summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/flow-accounting-conf.xml.in56
-rwxr-xr-xsmoketest/scripts/cli/test_system_flow-accounting.py152
2 files changed, 180 insertions, 28 deletions
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index 6e87a2289..519e29f11 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -17,20 +17,20 @@
<description>Buffer size in MiB</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-4294967295" />
+ <validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
<leafNode name="enable-egress">
<properties>
<help>Enable egress flow accounting</help>
- <valueless />
+ <valueless/>
</properties>
</leafNode>
<leafNode name="disable-imt">
<properties>
<help>Disable in memory table plugin</help>
- <valueless />
+ <valueless/>
</properties>
</leafNode>
<leafNode name="syslog-facility">
@@ -174,7 +174,7 @@
<description>NetFlow maximum flows</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-4294967295" />
+ <validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
@@ -186,7 +186,7 @@
<description>Sampling rate (1 in N packets)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-4294967295" />
+ <validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
@@ -249,10 +249,10 @@
<help>NetFlow port number</help>
<valueHelp>
<format>u32:1025-65535</format>
- <description>NetFlow port number (default 2055)</description>
+ <description>NetFlow port number (default: 2055)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1025-65535" />
+ <validator name="numeric" argument="--range 1025-65535"/>
</constraint>
</properties>
</leafNode>
@@ -268,10 +268,10 @@
<help>Expiry scan interval</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>Expiry scan interval (default 60)</description>
+ <description>Expiry scan interval (default: 60)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -280,10 +280,10 @@
<help>Generic flow timeout value</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>Generic flow timeout in seconds (default 3600)</description>
+ <description>Generic flow timeout in seconds (default: 3600)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -292,10 +292,10 @@
<help>ICMP timeout value</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>ICMP timeout in seconds (default 300)</description>
+ <description>ICMP timeout in seconds (default: 300)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -304,10 +304,10 @@
<help>Max active timeout value</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>Max active timeout in seconds (default 604800)</description>
+ <description>Max active timeout in seconds (default: 604800)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -316,10 +316,10 @@
<help>TCP finish timeout value</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>TCP FIN timeout in seconds (default 300)</description>
+ <description>TCP FIN timeout in seconds (default: 300)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -328,10 +328,10 @@
<help>TCP generic timeout value</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>TCP generic timeout in seconds (default 3600)</description>
+ <description>TCP generic timeout in seconds (default: 3600)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -340,10 +340,10 @@
<help>TCP reset timeout value</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>TCP RST timeout in seconds (default 120)</description>
+ <description>TCP RST timeout in seconds (default: 120)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -352,10 +352,10 @@
<help>UDP timeout value</help>
<valueHelp>
<format>u32:0-2147483647</format>
- <description>UDP timeout in seconds (default 300)</description>
+ <description>UDP timeout in seconds (default: 300)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-2147483647" />
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
@@ -371,6 +371,10 @@
<leafNode name="agent-address">
<properties>
<help>sFlow agent IPv4 address</help>
+ <completionHelp>
+ <list>auto</list>
+ <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script>
+ </completionHelp>
<valueHelp>
<format>auto</format>
<description>auto select sFlow agent-address (default)</description>
@@ -393,7 +397,7 @@
<description>Sampling rate (1 in N packets)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-4294967295" />
+ <validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
@@ -419,10 +423,10 @@
<help>sFlow port number</help>
<valueHelp>
<format>u32:1025-65535</format>
- <description>sFlow port number (default 6343)</description>
+ <description>sFlow port number (default: 6343)</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1025-65535" />
+ <validator name="numeric" argument="--range 1025-65535"/>
</constraint>
</properties>
</leafNode>
diff --git a/smoketest/scripts/cli/test_system_flow-accounting.py b/smoketest/scripts/cli/test_system_flow-accounting.py
index a2b5b1481..57866a198 100755
--- a/smoketest/scripts/cli/test_system_flow-accounting.py
+++ b/smoketest/scripts/cli/test_system_flow-accounting.py
@@ -47,7 +47,10 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
def test_basic(self):
buffer_size = '5' # MiB
+ syslog = 'all'
+
self.cli_set(base_path + ['buffer-size', buffer_size])
+ self.cli_set(base_path + ['syslog-facility', syslog])
# You need to configure at least one interface for flow-accounting
with self.assertRaises(ConfigSessionError):
@@ -73,8 +76,153 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
tmp //= 1000
self.assertIn(f'plugin_buffer_size: {tmp}', uacctd)
