Travis-CI build failing for release tag for most recent commit

Fix submitted in PR #20

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x13e22b6]

goroutine 1788 [running]:
github.com/Juniper/go-netconf/netconf.(*TransportSSH).Close(0x0, 0xc000eb1360, 0xc000e3d2b0)
	external/com_github_juniper_go_netconf/netconf/transport_ssh.go:42 +0x26
github.com/Juniper/go-netconf/netconf.DialSSHTimeout(0xc0025fec80, 0x12, 0xc000e3d2b0, 0x2540be400, 0xc000e3d2b0, 0x20, 0x203000)
	external/com_github_juniper_go_netconf/netconf/transport_ssh.go:139 +0x110
....

If connToTransport return err the TransportSSH is nil and next, it tries to close nil session
https://github.com/Juniper/go-netconf/blob/master/netconf/transport_ssh.go#L137

Hi,

I am currently involved in the sysrepo/netopeer2 project. They have the yang parser libyang, which is written in C.
We would like to use libyang library with your netconf library to enhance it with new features, like for an example add partial XPATH support, something similar to sysrepo's XPATH implementation.

Are you open for cooperation on this subject?

Currently libyang has only pcre for it's external dependencies. We could package the libyang library into a GO package so the user does not need to install libyang locally on the machine.

The most relevant links from the sysrepo/netopeer2 project are:
libyang
sysrepo
Netopeer2

Best regards,
Mislav Novakovic

The request param just like the examples/ssh1/ssh1.go

Request: _<get-chassis-inventory/>_

Reply: &{XMLName:{Space:urn:ietf:params:xml:ns:netconf:base:1.0 Local:rpc-reply} Errors:[{Type:application Tag:operation-failed Severity:error Path: Message:The Line 2 Column 6 :"

<rpc message-id="d38f44", no target name. Info:applicationoperation-failederrorThe Line 2 Column 6 :"

<?xml version="1.0" encoding="UTF-8"?>

<rpc message-id="d38f44", no target name.}] Data:applicationoperation-failederrorThe Line 2 Column 6 :"

<?xml version="1.0" encoding="UTF-8"?>

<rpc message-id="d38f44", no target name. Ok:false RawReply:applicationoperation-failederrorThe Line 2 Column 6 :"

<?xml version="1.0" encoding="UTF-8"?>

<rpc message-id="d38f44", no target name.}

Hi,

I see a chunkedFraming in the code, but no other references; is it correct that this is not yet implemented?

Thanks,
Jon

Can you please clarify if the BSD license you are referring to in the README.md is the 4-,3- or 2-clause BSD license?

The latter two (2/3-clause) are GPL-compatible and vetted as OSS licenses. The former (4-clause) is not.

Hi folks, anyone still maintaining this repo?

When i started this project I was working for Juniper and looking for something to learn Go with. I was also doing some automation for a customer POC and netconf seemed like a cool thing to try. I got a working prototype and threw it on my GH and talked to @jeremyschulman at a internal meeting and he talked me into moving it into the Juniper repository.

Fast forward 9 years I have long left Juniper but have found myself needing a good Netconf library written in Go and ... we'll i've learned some things over that time. There has been small fixes to this repo while I was focusing on other stuff but it feels largly unowned. Having a need for a better implemented and more feature rich library has started my work on complete rewrite to be slated as v2.

Looking at this repo of this project it seems a lot of interest and contributors seem to be outside of Juniper (like myself) and thinking we should have a safe neutral home to this. This would also allow us to use discussion, the new project support etc.

Would Juniper and other be in support of moving this to a go-netconf organization. This repo would be moved to github.org/go-netconf/netconf which would also be the root of the package and give the package the name of netconf just like it is today but with one less step.

I also want to work on a cli tool like CURL for issuing netconf commands for debugging/etc. That could be a seperate repo and this go module as well to keep the requirements seperate. (The nettconf library should have no requirements outside of stdlib golang.org/x and a cli tool should have some packages for colors, sub-commands, etc).

Yeah neh? Anyone in Juniper can help support this? The other alternative is to fork into the new repo but as there are many users of this package that may be less desirable.

Please see here for a description of the problem damianoneill/nc-hammer#20

Would there be any concerns in having the generated MessageID returned in the RPCReply so that its available from a session.Exec?

func (s *Session) Exec(methods ...RPCMethod) (*RPCReply, error)

Useful to get the ID from a request for debug purposes.

Thanks,
Damian.

