
approved these changes
Aug 25, 2023
derailed
requested changes
Aug 25, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pchaigno Great catch! Nice work. Just a few small picks...
pchaigno
added
release-blocker/1.12
This issue will prevent the release of the next version of Cilium.
release-blocker/1.13
This issue will prevent the release of the next version of Cilium.
release-blocker/1.14
This issue will prevent the release of the next version of Cilium.
release-blocker/1.15
This issue will prevent the release of the next version of Cilium.
and removed
release-blocker/1.15
This issue will prevent the release of the next version of Cilium.
labels
Aug 25, 2023
derailed
approved these changes
Aug 25, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pchaigno Thanks Paul for the comments. LGTM
This refactoring moves the actual logic to extract the maximum sequence number into a dedicated function. That will be useful to allow us to test this logic in a following commit. This commit has no functionnal changes. As a reminder, we can't use netlink.XfrmStatesList here because it doesn't have the sequence numbers. We can't use JSON format because the ip xfrm commands don't support it. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
maxSequenceNumber currently iterates over all XFRM states in the ip xfrm state list output to find the largest sequence number. It however does so while keeping the parsed sequence numbers as hexadecimal strings. Hence, a number like "0xc1" is understood as being larger than e.g. "0x1234". This commit fixes it by parsing the sequence numbers into int64 before comparing them. We also need to adapt the regular expression slightly to avoid considering the "0x" prefix as part of the number, given strconv.ParseInt doesn't support it. Fixes: 2842c49 ("cli: add helper functions for `cilium encrypt`") Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
pchaigno
force-pushed
the
fix-ipsec-max-seq-number-parsing
branch
from
August 28, 2023 12:34
946e73e
to
e642a9f
Compare
This commit simply adds two small unit tests for the extractMaxSequenceNumber function. The first test covers the bug fixed in the previous commit. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
pchaigno
force-pushed
the
fix-ipsec-max-seq-number-parsing
branch
from
August 28, 2023 12:35
e642a9f
to
ae0ed2a
Compare
/test |
maintainer-s-little-helper
bot
added
the
ready-to-merge
This PR has passed all tests and received consensus from code owners to merge.
label
Aug 28, 2023
jibi
added
backport-pending/1.14
The backport for Cilium 1.14.x for this PR is in progress.
and removed
needs-backport/1.14
This PR / issue needs backporting to the v1.14 branch
labels
Sep 4, 2023
maintainer-s-little-helper
bot
moved this from Needs backport from main
to Backport pending to v1.14
in 1.14.2
Sep 4, 2023
jibi
added
backport-pending/1.13
The backport for Cilium 1.13.x for this PR is in progress.
and removed
needs-backport/1.13
This PR / issue needs backporting to the v1.13 branch
labels
Sep 4, 2023
maintainer-s-little-helper
bot
moved this from Needs backport from main
to Backport pending to v1.13
in 1.13.7
Sep 4, 2023
maintainer-s-little-helper
bot
moved this from Needs backport from main
to Backport pending to v1.12
in 1.12.14
Sep 5, 2023
jibi
added
backport-done/1.14
The backport for Cilium 1.14.x for this PR is done.
and removed
backport-pending/1.14
The backport for Cilium 1.14.x for this PR is in progress.
labels
Sep 7, 2023
maintainer-s-little-helper
bot
moved this from Backport pending to v1.14
to Backport done to v1.14
in 1.14.2
Sep 7, 2023
michi-covalent
added
backport-done/1.13
The backport for Cilium 1.13.x for this PR is done.
and removed
backport-pending/1.13
The backport for Cilium 1.13.x for this PR is in progress.
labels
Sep 9, 2023
maintainer-s-little-helper
bot
moved this from Backport pending to v1.13
to Backport done to v1.13
in 1.13.7
Sep 9, 2023
maintainer-s-little-helper
bot
moved this from Backport pending to v1.13
to Backport done to v1.13
in 1.13.7
Sep 9, 2023
michi-covalent
added
backport-done/1.12
The backport for Cilium 1.12.x for this PR is done.
and removed
backport-pending/1.12
labels
Sep 9, 2023
maintainer-s-little-helper
bot
moved this from Backport pending to v1.12
to Backport done to v1.12
in 1.12.14
Sep 9, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/cli
Impacts the command line interface of any command in the repository.
area/encryption
Impacts encryption support such as IPSec, WireGuard, or kTLS.
backport-done/1.12
The backport for Cilium 1.12.x for this PR is done.
backport-done/1.13
The backport for Cilium 1.13.x for this PR is done.
backport-done/1.14
The backport for Cilium 1.14.x for this PR is done.
ready-to-merge
This PR has passed all tests and received consensus from code owners to merge.
release-blocker/1.12
This issue will prevent the release of the next version of Cilium.
release-blocker/1.13
This issue will prevent the release of the next version of Cilium.
release-blocker/1.14
This issue will prevent the release of the next version of Cilium.
release-note/bug
This PR fixes an issue in a previous release of Cilium.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See commits for details. First commit refactors to allow for subsequent unit test; second fixes the bug. third adds a unit test.