From 503123728b5c08b42746b25bf84633d6a4729227 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 22 Dec 2021 22:01:48 +0100
Subject: smoketest: flow-accounting: add sflow and netflow testcases

(cherry picked from commit d93b1203bd2e07f8c08c0be88505e8e94f950c53)
---
 interface-definitions/flow-accounting-conf.xml.in  |  56 ++++----
 .../scripts/cli/test_system_flow-accounting.py     | 152 ++++++++++++++++++++-
 2 files changed, 180 insertions(+), 28 deletions(-)

diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index 6e87a2289..519e29f11 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -17,20 +17,20 @@
                 <description>Buffer size in MiB</description>
               </valueHelp>
               <constraint>
-                <validator name="numeric" argument="--range 0-4294967295" />
+                <validator name="numeric" argument="--range 0-4294967295"/>
               </constraint>
             </properties>
           </leafNode>
           <leafNode name="enable-egress">
             <properties>
               <help>Enable egress flow accounting</help>
-              <valueless />
+              <valueless/>
             </properties>
           </leafNode>
           <leafNode name="disable-imt">
             <properties>
               <help>Disable in memory table plugin</help>
-              <valueless />
+              <valueless/>
             </properties>
           </leafNode>
           <leafNode name="syslog-facility">
@@ -174,7 +174,7 @@
                     <description>NetFlow maximum flows</description>
                   </valueHelp>
                   <constraint>
-                   <validator name="numeric" argument="--range 0-4294967295" />
+                   <validator name="numeric" argument="--range 0-4294967295"/>
                   </constraint>
                 </properties>
               </leafNode>
@@ -186,7 +186,7 @@
                     <description>Sampling rate (1 in N packets)</description>
                   </valueHelp>
                   <constraint>
-                   <validator name="numeric" argument="--range 0-4294967295" />
+                   <validator name="numeric" argument="--range 0-4294967295"/>
                   </constraint>
                 </properties>
               </leafNode>
@@ -249,10 +249,10 @@
                       <help>NetFlow port number</help>
                       <valueHelp>
                         <format>u32:1025-65535</format>
-                        <description>NetFlow port number (default 2055)</description>
+                        <description>NetFlow port number (default: 2055)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 1025-65535" />
+                       <validator name="numeric" argument="--range 1025-65535"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -268,10 +268,10 @@
                       <help>Expiry scan interval</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>Expiry scan interval (default 60)</description>
+                        <description>Expiry scan interval (default: 60)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                        <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -280,10 +280,10 @@
                       <help>Generic flow timeout value</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>Generic flow timeout in seconds (default 3600)</description>
+                        <description>Generic flow timeout in seconds (default: 3600)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                       <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -292,10 +292,10 @@
                       <help>ICMP timeout value</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>ICMP timeout in seconds (default 300)</description>
+                        <description>ICMP timeout in seconds (default: 300)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                       <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -304,10 +304,10 @@
                       <help>Max active timeout value</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>Max active timeout in seconds (default 604800)</description>
+                        <description>Max active timeout in seconds (default: 604800)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                       <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -316,10 +316,10 @@
                       <help>TCP finish timeout value</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>TCP FIN timeout in seconds (default 300)</description>
+                        <description>TCP FIN timeout in seconds (default: 300)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                       <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -328,10 +328,10 @@
                       <help>TCP generic timeout value</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>TCP generic timeout in seconds (default 3600)</description>
+                        <description>TCP generic timeout in seconds (default: 3600)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                       <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -340,10 +340,10 @@
                       <help>TCP reset timeout value</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>TCP RST timeout in seconds (default 120)</description>
+                        <description>TCP RST timeout in seconds (default: 120)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                       <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -352,10 +352,10 @@
                       <help>UDP timeout value</help>
                       <valueHelp>
                         <format>u32:0-2147483647</format>
-                        <description>UDP timeout in seconds (default 300)</description>
+                        <description>UDP timeout in seconds (default: 300)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 0-2147483647" />
+                       <validator name="numeric" argument="--range 0-2147483647"/>
                       </constraint>
                     </properties>
                   </leafNode>
@@ -371,6 +371,10 @@
               <leafNode name="agent-address">
                 <properties>
                   <help>sFlow agent IPv4 address</help>
+                  <completionHelp>
+                    <list>auto</list>
+                    <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script>
+                  </completionHelp>
                   <valueHelp>
                     <format>auto</format>
                     <description>auto select sFlow agent-address (default)</description>
@@ -393,7 +397,7 @@
                     <description>Sampling rate (1 in N packets)</description>
                   </valueHelp>
                   <constraint>
-                   <validator name="numeric" argument="--range 0-4294967295" />
+                   <validator name="numeric" argument="--range 0-4294967295"/>
                   </constraint>
                 </properties>
               </leafNode>
@@ -419,10 +423,10 @@
                       <help>sFlow port number</help>
                       <valueHelp>
                         <format>u32:1025-65535</format>
-                        <description>sFlow port number (default 6343)</description>
+                        <description>sFlow port number (default: 6343)</description>
                       </valueHelp>
                       <constraint>
-                       <validator name="numeric" argument="--range 1025-65535" />
+                       <validator name="numeric" argument="--range 1025-65535"/>
                       </constraint>
                     </properties>
                   </leafNode>
diff --git a/smoketest/scripts/cli/test_system_flow-accounting.py b/smoketest/scripts/cli/test_system_flow-accounting.py
index a2b5b1481..57866a198 100755
--- a/smoketest/scripts/cli/test_system_flow-accounting.py
+++ b/smoketest/scripts/cli/test_system_flow-accounting.py
@@ -47,7 +47,10 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
 
