experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Fixed: [CLIXON is not waiting for the hello message #184](https://github.com/clicon/clixon/issues/184)

Browse source 
* Hello message semantics has been made stricter according to RFC 6241 Sec 8.1, for example:
  * A client MUST send a <hello> element.
  * Each peer MUST send at least the base NETCONF capability, "urn:ietf:params:netconf:base:1.1" (or 1.0 for RFC 4741)
  * The netconf client will terminate (close the socket) if the client does not comply
  * You can set `CLICON_NETCONF_HELLO_OPTIONAL` to true to use the old behavior of essentially ignoring hellos.
* New clixon-config@2020-03-08.yang revision
  * Added: `CLICON_NETCONF_HELLO_OPTIONAL`
* The base capability has been changed to "urn:ietf:params:netconf:base:1.1" following RFC6241.
This commit is contained in:
Olof hagsand 2021-03-10 13:56:53 +01:00
parent 608f298ed9
commit 5692072d36
81 changed files with 1189 additions and 1351 deletions
Download patch file Download diff file Expand all files Collapse all files

10
test/test_nacm_recovery.sh
View file

@ -115,23 +115,23 @@ EOF
if $getp; then
# default is read allowed so this should always succeed.
new "get startup default ok"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "<rpc $DEFAULTNS><get-config><source><candidate/></source></get-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><data>$DEFAULT</data></rpc-reply>]]>]]>$"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><get-config><source><candidate/></source></get-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><data>$DEFAULT</data></rpc-reply>]]>]]>$"
# This would normally not work except in recovery situations
else
new "get startup not ok"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "<rpc $DEFAULTNS><get-config><source><candidate/></source></get-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>User $realuser credential not matching NACM user $pseudo</error-message></rpc-error></rpc-reply>]]>]]>$"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><get-config><source><candidate/></source></get-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>User $realuser credential not matching NACM user $pseudo</error-message></rpc-error></rpc-reply>]]>]]>$"
return;
fi
if $putp; then
new "put, expect ok"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>"
new "get rules ok"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "<rpc $DEFAULTNS><get-config><source><candidate/></source></get-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><data>$RULES</data></rpc-reply>]]>]]>$"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><get-config><source><candidate/></source></get-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><data>$RULES</data></rpc-reply>]]>]]>$"
else
new "put, expect fail"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>default deny</error-message></rpc-error></rpc-reply>]]>]]>$"
expecteof "$prefix$clixon_netconf -qf $cfg -U $pseudo" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RULES</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>default deny</error-message></rpc-error></rpc-reply>]]>]]>$"
fi
if [ $RC -ne 0 ]; then
new "Kill restconf daemon"