Devices always have connection number limit , so I don't want to negotiate the ssh every time , then I try to cache the *ssh.Client and reuse it , but it seems not support in this lib.
the satisfactory result may look like this:

1. Do TCP connection and negotiate SSH , Create *ssh.Client as ClientX
2. If there's a SSH command request , Create a ssh session on ClientX , then do something , then release the session
3. if there's a Netconf request ,Create a netconf session on the same ClientX. And the same logic to sftp.

Does to make sense to make transportBasicIO public?

I needed to implement a new transport plugin, but one that I don't think makes sense to add to this package; extending transportBasicIO meant it was much easier to implement - fewer functions required to be implemented.

Does it make sense to make it public, or have I missed another way? The change is very easy, and I'm happy to submit as a PR, but thought it worth checking first.

Thanks,
Jon

I tried both ssh1 and ssh2 examples but I'm getting an error:
ssh: handshake failed: EOF

Operating System: CentOS7
Go Version: go1.13.11 linux/amd64
Go Env:

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="direct"
GOROOT="/usr/lib/golang"
GOSUMDB="off"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/opt/go-test/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build171988649=/tmp/go-build -gno-record-gcc-switches"

If it helps, I'm using Python's PyEZ framework/library on the same machine and it works just fine.

I get the following response (from a srx that does not currently have a cx111 attached to one of the USB ports):

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/11.4R9/junos" message-id="8fe866c66684646c42df2beace371f37">
  <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
    <source-daemon>wireless-wan-service</source-daemon>
    <message>Adapter is not present.</message>
  </xnm:error>
</rpc-

Hi guys,

I'd like to understand what's your plan for expanding this library and adding missing NETCONF client functionalities.
Is this library still actively maintained? Do you accept external contributions at this time?

In particular I see that there is no support for netconf call home procedure yet (rfc8071) and other netconf operations defined in rfc6241.
Any development plan in action for the future?

Thank you!

Need a way to

• See XML messaging being sent and received
• Enable debugging for underlying transport libraries (crypto/ssh)

Hi,

I see v2 is the newest release, but still have several bugs, is there any plan to release a newer one?

I think it may be a good idea to tag a v1 of the API and start working on breaking API changes in v2.

• Remove ssh.ClientConfig wrappers. Some of these are setting InsecureSkipVerifyHostKey() which is a bad choice to make security decisions for end users (and why it was set as a breaking change in x/crypto/ssh

It paniced when i execute rpc in a single session.

package main

import (
	"fmt"
	"golang.org/x/crypto/ssh"
	"log"

	"github.com/Juniper/go-netconf/netconf"
)

func doRpc(s *netconf.Session, xml string) {
	reply, err := s.Exec(netconf.RawMethod(xml))
	if err != nil {
		panic(err)
	}
	fmt.Printf("Reply: %+v", reply)
}

func main() {
	sshConfig := &ssh.ClientConfig{
		User: "root",
		Auth: []ssh.AuthMethod{ssh.Password("r00ttest")},
		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
	}

	s, err := netconf.DialSSH("172.16.240.189", sshConfig)

	if err != nil {
		log.Fatal(err)
	}

	defer s.Close()

	fmt.Println(s.ServerCapabilities)
	fmt.Println(s.SessionID)

	//xml := "<get-config><source><running/></source></get-config>"
	xml := "<rpc><edit-config><target>candidate</target><system><host-name>hehe</host-name></system></edit-config></rpc>"

	// Sends raw XML
	doRpc(s, xml)
	xml = "<rpc></commit></rpc>"
	doRpc(s, xml)
}

Issues identified by gometalinter, will work through these and push up a pull request.