     def test_basic(self):
         buffer_size = '5' # MiB
+        syslog = 'all'
+
         self.cli_set(base_path + ['buffer-size', buffer_size])
+        self.cli_set(base_path + ['syslog-facility', syslog])
 
         # You need to configure at least one interface for flow-accounting
         with self.assertRaises(ConfigSessionError):
@@ -73,8 +76,153 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         tmp //= 1000
         self.assertIn(f'plugin_buffer_size: {tmp}', uacctd)
 
-        # Check for running process
-        self.assertTrue(process_named_running(PROCESS_NAME))
+        # when 'disable-imt' is not configured on the CLI it must be present
+        self.assertIn(f'imt_path: /tmp/uacctd.pipe', uacctd)
+        self.assertIn(f'imt_mem_pools_number: 169', uacctd)
+        self.assertIn(f'syslog: {syslog}', uacctd)
+        self.assertIn(f'plugins: memory', uacctd)
+
+    def test_sflow(self):
+        sampling_rate = '4000'
+        source_address = '192.0.2.1'
+        dummy_if = 'dum3841'
+        agent_address = '192.0.2.2'
+
+        sflow_server = {
+            '1.2.3.4' : {
+            },
+            '5.6.7.8' : {
+                'port' : '6000'
+            }
+        }
+
+        self.cli_set(['interfaces', 'dummy', dummy_if, 'address', agent_address + '/32'])
+        self.cli_set(base_path + ['disable-imt'])
+
+        # You need to configure at least one interface for flow-accounting
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        for interface in Section.interfaces('ethernet'):
+            self.cli_set(base_path + ['interface', interface])
+
+
+        # You need to configure at least one sFlow or NetFlow protocol, or not
+        # set "disable-imt" for flow-accounting
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+
+        self.cli_set(base_path + ['sflow', 'agent-address', agent_address])
+        self.cli_set(base_path + ['sflow', 'sampling-rate', sampling_rate])
+        self.cli_set(base_path + ['sflow', 'source-address', source_address])
+        for server, server_config in sflow_server.items():
+            self.cli_set(base_path + ['sflow', 'server', server])
+            if 'port' in server_config:
+                self.cli_set(base_path + ['sflow', 'server', server, 'port', server_config['port']])
+
+        # commit changes
+        self.cli_commit()
+
+        uacctd = read_file(uacctd_conf)
+
+        # when 'disable-imt' is not configured on the CLI it must be present
+        self.assertNotIn(f'imt_path: /tmp/uacctd.pipe', uacctd)
+        self.assertNotIn(f'imt_mem_pools_number: 169', uacctd)
+        self.assertNotIn(f'plugins: memory', uacctd)
+
+        for server, server_config in sflow_server.items():
+            if 'port' in server_config:
+                self.assertIn(f'sfprobe_receiver[sf_{server}]: {server}', uacctd)
+            else:
+                self.assertIn(f'sfprobe_receiver[sf_{server}]: {server}:6343', uacctd)
+
+            self.assertIn(f'sfprobe_agentip[sf_{server}]: {agent_address}', uacctd)
+            self.assertIn(f'sampling_rate[sf_{server}]: {sampling_rate}', uacctd)
+            self.assertIn(f'sfprobe_source_ip[sf_{server}]: {source_address}', uacctd)
+
+        self.cli_delete(['interfaces', 'dummy', dummy_if])
+
+    def test_netflow(self):
+        engine_id = '33'
+        max_flows = '667'
+        sampling_rate = '100'
+        source_address = '192.0.2.1'
+        dummy_if = 'dum3842'
