Discussion:
[strongSwan-dev] python vici load-conn - possible bug
Vijaya Venkatachalam
2017-04-26 12:42:20 UTC
Permalink
Hi,
I am looking at the python vici implementation for strongswan and there seems to be a bug in protocol.py in the Packet class.

@classmethod                                    
    def _named_request(cls, request_type, request, message=None):
        requestdata = request.encode("UTF-8")                   
        payload = struct.pack("!BB", request_type, len(request)) + request
        if message is not None:                                              
            return payload + message                                         
        else:                                                                
            return payload
So when I create a dictionary for the ipsec config and do a load_conn I got the error as unable to concat bytes and string.And I realized that this is because in the _named_request method above, we are packing request instead of requestdata.Possibly we need to change the length being passed to pack also.

When I replace request with requestdata, the error goes away and it proceeds with the trying to parse/load the connection from configuration.
Thanks,vijaya
Tobias Brunner
2017-04-26 12:51:07 UTC
Permalink
Hi Vijaya,
Post by Vijaya Venkatachalam
So when I create a dictionary for the ipsec config and do a load_conn I
got the error as unable to concat bytes and string.
And I realized that this is because in the _named_request method above,
we are packing request instead of requestdata.
Possibly we need to change the length being passed to pack also.
When I replace request with requestdata, the error goes away and it
proceeds with the trying to parse/load the connection from configuration.
A fix for this is already in master [1].

Regards,
Tobias

[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0d66b01a
Vijaya Venkatachalam
2017-04-26 13:03:10 UTC
Permalink
ThanksTobias.Also I am finding that I cannot set the local_addrs and remote_addrs in the dictionary that I pass to load_conn.Not sure whether this is also resolved or not?I get the error as

vici.exception.CommandException: Command failed: b'unknown option: local_addrs, config discarded.
load_config = { 'vv' :  {'local_addrs' : '%any' , 'remote_addrs' : '78.33.59.116', 'encap' : 'yes', 'mobike' : 'no', 'local' : { 'auth' : 'psk' } ,  'remote' : { 'auth' : 'psk' } , 'children' : { 'vv' : {'mode' : 'TRANSPORT'} }}}

This is what I am trying to load.  If I remove local_addrs and remote_addrs, it loads successfully.

regards,
vijaya

From: Tobias Brunner <***@strongswan.org>
To: Vijaya Venkatachalam <***@rocketmail.com>; "***@lists.strongswan.org" <***@lists.strongswan.org>
Sent: Wednesday, April 26, 2017 1:51 PM
Subject: Re: [strongSwan-dev] python vici load-conn - possible bug

Hi Vijaya,
Post by Vijaya Venkatachalam
So when I create a dictionary for the ipsec config and do a load_conn I
got the error as unable to concat bytes and string.
And I realized that this is because in the _named_request method above,
we are packing request instead of requestdata.
Possibly we need to change the length being passed to pack also.
When I replace request with requestdata, the error goes away and it
proceeds with the trying to parse/load the connection from configuration.
A fix for this is already in master [1].

Regards,
Tobias

[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0d66b01a
Vijaya Venkatachalam
2017-04-26 14:29:21 UTC
Permalink
pls ignore this mail. This is because I didn't specify the local_addrs as a list. It works fine once I do that.


From: Vijaya Venkatachalam <***@rocketmail.com>
To: Tobias Brunner <***@strongswan.org>; "***@lists.strongswan.org" <***@lists.strongswan.org>
Sent: Wednesday, April 26, 2017 2:03 PM
Subject: Re: [strongSwan-dev] python vici load-conn - possible bug

ThanksTobias.Also I am finding that I cannot set the local_addrs and remote_addrs in the dictionary that I pass to load_conn.Not sure whether this is also resolved or not?I get the error as

vici.exception.CommandException: Command failed: b'unknown option: local_addrs, config discarded.
load_config = { 'vv' :  {'local_addrs' : '%any' , 'remote_addrs' : '78.33.59.116', 'encap' : 'yes', 'mobike' : 'no', 'local' : { 'auth' : 'psk' } ,  'remote' : { 'auth' : 'psk' } , 'children' : { 'vv' : {'mode' : 'TRANSPORT'} }}}

This is what I am trying to load.  If I remove local_addrs and remote_addrs, it loads successfully.

regards,
vijaya

From: Tobias Brunner <***@strongswan.org>
To: Vijaya Venkatachalam <***@rocketmail.com>; "***@lists.strongswan.org" <***@lists.strongswan.org>
Sent: Wednesday, April 26, 2017 1:51 PM
Subject: Re: [strongSwan-dev] python vici load-conn - possible bug

Hi Vijaya,
Post by Vijaya Venkatachalam
So when I create a dictionary for the ipsec config and do a load_conn I
got the error as unable to concat bytes and string.
And I realized that this is because in the _named_request method above,
we are packing request instead of requestdata.
Possibly we need to change the length being passed to pack also.
When I replace request with requestdata, the error goes away and it
proceeds with the trying to parse/load the connection from configuration.
A fix for this is already in master [1].

Regards,
Tobias

[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0d66b01a
Loading...