$ gometalinter ./...
examples/juniper/get_system_information.go:33:6:warning: exported type SystemInformation should have comment or be unexported (golint)
examples/juniper/get_system_information.go:41:1:warning: exported function BuildConfig should have comment or be unexported (golint)
netconf/session.go:7:1:warning: package comment should be of the form "Package netconf ..." (golint)
netconf/transport_ssh.go:180:3:warning: ineffectual assignment to b (ineffassign)
netconf/rpc.go:133::warning: Errors unhandled.,LOW,HIGH (gas)
netconf/transport.go:52::warning: Errors unhandled.,LOW,HIGH (gas)
netconf/transport.go:55::warning: Errors unhandled.,LOW,HIGH (gas)
netconf/transport.go:57::warning: Errors unhandled.,LOW,HIGH (gas)
netconf/transport.go:58::warning: Errors unhandled.,LOW,HIGH (gas)
netconf/transport.go:91::warning: Errors unhandled.,LOW,HIGH (gas)
netconf/transport.go:92::warning: Errors unhandled.,LOW,HIGH (gas)
netconf/transport_junos.go:30::warning: Subprocess launching with partial path.,MEDIUM,HIGH (gas)
examples/juniper/get_system_information.go:104:15:warning: error return value not checked (defer s.Close()) (errcheck)
examples/juniper/get_system_information.go:112:15:warning: error return value not checked (xml.Unmarshal([]byte(reply.RawReply), &q)) (errcheck)
examples/ssh1/ssh1.go:30:15:warning: error return value not checked (defer s.Close()) (errcheck)
examples/ssh2/ssh2.go:30:15:warning: error return value not checked (defer s.Close()) (errcheck)
netconf/rpc.go:133:13:warning: error return value not checked (io.ReadFull(rand.Reader, b)) (errcheck)
netconf/session.go:71:13:warning: error return value not checked (t.SendHello(&HelloMessage{Capabilities: DefaultCapabilities})) (errcheck)
netconf/transport.go:52:9:warning: error return value not checked (t.Write(data)) (errcheck)
netconf/transport.go:55:10:warning: error return value not checked (t.Write([]byte("      "))) (errcheck)
netconf/transport.go:57:9:warning: error return value not checked (t.Write([]byte(msgSeperator))) (errcheck)
netconf/transport.go:58:9:warning: error return value not checked (t.Write([]byte("\n"))) (errcheck)
netconf/transport.go:91:9:warning: error return value not checked (t.Write(b)) (errcheck)
netconf/transport.go:92:9:warning: error return value not checked (t.Write([]byte("\n"))) (errcheck)
netconf/transport_junos.go:21:26:warning: error return value not checked (t.ReadWriteCloser.Close()) (errcheck)
netconf/transport_ssh.go:243:19:warning: error return value not checked (c.SetReadDeadline(time.Now().Add(c.timeout))) (errcheck)
netconf/transport_ssh.go:248:20:warning: error return value not checked (c.SetWriteDeadline(time.Now().Add(c.timeout))) (errcheck)
netconf/transport.go:46:2:warning: unused struct field github.com/Juniper/go-netconf/netconf.transportBasicIO.chunkedFraming (structcheck)
examples/juniper/get_system_information.go:61:47:warning: unnecessary conversion (unconvert)
examples/juniper/get_system_information.go:77:49:warning: unnecessary conversion (unconvert)
netconf/transport.go:86:28:warning: unnecessary conversion (unconvert)
netconf/transport_ssh.go:180:3:warning: this value of b is never used (SA4006) (megacheck)
examples/juniper/get_system_information.go:44:5:warning: should omit comparison to bool constant, can be simplified to *pubkey (S1002) (megacheck)
netconf/rpc_test.go:149:6:warning: should omit comparison to bool constant, can be simplified to !valid(int(v)) (S1002) (megacheck)
netconf/transport_ssh.go:74:2:warning: 'if err != nil { return err }; return nil' can be simplified to 'return err' (S1013) (megacheck)
netconf/transport.go:46:2:warning: field chunkedFraming is unused (U1000) (megacheck)

A place for us to discuss ideas about improving the API.

@nemith has suggested:

I think i would like an Session.Exec that takes a interface{} that we can type assert. If we are given a string or byte slice then send it raw, if we get an object that can be XML encoded then encode it and send that. If we get something that matches the RPCMethod interface then send that. It would make it all a lot easier.

And:

Yes it's not very well designed and I would like to provide a way to do encoding/decoding as an interface making it even more transparent to get results.

RFC recommends using a monotonic increasing integer. We can to this with the atomic package in a safe way. See if we gain performance by using sync/atomic vs uuid vs go.uuid package.

Docstring should make it clear that Ok being true does not mean that Errors is empty.

example help.

May i send this xml packet with go-netconf like this:
Could you please give an example to do it?

<rpc message-id ="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:h3c="http://www.h3c.com/netconf/base:1.0"> <get> <filter type="subtree"> <top xmlns="http://www.h3c.com/netconf/data:1.0"> <VLAN> <VLANs> <VLANID> <ID></ID> <Description></Description> <Name></Name> <RouteIfIndex></RouteIfIndex> <UntaggedPortList></UntaggedPortList> <TaggedPortList></TaggedPortList> <Shared></Shared> </VLANID> </VLANs> </VLAN> </top> </filter> </get> </rpc>]]>]]>

The example listed in README.md seems to be dated.

    reply, err := s.ExecRPC(netconf.RPCGetConfig("running"))

Should most likely be:

    reply, err := s.Exec(netconf.MethodGetConfig("running"))

I used the DialSSHTimeout for testing read Timeout. I intentionally send the server not to know the message and produce the reading timeout.But the reality is that read has not Timeout. I found that the data it read was the data returned by KEEP_ALIVE.

