summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-07-21 10:35:34 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2023-07-21 13:16:03 +0000
commitbd4bb4f869d6df02bfda1ce5668b8cf15a95b4af (patch)
treee77fff1b934bfbf48435f2657b72e98ad9238168 /data
parent26af45a61bbe8b219b57127a869e723b11886522 (diff)
downloadvyos-1x-bd4bb4f869d6df02bfda1ce5668b8cf15a95b4af.tar.gz
vyos-1x-bd4bb4f869d6df02bfda1ce5668b8cf15a95b4af.zip
T5368: service ids ddos-protection add support sflow mode
sFlow mode requires fewer resources then mode "mirror" Integrate it into configuration mode set service ids ddos-protection mode 'sflow' set service ids ddos-protection sflow listen-address '127.0.0.1' set service ids ddos-protection sflow port '6343'
Diffstat (limited to 'data')
-rw-r--r--data/templates/ids/fastnetmon.j211
-rw-r--r--data/templates/ids/fastnetmon_networks_list.j22
2 files changed, 11 insertions, 2 deletions
diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2
index 0340d3c92..f6f03d0db 100644
--- a/data/templates/ids/fastnetmon.j2
+++ b/data/templates/ids/fastnetmon.j2
@@ -29,10 +29,19 @@ unban_only_if_attack_finished = on
# For each subnet, list track speed in bps and pps for both directions
enable_subnet_counters = off
-{% if mode.mirror is vyos_defined %}
+{% if mode is vyos_defined('mirror') %}
mirror_afpacket = on
+{% elif mode is vyos_defined('sflow') %}
+sflow = on
+{% if sflow.port is vyos_defined %}
+sflow_port = {{ sflow.port }}
+{% endif %}
+{% if sflow.listen_address is vyos_defined %}
+sflow_host = {{ sflow.listen_address }}
+{% endif %}
{% endif %}
+
process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }}
process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }}
diff --git a/data/templates/ids/fastnetmon_networks_list.j2 b/data/templates/ids/fastnetmon_networks_list.j2
index 5f1b3ba4d..0a0576d2a 100644
--- a/data/templates/ids/fastnetmon_networks_list.j2
+++ b/data/templates/ids/fastnetmon_networks_list.j2
@@ -1,4 +1,4 @@
-{% if network is vyos_defined() %}
+{% if network is vyos_defined %}
{% for net in network %}
{{ net }}
{% endfor %}