-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clixon does not switch to chunked framing after NETCONF 1.1 is negotiated #314
Comments
See also #50 |
Workaround, patch, and rebuild
|
Thanks for the workaround! |
If possible, please report on interoperability of using 1.0 capability with ncclient / MG-soft. May consider pushing the fix ^to master #50 is fixed. |
I have tested the patch, and it appears to work. Ncclient can now connect without specifying the Alcatel-Lucent device. MG-Soft NETCONF browser can now connect using NETCONF version auto-select (NETCONF version 1.1 does not work, but that is expected given the patch). I also did a few test "get" operations and those work fine too. Once again, thanks for fast response and for the great work on Clixon - I am just getting familiar with it now and I am really liking what I have seen so far. Kudos. |
…nnounce 1.0 * See [Clixon does not switch to chunked framing after NETCONF 1.1 is negotiated](#314) * To enable Netconf 1.1, set `NETCONF_1_1_ANNOUNCE`
Thanks! |
…f 1.1. * First hello is 1.0 EOM framing, then successing rpc is chunked framing * See * [Netconf framing](#50), and * [Clixon does not switch to chunked framing after NETCONF 1.1 is negotiated](#314) * C: * Moved netconf framing code from netconf application to clixon lib * Test: * New expecteof_netconf and adjusted other expect scripts to handle NETCONF 1.1 framing
NETCONF 1.1 framing is now implemented, and has (briefly) been verified by a simple ncclient command. |
Sure, any particular branch or just master?
… On Mar 28, 2022, at 10:52 AM, Olof Hagsand ***@***.***> wrote:
NETCONF 1.1 framing is now implemented, and has (briefly) been verified by a simple ncclient command.
Can you please try it out?
—
Reply to this email directly, view it on GitHub <#314 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAQL5DWVBRCMD2H5GSE57TVCHPWHANCNFSM5QW4L7ZQ>.
You are receiving this because you authored the thread.
|
The master branch |
Hi Olof,
Today I did a pull to get the latest and greatest Clixon code.
I was also careful to remove the work-around patch that you had given earlier (the one that commented out the advertisement of the NETCONF 1.1 capability).
I rebuild and re-installed the Clixon libraries.
I rebuild, re-installed, and restarted by server daemon.
Then I tried connecting the MG-SOFT NETCONF browser, and I observed the following.
When I configure MG-SOFT to force using NETCONF 1.1, the connect cannot be established:
The error message is this:
( Screenshot showing "Peer 10.211.55.8 did not advertise urn:ietf:params:netconf:base:1.1 capability. Closing connection."
MG-Soft sends the following hello message:
<?xml version="1.0" encoding="utf-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.1</capability>
</capabilities>
</hello>
And Clixon sends the following hello message:
<?xml version="1.0" encoding="utf-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="42">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.1</capability>
<capability>urn:ietf:params:netconf:capability:startup:1.0</capability>
<capability>urn:ietf:params:netconf:capability:xpath:1.0</capability>
<capability>urn:ietf:params:netconf:capability:notification:1.0</capability>
</capabilities>
<session-id>4</session-id>
</hello>
— Bruno
… On Mar 29, 2022, at 12:19 AM, Olof Hagsand ***@***.***> wrote:
The master branch
—
Reply to this email directly, view it on GitHub <#314 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAQL5HZXILUOP6WZ5PNFWLVCKOG5ANCNFSM5QW4L7ZQ>.
You are receiving this because you authored the thread.
|
Also, this code looks strange:
Why are there two nested |
I tried adding the following line to my .xml clixon config file:
But I got
|
The nested if:s is wrong, thanks, but it doesnt change the beheavior.
if the following is configured (or actually left out since 1 is default):
This is the hello message I get with the default example:
Note the 1.1 capability announced. There seems to be something wrong with your setup? |
Note this is announced by the |
I figured out why my environment was "weird". I did a "git pull" to get the greatest and latest Clixon code. Then I did a "make" and a "sudo make install" to recompile and re-install Clixon. This built a new version of the clixon libraries (version 5.7) but the version-number-less links for the libraries still pointed to the old 5.6 version.
So, my plugin code was linking with the old unmodified 5.6 library. I got around this problem by deleting all libraries and rebuilding. We probably need some changes to the Clixon makefiles for the After I worked around the problem, I am now able to connect both the MG-Soft NETCONF client and the ncclient to Clixon using NETCONF 1.1. The capabilities are advertised as expected in the open messages, and chunking framing appears to work without any problems. Server hello:
Client hello (I forced MG-Soft to use NETCONF 1.1.):
However, I did notice that the client does a Client get-config request:
Server get-config response:
|
I think that is OK, the namespace is separate from the capability. |
Please open a separate issue regarding the build system |
Closed the issue. I verified that Clixon now correctly uses chunked framing when NETCONF 1.1 is negotiated. It can now establish a NETCONF 1.1 session with both MG-Soft NETCONF browser and ncclient. |
Clixon NETCONF does not interoperate with ncclient or with the MG-Soft NETCONF browser.
After the initial hello exchange, Clixon stops responding to RPC calls.
This is because Clixon announces capability "urn:ietf:params:netconf:base:1.1" which causes the clients to start using version 1.1 of NETCONF over SSH as specified in RFC 6242.
RFC 6242 section 4.1 "Framing protocol" specifies that instead of using "]]>]]>" as a frame delimiter, chunked encoding is used: "If the :base:1.1 capability is advertised by both peers, the chunked framing mechanism (see Section 4.2) is used for the remainder of the NETCONF session."
Clixon advertises that supports version 1.1, but Clixon is hard-coded to always send and receive ]]>]]> frame delimiters, even if version 1.1 has been negotiated. See for example function netconf_input_cb and add_postamble (always called by netconf_output_encap).
Ncclient and the MG-Soft browser start sending chunked encoding as soon as version 1.1 has been negotiated, which Clixon does not recognize and hence Clixon does not respond to the client messages.
I added some debugging to function netconf_input.
This confirms that both ncclient and the MG-Soft NETCONF brower start using chunked framing (I see ##) which Clixon does not recognize.
Note: for the MG-Soft NETCONF browser, the work-around is to force MG-Soft to use NETCONF 1.0 (this is an option in the connect screen)
Note for ncclient the work-around is to specify the Alcatel-Lucent device (it only supports NETCONF 1.0):
The text was updated successfully, but these errors were encountered: