Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix computation of IPsec max. sequence number #27656

Merged
merged 3 commits into from
Aug 28, 2023
Merged

Fix computation of IPsec max. sequence number #27656

merged 3 commits into from
Aug 28, 2023

Commits on Aug 28, 2023

  1. cmd: Refactor maxSequenceNumber 

    This refactoring moves the actual logic to extract the maximum sequence
number into a dedicated function. That will be useful to allow us to
test this logic in a following commit.

This commit has no functionnal changes.

As a reminder, we can't use netlink.XfrmStatesList here because it
doesn't have the sequence numbers. We can't use JSON format because the
ip xfrm commands don't support it.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
    @pchaigno
    pchaigno committed Aug 28, 2023
    Configuration menu
    Copy the full SHA
    8e2b132 View commit details
    Browse the repository at this point in the history

  2. cmd: Fix the computed IPsec max. sequence number 

    maxSequenceNumber currently iterates over all XFRM states in the ip xfrm
state list output to find the largest sequence number. It however does
so while keeping the parsed sequence numbers as hexadecimal strings.
Hence, a number like "0xc1" is understood as being larger than e.g.
"0x1234".

This commit fixes it by parsing the sequence numbers into int64 before
comparing them.

We also need to adapt the regular expression slightly to avoid
considering the "0x" prefix as part of the number, given
strconv.ParseInt doesn't support it.

Fixes: 2842c49 ("cli: add helper functions for `cilium encrypt`")
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
    @pchaigno
    pchaigno committed Aug 28, 2023
    Configuration menu
    Copy the full SHA
    c6cb225 View commit details
    Browse the repository at this point in the history

  3. cmd: Unit tests for extractMaxSequenceNumber 

    This commit simply adds two small unit tests for the
extractMaxSequenceNumber function. The first test covers the bug fixed
in the previous commit.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
    @pchaigno
    pchaigno committed Aug 28, 2023
    Configuration menu
    Copy the full SHA
    ae0ed2a View commit details
    Browse the repository at this point in the history