diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-12-25 23:26:36 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-12-25 23:27:15 +0100 |
| commit | 344c2776bd6e157d33ea81f548d1eacde1d3e644 (patch) | |
| tree | 969dd43ccffa3d78f8b58f02cb7e36f202a2f1db /src/conf_mode/flow_accounting_conf.py | |
| parent | b9b5070203c3c3b31a7b297c5ddba8934b1ca34d (diff) | |
| download | vyos-1x-344c2776bd6e157d33ea81f548d1eacde1d3e644.tar.gz vyos-1x-344c2776bd6e157d33ea81f548d1eacde1d3e644.zip | |
flow-accounting: T4106: support specification of capture packet length
Diffstat (limited to 'src/conf_mode/flow_accounting_conf.py')
| -rwxr-xr-x | src/conf_mode/flow_accounting_conf.py | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 86fbd96b1..3d3b03e10 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -34,9 +34,6 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -# default values -default_captured_packet_size = 128 - uacctd_conf_path = '/etc/pmacct/uacctd.conf' iptables_nflog_table = 'raw' iptables_nflog_chain = 'VYATTA_CT_PREROUTING_HOOK' @@ -67,7 +64,7 @@ def _iptables_get_nflog(chain, table): return rules # modify iptables rules -def _iptables_config(configured_ifaces, direction): +def _iptables_config(configured_ifaces, direction, length): # define list of iptables commands to modify settings iptable_commands = [] iptables_chain = iptables_nflog_chain @@ -114,7 +111,7 @@ def _iptables_config(configured_ifaces, direction): if direction == "egress": iptables_op = "-o" - rule_definition = f'{iptables_chain} {iptables_op} {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {default_captured_packet_size} --nflog-threshold 100' + rule_definition = f'{iptables_chain} {iptables_op} {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {length} --nflog-threshold 100' iptable_commands.append(f'{iptables} -t {iptables_table} -I {rule_definition}') # change iptables @@ -158,8 +155,6 @@ def get_config(config=None): flow_accounting[flow_type]['server'][server] = dict_merge( default_values,flow_accounting[flow_type]['server'][server]) - flow_accounting['snaplen'] = default_captured_packet_size - return flow_accounting def verify(flow_config): @@ -253,8 +248,8 @@ def apply(flow_config): action = 'restart' # Check if flow-accounting was removed and define command if not flow_config: - _iptables_config([], 'ingress') - _iptables_config([], 'egress') + _iptables_config([], 'ingress', flow_config['packet_length']) + _iptables_config([], 'egress', flow_config['packet_length']) # Stop flow-accounting daemon cmd('systemctl stop uacctd.service') @@ -265,13 +260,13 @@ def apply(flow_config): # configure iptables rules for defined interfaces if 'interface' in flow_config: - _iptables_config(flow_config['interface'], 'ingress') + _iptables_config(flow_config['interface'], 'ingress', flow_config['packet_length']) # configure egress the same way if configured otherwise remove it if 'enable_egress' in flow_config: - _iptables_config(flow_config['interface'], 'egress') + _iptables_config(flow_config['interface'], 'egress', flow_config['packet_length']) else: - _iptables_config([], 'egress') + _iptables_config([], 'egress', flow_config['packet_length']) if __name__ == '__main__': try: |