search

CESNET / netopeer2

NETCONF toolset
BSD 3-Clause "New" or "Revised" License
301 stars 189 forks source link

netopeer server crashes on edit-config with TLS with/without callhome #1001

Closed iGovindY closed 2 years ago

iGovindY commented 3 years ago

Hi,

netopeer server crashes on edit-config with TLS. similar back trace is seen with callhome mode and without callhome mode.

Steps:

  1. Install these yang files.
  2. configure netopeer with for TLS mode, use keys and certificates already in netopeer repo.
  3. run server and client. 
    netopeer2-cli 
> connect --tls --host 10.206.1.21 --port 6513 --cert /etc/keys/client/client.crt --key /etc/keys/client/client.key --trusted /etc/keys/ca/ca.pem
> edit-config --target running --config=/tmp/mm.xml
nc ERROR: SSL socket error (Success).
cli_send_recv: Failed to receive a reply.
nc ERROR: Invalid session to read from.

/tmp/mm.xml

<ManagedElement xmlns="urn:3gpp:sa5:_3gpp-common-managed-element" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
        <id>1</id>
    <GNBDUFunction xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="urn:3gpp:sa5:_3gpp-nr-nrm-gnbdufunction">
        <id>GNBDUFunction</id>
        <attributes>
                <gNBId>208</gNBId>
                <gNBIdLength>32</gNBIdLength>
        </attributes>
        <NRCellDU  xmlns="urn:3gpp:sa5:_3gpp-nr-nrm-nrcelldu" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
                <id>cellindex_1</id>
                <attributes>
                        <cellLocalId>5</cellLocalId>
                        <administrativeState>UNLOCKED</administrativeState>
                        <nRPCI>51</nRPCI>
                        <arfcnDL>433000</arfcnDL>
                        <arfcnUL>353000</arfcnUL>
                        <bSChannelBwDL>20</bSChannelBwDL>
                        <bSChannelBwUL>20</bSChannelBwUL>
                        <pLMNInfoList>
                                <mcc>311</mcc>
                                <mnc>48</mnc>
                        </pLMNInfoList>
                </attributes>
        </NRCellDU>
        <EP_F1C  xmlns="urn:3gpp:sa5:_3gpp-nr-nrm-ep" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
            <id>index1</id>
            <attributes>
                <remoteAddress>127.0.0.1</remoteAddress>
            </attributes>           
        </EP_F1C>
    </GNBDUFunction>
</ManagedElement>

Netopeer server back trace

(gdb) bt
#0  0x00007ff2cea71d91 in __strlen_sse2 () from /usr/lib64/libc.so.6
#1  0x00007ff2cea71a9e in strdup () from /usr/lib64/libc.so.6
#2  0x00007ff2cedbbf98 in sr_session_set_error_format (session=0x7ff2b40109d0, 
    error_format=0xffffffffb4004f40 <Address 0xffffffffb4004f40 out of bounds>)
    at /home/netconf/sysrepo/src/sysrepo.c:898
#3  0x00007ff2cedbbc83 in sr_session_dup_error (src_session=0x7ff2c001bb00, trg_session=0x7ff2b40109d0)
    at /home/netconf/sysrepo/src/sysrepo.c:847
#4  0x0000000000410545 in np2srv_rpc_editconfig_cb (session=0x7ff2b40109d0, UNUSED_sub_id=2, UNUSED_op_path=0x1b58bb0 "/ietf-netconf:edit-config", 
    input=0x7ff2b4000a90, event=SR_EV_RPC, UNUSED_request_id=1, UNUSED_output=0x7ff2b4000b30, UNUSED_private_data=0x0)
    at /home/netconf/netopeer2/src/netconf.c:418
#5  0x00007ff2cedfeeeb in sr_shmsub_rpc_listen_call_callback (rpc_sub=0x1b515d0, ev_sess=0x7ff2b40109d0, input_op=0x7ff2b4000a90, 
    event=SR_SUB_EV_RPC, request_id=1, output_op=0x7ff2c9ad1b50, err_code=0x7ff2c9ad1b44)
    at /home/netconf/sysrepo/src/shm_sub.c:2897
#6  0x00007ff2cedffb65 in sr_shmsub_rpc_listen_process_rpc_events (rpc_subs=0x1b522e0, conn=0x1b330f0)
    at /home/netconf/sysrepo/src/shm_sub.c:3182
#7  0x00007ff2cedc1945 in sr_subscription_process_events (subscription=0x1b58be0, session=0x0, stop_time_in=0x7ff2c9ad1c50)
    at /home/netconf/sysrepo/src/sysrepo.c:3136
#8  0x00007ff2cedc1b1f in sr_process_events (subscription=0x1b58be0, session=0x0, stop_time_in=0x7ff2c9ad1cb8)
    at /home/netconf/sysrepo/src/sysrepo.c:3190
#9  0x00007ff2cee00a47 in sr_shmsub_listen_thread (arg=0x1b58be0)
    at /home/netconf/sysrepo/src/shm_sub.c:3575
#10 0x00007ff2cf31de65 in start_thread () from /usr/lib64/libpthread.so.0
#11 0x00007ff2ceae388d in clone () from /usr/lib64/libc.so.6
[root@pwredg85021 ~]# yanglint --version
yanglint 2.0.81
[root@pwredg85021 ~]# netopeer2-server -V
netopeer2-server 2.0.24
compile time: Aug 31 2021, 15:48:04
[root@pwredg85021 ~]# sysrepoctl --version
sysrepoctl - sysrepo YANG schema manipulation tool, compiled with libsysrepo v2.0.37 (SO v6.4.4)
michalvasko commented 3 years ago

Not sure what the problem is, I first got a NACM error, which was expected. After turning it off some mandatory node was missing.

> edit-config --target running --config
ERROR
        type:     protocol
        tag:      access-denied
        severity: error
        path:     /_3gpp-common-managed-element:ManagedElement
        message:  Access to the data model "_3gpp-common-managed-element" is denied because "tls-test" NACM authorization failed.

> edit-config --target running --config
ERROR
        type:     application
        tag:      operation-failed
        severity: error
        message:  Mandatory node "priorityLabel" instance does not exist.

        type:     application
        tag:      operation-failed
        severity: error
        message:  User callback failed.

> exit

And I have connected over TLS although I really do not know how that could affect this.

iGovindY commented 3 years ago

Hi Michal,

only step you might be doing differently is yang install and configure configuration in Keystore, Truststore, netconf-server yangs.

I have included all scripts and yangs in netopeer-crash.tar.gz, no extra step required.

Steps:

with the below steps, you should be able to reproduce.

Server
cd /tmp
wget https://github.com/CESNET/netopeer2/files/7089845/netopeer-crash.tar.gz
tar -zxf netopeer-crash.tar.gz
cd netopeer-crash/
./sysrepo_reset.sh && ./configure_netconf_server.sh false <server-ip e.g: 10.207.1.21>
netopeer2-server -dv2
Client

netopeer2-cli

connect --tls --host <server-ip e.g: 10.207.1.21> --port 6513 --cert /tmp/netopeer-crash/client.crt --key /tmp/netopeer-crash/client.key --trusted /tmp/netopeer-crash/ca.pem

edit-config --target running --config=/tmp/netopeer-crash/ME_config.xml

ERROR on client

nc ERROR: SSL socket error (Success).
cli_send_recv: Failed to receive a reply.
nc ERROR: Invalid session to read from.
michalvasko commented 3 years ago

The exact same result, using the current devel.