Hi, While working on xfrm sa expire messages and extending the parser with binary prefixes I noticed a bug in our parser, libipsecconf code?
May be it is something for parser experts! Hugh, would you please take a look? test cases: libipsecconf-09-time-prefix and libipsecconf-10-percentage-prefix For time conn time-good left=192.1.2.45 right=192.1.2.23 rekeymargin=10s conn time-wip left=192.1.2.45 right=192.1.2.23 rekeymargin=10seconds The connection "time-wip" should be an error instead it seems to accept a random value. https://testing.libreswan.org/v4.5-688-gfd96fdd15c-main/libipsecconf-09-time-prefix/OUTPUT/west.console.txt the same for % for rekey_fuzz https://testing.libreswan.org/v4.5-688-gfd96fdd15c-main/libipsecconf-10-percentage-prefix/OUTPUT/west.console.txt in the output ipsec status | grep margin 000 "percentage-good": ike_life: 28800s; ipsec_life: 28800s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 10%; keyingtries: 0; 000 "percentage-wip": ike_life: 28800s; ipsec_life: 28800s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; west # PS: sa-expire branch where I extend with for bytes KiB,MiB,.. and also binary prefix for packets Ki, Mi... # sa-expire https://github.com/antonyantony/libreswan/tree/sa-expire _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev