netopeer2 icon indicating copy to clipboard operation
netopeer2 copied to clipboard
verified publisher icon CESNET

netconf-config-change notification is always sent with session-id 0

Open jabilmplane opened this issue 3 years ago • 1 comments

Hi,

I noticed that netconf-config-change notification is always sent with session-id of 0 and user-name "root".

I use latest "stable" versions of all repos:

  • libyang: https://github.com/CESNET/libyang/commit/87375f15159545a87a1e0de200f5d9d67e9091d7 (tag: v2.0.194, origin/master, origin/HEAD, master)
  • libnetconf2: c21986efedaa948fb9ab8764c332a3d17d5c468b (tag: v2.1.11, origin/master, origin/devel, origin/HEAD, master)
  • sysrepo: https://github.com/sysrepo/sysrepo/commit/84ca8d6aacab2fc435b7332c4d26012115bc8509 (tag: v2.1.64, origin/master, origin/HEAD, master)
  • netopeer2: ea020962ea02ea1a03b48c978d2b2575fc86d075 (tag: v2.1.23, origin/master, origin/HEAD, master)

In the modinfo.c value 0 is hardcoded for the session-id:

    /* changed-by username */
    if (lyd_new_term(root, NULL, "username", session->user, 0, NULL)) {
        sr_errinfo_new_ly(&err_info, mod_info->conn->ly_ctx);
        goto cleanup;
    }

    /* changed-by NETCONF session-id (unknown) */
    if (lyd_new_term(root, NULL, "session-id", "0", 0, NULL)) {
        sr_errinfo_new_ly(&err_info, mod_info->conn->ly_ctx);
        goto cleanup;
    }

It used to work earlier, is there a way to figure out session-id now?

To reproduce the issue is enough to start netopeer2-server and cli, subscribe for the changes and perform any edit-config operation:

engineer@kh-rf-testvm-01:~$ netopeer2-cli
> connect --login engineer
Interactive SSH Authentication
Type your password:
Password:
> status
Current NETCONF session:
  ID          : 1
  Host        : 127.0.0.1
  Port        : 830
  Transport   : SSH
  Capabilities:
        urn:ietf:params:netconf:base:1.0
        urn:ietf:params:netconf:base:1.1
        urn:ietf:params:netconf:capability:writable-running:1.0
        urn:ietf:params:netconf:capability:candidate:1.0
        urn:ietf:params:netconf:capability:confirmed-commit:1.1
        urn:ietf:params:netconf:capability:rollback-on-error:1.0
        urn:ietf:params:netconf:capability:validate:1.1
        urn:ietf:params:netconf:capability:startup:1.0
        urn:ietf:params:netconf:capability:xpath:1.0
        urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=explicit&also-supported=report-all,report-all-tagged,trim,explicit
        urn:ietf:params:netconf:capability:notification:1.0
        urn:ietf:params:netconf:capability:interleave:1.0
        urn:ietf:params:netconf:capability:url:1.0?scheme=http,https,ftp,ftps,file
        urn:ietf:params:xml:ns:yang:ietf-yang-metadata?module=ietf-yang-metadata&revision=2016-08-05
        urn:ietf:params:xml:ns:yang:1?module=yang&revision=2021-04-07
        urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15
        urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yang-types&revision=2013-07-15
        urn:ietf:params:netconf:capability:yang-library:1.1?revision=2019-01-04&content-id=26
        urn:ietf:params:xml:ns:yang:ietf-netconf-acm?module=ietf-netconf-acm&revision=2018-02-14
        urn:sysrepo:plugind?module=sysrepo-plugind&revision=2022-03-10
        urn:ietf:params:xml:ns:netconf:base:1.0?module=ietf-netconf&revision=2013-09-29&features=writable-running,candidate,confirmed-commit,rollback-on-error,validate,startup,url,xpath
        urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults?module=ietf-netconf-with-defaults&revision=2011-06-01
        urn:ietf:params:xml:ns:yang:ietf-netconf-notifications?module=ietf-netconf-notifications&revision=2012-02-06
        urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconf-monitoring&revision=2010-10-04
        urn:ietf:params:xml:ns:netmod:notification?module=nc-notifications&revision=2008-07-14
        urn:ietf:params:xml:ns:netconf:notification:1.0?module=notifications&revision=2008-07-14
        urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name?module=ietf-x509-cert-to-name&revision=2014-12-10
        urn:ietf:params:xml:ns:yang:iana-crypt-hash?module=iana-crypt-hash&revision=2014-08-06
> subscribe
OK
> edit-config --target running --config
OK
> notification (2022-07-21T12:53:57.138952801+00:00)
<netconf-config-change xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-notifications">
	<changed-by>
		<username>root</username>
		<session-id>0</session-id>
	</changed-by>
	<datastore>running</datastore>
	<edit>
		<target xmlns:ncs="urn:ietf:params:xml:ns:yang:ietf-netconf-server">/ncs:netconf-server/ncs:listen/ncs:endpoint[ncs:name='default-ssh']/ncs:ssh/ncs:tcp-server-parameters/ncs:keepalives/ncs:probe-interval</target>
		<operation>replace</operation>
	</edit>
</netconf-config-change>

jabilmplane avatar Jul 21 '22 13:07 jabilmplane

I am not sure it is worth bothering with this. We have tried to make sysrepo NETCONF-independent so that it can be used with any protocol, which is why it is now unable to correctly report this information. However, netopeer2-server support YANG Push, which is just a much more detailed and granular implementation of this single notification, so maybe you can use that.

michalvasko avatar Jul 22 '22 10:07 michalvasko