- # Check for running process
- self.assertTrue(process_named_running(PROCESS_NAME))
+ # when 'disable-imt' is not configured on the CLI it must be present
+ self.assertIn(f'imt_path: /tmp/uacctd.pipe', uacctd)
+ self.assertIn(f'imt_mem_pools_number: 169', uacctd)
+ self.assertIn(f'syslog: {syslog}', uacctd)
+ self.assertIn(f'plugins: memory', uacctd)
+
+ def test_sflow(self):
+ sampling_rate = '4000'
+ source_address = '192.0.2.1'
+ dummy_if = 'dum3841'
+ agent_address = '192.0.2.2'
+
+ sflow_server = {
+ '1.2.3.4' : {
+ },
+ '5.6.7.8' : {
+ 'port' : '6000'
+ }
+ }
+
+ self.cli_set(['interfaces', 'dummy', dummy_if, 'address', agent_address + '/32'])
+ self.cli_set(base_path + ['disable-imt'])
+
+ # You need to configure at least one interface for flow-accounting
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ for interface in Section.interfaces('ethernet'):
+ self.cli_set(base_path + ['interface', interface])
+
+
+ # You need to configure at least one sFlow or NetFlow protocol, or not
+ # set "disable-imt" for flow-accounting
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+
+ self.cli_set(base_path + ['sflow', 'agent-address', agent_address])
+ self.cli_set(base_path + ['sflow', 'sampling-rate', sampling_rate])
+ self.cli_set(base_path + ['sflow', 'source-address', source_address])
+ for server, server_config in sflow_server.items():
+ self.cli_set(base_path + ['sflow', 'server', server])
+ if 'port' in server_config:
+ self.cli_set(base_path + ['sflow', 'server', server, 'port', server_config['port']])
+
+ # commit changes
+ self.cli_commit()
+
+ uacctd = read_file(uacctd_conf)
+
+ # when 'disable-imt' is not configured on the CLI it must be present
+ self.assertNotIn(f'imt_path: /tmp/uacctd.pipe', uacctd)
+ self.assertNotIn(f'imt_mem_pools_number: 169', uacctd)
+ self.assertNotIn(f'plugins: memory', uacctd)
+
+ for server, server_config in sflow_server.items():
+ if 'port' in server_config:
+ self.assertIn(f'sfprobe_receiver[sf_{server}]: {server}', uacctd)
+ else:
+ self.assertIn(f'sfprobe_receiver[sf_{server}]: {server}:6343', uacctd)
+
+ self.assertIn(f'sfprobe_agentip[sf_{server}]: {agent_address}', uacctd)
+ self.assertIn(f'sampling_rate[sf_{server}]: {sampling_rate}', uacctd)
+ self.assertIn(f'sfprobe_source_ip[sf_{server}]: {source_address}', uacctd)
+
+ self.cli_delete(['interfaces', 'dummy', dummy_if])
+
+ def test_netflow(self):
+ engine_id = '33'
+ max_flows = '667'
+ sampling_rate = '100'
+ source_address = '192.0.2.1'
+ dummy_if = 'dum3842'
+ agent_address = '192.0.2.10'
+ version = '10'
+ tmo_expiry = '120'
+ tmo_flow = '1200'
+ tmo_icmp = '60'
+ tmo_max = '50000'
+ tmo_tcp_fin = '100'
+ tmo_tcp_generic = '120'
+ tmo_tcp_rst = '99'
+ tmo_udp = '10'
+
+ netflow_server = {
+ '11.22.33.44' : {
+ },
+ '55.66.77.88' : {
+ 'port' : '6000'
+ }
+ }
+
+ self.cli_set(['interfaces', 'dummy', dummy_if, 'address', agent_address + '/32'])
+
+ for interface in Section.interfaces('ethernet'):
+ self.cli_set(base_path + ['interface', interface])
+
+ self.cli_set(base_path + ['netflow', 'engine-id', engine_id])
+ self.cli_set(base_path + ['netflow', 'max-flows', max_flows])
+ self.cli_set(base_path + ['netflow', 'sampling-rate', sampling_rate])
+ self.cli_set(base_path + ['netflow', 'source-ip', source_address])
+ self.cli_set(base_path + ['netflow', 'version', version])
+
+ # timeouts
+ self.cli_set(base_path + ['netflow', 'timeout', 'expiry-interval', tmo_expiry])
+ self.cli_set(base_path + ['netflow', 'timeout', 'flow-generic', tmo_flow])
+ self.cli_set(base_path + ['netflow', 'timeout', 'icmp', tmo_icmp])
+ self.cli_set(base_path + ['netflow', 'timeout', 'max-active-life', tmo_max])
+ self.cli_set(base_path + ['netflow', 'timeout', 'tcp-fin', tmo_tcp_fin])
+ self.cli_set(base_path + ['netflow', 'timeout', 'tcp-generic', tmo_tcp_generic])
+ self.cli_set(base_path + ['netflow', 'timeout', 'tcp-rst', tmo_tcp_rst])
+ self.cli_set(base_path + ['netflow', 'timeout', 'udp', tmo_udp])
+
+ # You need to configure at least one netflow server
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+
+ for server, server_config in netflow_server.items():
+ self.cli_set(base_path + ['netflow', 'server', server])
+ if 'port' in server_config:
+ self.cli_set(base_path + ['netflow', 'server', server, 'port', server_config['port']])
+
+ # commit changes
+ self.cli_commit()
+
+ uacctd = read_file(uacctd_conf)
+
+ tmp = 'plugins: '
+ for server, server_config in netflow_server.items():
+ tmp += f'nfprobe[nf_{server}],'
+ tmp += 'memory'
+ self.assertIn(f'{tmp}', uacctd)
+
+ for server, server_config in netflow_server.items():
+ self.assertIn(f'nfprobe_engine[nf_{server}]: {engine_id}', uacctd)
+ self.assertIn(f'nfprobe_maxflows[nf_{server}]: {max_flows}', uacctd)
+ self.assertIn(f'sampling_rate[nf_{server}]: {sampling_rate}', uacctd)
+ self.assertIn(f'nfprobe_source_ip[nf_{server}]: {source_address}', uacctd)
+ self.assertIn(f'nfprobe_version[nf_{server}]: {version}', uacctd)
+
+ if 'port' in server_config:
+ self.assertIn(f'nfprobe_receiver[nf_{server}]: {server}', uacctd)
+ else:
+ self.assertIn(f'nfprobe_receiver[nf_{server}]: {server}:2055', uacctd)
+
+ self.assertIn(f'nfprobe_timeouts[nf_{server}]: expint={tmo_expiry}:general={tmo_flow}:icmp={tmo_icmp}:maxlife={tmo_max}:tcp.fin={tmo_tcp_fin}:tcp={tmo_tcp_generic}:tcp.rst={tmo_tcp_rst}:udp={tmo_udp}', uacctd)
+
+
+ self.cli_delete(['interfaces', 'dummy', dummy_if])
if __name__ == '__main__':
unittest.main(verbosity=2)