The interval of KEEP_ALIVE is half of the reading of Timeout.

go func() {
		ticker := time.NewTicker(timeout / 2)
		defer ticker.Stop()
		for range ticker.C {
			_, _, err := t.sshClient.Conn.SendRequest("KEEP_ALIVE", true, nil)
			if err != nil {
				return
			}
		}
	}()

func (c *deadlineConn) Read(b []byte) (n int, err error) {
	c.SetReadDeadline(time.Now().Add(c.timeout))
	return c.Conn.Read(b)
}

when junos space try to discover devices , this issue appear (failed to establish netconf session due to timeout) , kindly noted that i can reach this devices SSH , and all devices has the same command " set system services netconf ssh".
anyone can help?

DialSSH (https://github.com/Juniper/go-netconf/blob/master/netconf/transport_ssh.go#L111)
Does not close the ssh session if the netconf session fails.

DialSSH needs to close the ssh session if the netconf session fails, or handle this situation in some way that does not cause a hung ssh session.

I had tested this tool on several type of devices，like juniper、huawei、cisco、h3c,
bug there's a problem with h3c devices
there have a half of change that the read() hangs forever
because go-netconf NewSession() handle send hello after receive, this may cause the first data request was send follow closely with hello. then device receive hello and handle it and drop the data request.(because the hello package does not processing completed )
So I interchange the posstion of the hello send and receive. It work well

I'm testing the example program telnet_example.go from a window machine. I'm able to telnet from the windows telnet client to a ubuntu machine (on network) running telnet server. However when I run the example program for the same ubuntu host using credentials, the programs waits on vendor.Login(t, username, password) forever. I believe it is expecting some regex match in this step _, prompt, err := t.WaitForRegexp(promptRE) in jnpr/ioproc.go forever.

Any suggestions as to what could be wrong and how it can be fixed?

golang.org/x/crypto/ssh
Does not support Juniper ScreenOS

This happens using the master branch.

Running the following code (connection is to a Cisco device, if that matters):

reply, _ := s.Exec(netconf.MethodGetConfig("running"))
fmt.Println("REPLY:", string(reply.RawReply))

I get the following output (excerpts):

REPLY: 
#4104
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="192cfbdd-fc16-4a3c-b496-9a3e9475ef3e"><data>
...
<last>4</last><login><local/></login><transport><input><input>ssh</input></input>
#4102
</transport></vty></line>
...
#4083
<protocol xmlns:oc-pol-types="http://openconfig.net/yang/policy-types">oc-pol-types:STATIC</protocol>
...
</rpc-reply>

I don't understand what those #4104, #4102, #4083 etc. mean.

Inspecting the Exec() method of the session reveals that after the following line:

rawXML already contains the spurious numbers.

Using the stable version (0.1.1), the one you get by default when importing github.com/Juniper/go-netconf/netconf, the output is clean.

A few days ago the SSH package got updated, which broke this package.
See: https://groups.google.com/forum/#!msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ

As mentioned in that thread, it can still be used using the legacy SSH package, though the imports will need to be changed for this package then.

I am trying to programatically construct netconf edit-config request for a yang schema config object. Currently I am constructing this xml string manually. Is there a way I can do this programatically given the yang schema file? Please help

go version

go version go1.8 darwin/amd64

ssh version

OpenSSH_7.3p1, LibreSSL 2.4.1

code went wrong

package main

import (
	"fmt"
	"golang.org/x/crypto/ssh"
	"log"

	"github.com/Juniper/go-netconf/netconf"
)

func main() {
	sshConfig := &ssh.ClientConfig{
		Config: ssh.Config{
			Ciphers: []string{"aes128-cbc", "hmac-sha1"},
		},
		User: "root",
		Auth: []ssh.AuthMethod{ssh.Password("xxxx")},
	}

	s, err := netconf.DialSSH("172.16.240.189", sshConfig)

	if err != nil {
		log.Fatal(err)
	}

	defer s.Close()

	fmt.Println(s.ServerCapabilities)
	fmt.Println(s.SessionID)

	reply, err := s.Exec(netconf.MethodGetConfig("running"))
	if err != nil {
		panic(err)
	}
	fmt.Printf("Reply: %+v", reply)
}

it still went wrong even if i added the HostKeyCallback

package main

import (
	"fmt"
	"golang.org/x/crypto/ssh"
	"log"
	"net"