+        agent_address = '192.0.2.10'
+        version = '10'
+        tmo_expiry = '120'
+        tmo_flow = '1200'
+        tmo_icmp = '60'
+        tmo_max = '50000'
+        tmo_tcp_fin = '100'
+        tmo_tcp_generic = '120'
+        tmo_tcp_rst = '99'
+        tmo_udp = '10'
+
+        netflow_server = {
+            '11.22.33.44' : {
+            },
+            '55.66.77.88' : {
+                'port' : '6000'
+            }
+        }
+
+        self.cli_set(['interfaces', 'dummy', dummy_if, 'address', agent_address + '/32'])
+
+        for interface in Section.interfaces('ethernet'):
+            self.cli_set(base_path + ['interface', interface])
+
+        self.cli_set(base_path + ['netflow', 'engine-id', engine_id])
+        self.cli_set(base_path + ['netflow', 'max-flows', max_flows])
+        self.cli_set(base_path + ['netflow', 'sampling-rate', sampling_rate])
+        self.cli_set(base_path + ['netflow', 'source-ip', source_address])
+        self.cli_set(base_path + ['netflow', 'version', version])
+
+        # timeouts
+        self.cli_set(base_path + ['netflow', 'timeout', 'expiry-interval', tmo_expiry])
+        self.cli_set(base_path + ['netflow', 'timeout', 'flow-generic', tmo_flow])
+        self.cli_set(base_path + ['netflow', 'timeout', 'icmp', tmo_icmp])
+        self.cli_set(base_path + ['netflow', 'timeout', 'max-active-life', tmo_max])
+        self.cli_set(base_path + ['netflow', 'timeout', 'tcp-fin', tmo_tcp_fin])
+        self.cli_set(base_path + ['netflow', 'timeout', 'tcp-generic', tmo_tcp_generic])
+        self.cli_set(base_path + ['netflow', 'timeout', 'tcp-rst', tmo_tcp_rst])
+        self.cli_set(base_path + ['netflow', 'timeout', 'udp', tmo_udp])
+
+        # You need to configure at least one netflow server
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+
+        for server, server_config in netflow_server.items():
+            self.cli_set(base_path + ['netflow', 'server', server])
+            if 'port' in server_config:
+                self.cli_set(base_path + ['netflow', 'server', server, 'port', server_config['port']])
+
+        # commit changes
+        self.cli_commit()
+
+        uacctd = read_file(uacctd_conf)
+
+        tmp = 'plugins: '
+        for server, server_config in netflow_server.items():
+            tmp += f'nfprobe[nf_{server}],'
+        tmp += 'memory'
+        self.assertIn(f'{tmp}', uacctd)
+
+        for server, server_config in netflow_server.items():
+            self.assertIn(f'nfprobe_engine[nf_{server}]: {engine_id}', uacctd)
+            self.assertIn(f'nfprobe_maxflows[nf_{server}]: {max_flows}', uacctd)
+            self.assertIn(f'sampling_rate[nf_{server}]: {sampling_rate}', uacctd)
+            self.assertIn(f'nfprobe_source_ip[nf_{server}]: {source_address}', uacctd)
+            self.assertIn(f'nfprobe_version[nf_{server}]: {version}', uacctd)
+
+            if 'port' in server_config:
+                self.assertIn(f'nfprobe_receiver[nf_{server}]: {server}', uacctd)
+            else:
+                self.assertIn(f'nfprobe_receiver[nf_{server}]: {server}:2055', uacctd)
+
+            self.assertIn(f'nfprobe_timeouts[nf_{server}]: expint={tmo_expiry}:general={tmo_flow}:icmp={tmo_icmp}:maxlife={tmo_max}:tcp.fin={tmo_tcp_fin}:tcp={tmo_tcp_generic}:tcp.rst={tmo_tcp_rst}:udp={tmo_udp}', uacctd)
+
+
+        self.cli_delete(['interfaces', 'dummy', dummy_if])
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)
-- 
cgit v1.2.3