sflow: T5968: add VRF support

Add support to run hsflowd in a dedicated (e.g. management) VRF.

Command will be "set system sflow vrf <name>" like with any other service

(cherry picked from commit 64473fa6f320375fb3d3de4de9e729f456ee5ae2)

4 files changed, 32 insertions, 11 deletions

diff --git a/data/templates/sflow/override.conf.j2 b/data/templates/sflow/override.conf.j2
index f2a982528..73588fdb2 100644
--- a/data/templates/sflow/override.conf.j2
+++ b/data/templates/sflow/override.conf.j2
@@ -1,3 +1,4 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
 [Unit]
 After=
 After=vyos-router.service
@@ -7,7 +8,7 @@ ConditionPathExists=/run/sflow/hsflowd.conf
 [Service]
 EnvironmentFile=
 ExecStart=
-ExecStart=/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
+ExecStart={{ vrf_command }}/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
 WorkingDirectory=
 WorkingDirectory=/run/sflow
 PIDFile=
diff --git a/interface-definitions/system_sflow.xml.in b/interface-definitions/system_sflow.xml.in
index c5152abe9..aaf4033d8 100644
--- a/interface-definitions/system_sflow.xml.in
+++ b/interface-definitions/system_sflow.xml.in
@@ -106,6 +106,7 @@
               </leafNode>
             </children>
           </tagNode>
+          #include <include/interface/vrf.xml.i>
         </children>
       </node>
     </children>
diff --git a/smoketest/scripts/cli/test_system_sflow.py b/smoketest/scripts/cli/test_system_sflow.py
index 63262db69..c0424d915 100755
--- a/smoketest/scripts/cli/test_system_sflow.py
+++ b/smoketest/scripts/cli/test_system_sflow.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2023 VyOS maintainers and contributors
+# Copyright (C) 2023-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -17,6 +17,7 @@
 import unittest
 
 from base_vyostest_shim import VyOSUnitTestSHIM
+from time import sleep
 
 from vyos.configsession import ConfigSessionError
 from vyos.ifconfig import Section
@@ -26,12 +27,11 @@ from vyos.utils.file import read_file
 
 PROCESS_NAME = 'hsflowd'
 base_path = ['system', 'sflow']
+vrf = 'mgmt'
 
 hsflowd_conf = '/run/sflow/hsflowd.conf'
 
-
 class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
-
     @classmethod
     def setUpClass(cls):
         super(TestSystemFlowAccounting, cls).setUpClass()
@@ -45,6 +45,7 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         self.assertTrue(process_named_running(PROCESS_NAME))
 
         self.cli_delete(base_path)
+        self.cli_delete(['vrf', 'name', vrf])
         self.cli_commit()
 
         # after service removal process must no longer run
@@ -96,6 +97,27 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         for interface in Section.interfaces('ethernet'):
             self.assertIn(f'pcap {{ dev={interface} }}', hsflowd)
 
+    def test_vrf(self):
+        interface = 'eth0'
+        server = '192.0.2.1'
+
+        # Check if sFlow service can be bound to given VRF
+        self.cli_set(['vrf', 'name', vrf, 'table', '10100'])
+        self.cli_set(base_path + ['interface', interface])
+        self.cli_set(base_path + ['server', server])
+        self.cli_set(base_path + ['vrf', vrf])
+
+        # commit changes
+        self.cli_commit()
+
+        # verify configuration
+        hsflowd = read_file(hsflowd_conf)
+        self.assertIn(f'collector {{ ip = {server} udpport = 6343 }}', hsflowd) # default port
+        self.assertIn(f'pcap {{ dev=eth0 }}', hsflowd)
+
+        # Check for process in VRF
+        tmp = cmd(f'ip vrf pids {vrf}')
+        self.assertIn(PROCESS_NAME, tmp)
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/src/conf_mode/system_sflow.py b/src/conf_mode/system_sflow.py
index 2df1bbb7a..41119b494 100755
--- a/src/conf_mode/system_sflow.py
+++ b/src/conf_mode/system_sflow.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2023 VyOS maintainers and contributors
+# Copyright (C) 2023-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -19,6 +19,7 @@ import os
 from sys import exit
 
 from vyos.config import Config
+from vyos.configverify import verify_vrf
 from vyos.template import render
 from vyos.utils.process import call
 from vyos.utils.network import is_addr_assigned
@@ -46,7 +47,6 @@ def get_config(config=None):
 
     return sflow
 
-
 def verify(sflow):
     if not sflow:
         return None
@@ -68,9 +68,8 @@ def verify(sflow):
     if 'server' not in sflow:
         raise ConfigError('You need to configure at least one sFlow server!')
 
-    # return True if all checks were passed
-    return True
-
+    verify_vrf(sflow)
+    return None
 
 def generate(sflow):
     if not sflow:
@@ -81,7 +80,6 @@ def generate(sflow):
     # Reload systemd manager configuration
     call('systemctl daemon-reload')
 
-
 def apply(sflow):
     if not sflow:
         # Stop flow-accounting daemon and remove configuration file
@@ -93,7 +91,6 @@ def apply(sflow):
     # Start/reload flow-accounting daemon
     call(f'systemctl restart {systemd_service}')
 
-
 if __name__ == '__main__':
     try:
         config = get_config()