	"github.com/Juniper/go-netconf/netconf"
)

func main() {
	sshConfig := &ssh.ClientConfig{
		Config: ssh.Config{
			Ciphers: []string{"aes128-cbc", "hmac-sha1"},
		},
		User: "root",
		Auth: []ssh.AuthMethod{ssh.Password("xxx")},
		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
			return nil
		},
	}

	s, err := netconf.DialSSH("172.16.240.189", sshConfig)

	if err != nil {
		log.Fatal(err)
	}

	defer s.Close()

	fmt.Println(s.ServerCapabilities)
	fmt.Println(s.SessionID)

	reply, err := s.Exec(netconf.MethodGetConfig("running"))
	if err != nil {
		panic(err)
	}
	fmt.Printf("Reply: %+v", reply)
}

Has anyone gotten go-netconf to work with Junos "outbound-ssh" connections?

When using this Junos config, the Juniper device establishes a TCP connection to a host, and that host makes an SSH client connection back to the Juniper device (over the initial TCP connection).

The python ncclient works great with "outbound-ssh". ncclient uses python's socket.fromfd() to duplicate the established TCP socket and reuse for the SSH client.

I have tried updating go-netconf to allow empty addresses for ssh.NewSSHSession like this...

session, err := netconf.NewSSHSession(conn, "", config)

But it's not working for me. Any gotten this to work with Golang?

I'm trying to get the go-netconf library working with our implementation of NETCONF in the Tail-f ConfD product.

calle@macbook:calle-src $go run netconf.go
panic: handshake failed: ssh: no common algorithms

goroutine 1 [running]:
main.main()
    /Users/calle/calle-src/netconf.go:32 +0x17f

goroutine 2 [syscall]:
exit status 2

Is there a way for me to trace the handshake from the client side to see which ciphers are being suggested?

Please enhance DialSSHTimeout() to allow for three different timeouts.

One each for Dial, Read deadline, and Write deadline.

Lot of deployment does not allow direct access. In such cases SSH via bastion will be very helpful

• What is the issue
  Getting segfault for DialSSH call when incorrect ssh username/password provided. This is caused due to PR #87. The TransportSSH.Dial failure may happen due to many reasons, one of them is incorrect username/password. In this scenario there is no valid ssh connection to close.
• What is expected
  netconf client must not crash for incorrect ssh username/password.
• How it can be solved (suggestion)
  Detect there is a valid ssh connection before closing one.

RPCs should be implemented as an interface to be passed in. Either could be some generic or just return raw xml

Currently I have a netconf client session connection to a server. Now I want to receive notifications from the server, so I send a subscribe request. But after I do this, I see that my requests to the server are returning error " expected type rpc-reply but received notification" I am curious to learn how others are subscribing to netconf notifications. Any suggestions/advice will be helpful. Thanks in advance.

The following rpc-reply is received:

 <rpc-reply message-id="101"
            xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
   <ok/>
 </rpc-reply>

But the unmarshalled RpcReply.Ok did not set to true.

After checking the unmarshalling format:

 // RPCReply defines a reply to a RPC request
 type RPCReply struct {
   XMLName  xml.Name   `xml:"rpc-reply"`
   Errors   []RPCError `xml:"rpc-error,omitempty"`
   Data     string     `xml:",innerxml"`
   Ok       bool       `xml:",omitempty"`
   RawReply string     `xml:"-"`
 }

the boolean unmarshalling seems to be broken according to the following site

So making the following RPCReply:

 // RPCReply defines a reply to a RPC request
 type RPCReply struct {
   XMLName  xml.Name   `xml:"rpc-reply"`
   Errors   []RPCError `xml:"rpc-error,omitempty"`
   Data     string     `xml:",innerxml"`
   Ok       *struct{}       `xml:"ok,omitempty"`
   RawReply string     `xml:"-"`
 }

and check if Ok != nil will make it work

Right now only "urn:ietf:params:netconf:base:1.1" is added by default but there is no good API for allowing the client to add more capabilities.

Have a API setting or option for setting session capabilities for the session. Don't export the capabilities.

Output to stderr RPC Request and Response payloads for debug purposes.

I use CREATE_SUBSCRIPTION to enable server send notifications to client.But it seems
official don't have a common method or example to use .Can
official write one?

Support all protocol implementatins defined in the RFC:

   <get-config>
   <edit-config>
   <copy-config>
   <delete-config>
   <lock>
   <unlock>
   <get>
   <close-session>
   <kill-session>