diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-12-25 22:57:59 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-12-25 23:27:15 +0100 |
commit | b9b5070203c3c3b31a7b297c5ddba8934b1ca34d (patch) | |
tree | 4d630ee9e08f2dfb425cab130ab9bc5c8d632740 /src/conf_mode/flow_accounting_conf.py | |
parent | 0030f9fc844036a0d1a0381a9096b1b9d368e35f (diff) | |
download | vyos-1x-b9b5070203c3c3b31a7b297c5ddba8934b1ca34d.tar.gz vyos-1x-b9b5070203c3c3b31a7b297c5ddba8934b1ca34d.zip |
flow-accounting: T4105: drop "sflow agent-address auto"
The implementation of the "auto" option to specify the sflow/netflow
agent-address is very error prone. The current implementation will determine
the IP address used for the "auto" value as follow:
Get BGP router-id
1) If not found use OSPF router-id
2) If not found use OSPFv3 router-id
3) If not found use "the first IP address found on the system
Well, what is the "first IP address found"? Also this changes if DHCP is in use.
Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed,
the agent-address is not updated upon the next reboot of the system.
This task is about removing the "auto" keyword from the CLI at all and make it
either entirely configurable by the user and hardcode the value in CLI, or not
use this at all.
If "auto" is specified we will query the system in the above order and set the
proper router-id in the CLI. If none can be found the CLI node is removed.
Diffstat (limited to 'src/conf_mode/flow_accounting_conf.py')
-rwxr-xr-x | src/conf_mode/flow_accounting_conf.py | 38 |
1 files changed, 9 insertions, 29 deletions
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 9467e805c..86fbd96b1 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -43,29 +43,6 @@ iptables_nflog_chain = 'VYATTA_CT_PREROUTING_HOOK' egress_iptables_nflog_table = 'mangle' egress_iptables_nflog_chain = 'FORWARD' -# get sFlow agent-ip if agent-address is "auto" (default behaviour) -def _sflow_default_agentip(config): - # check if any of BGP, OSPF, OSPFv3 protocols are configured and use router-id from there - if config.exists('protocols bgp'): - bgp_router_id = config.return_value("protocols bgp {} parameters router-id".format(config.list_nodes('protocols bgp')[0])) - if bgp_router_id: - return bgp_router_id - if config.return_value('protocols ospf parameters router-id'): - return config.return_value('protocols ospf parameters router-id') - if config.return_value('protocols ospfv3 parameters router-id'): - return config.return_value('protocols ospfv3 parameters router-id') - - # if router-id was not found, use first available ip of any interface - for iface in Section.interfaces(): - for address in Interface(iface).get_addr(): - # return an IP, if this is not loopback - regex_filter = re.compile('^(?!(127)|(::1)|(fe80))(?P<ipaddr>[a-f\d\.:]+)/\d+$') - if regex_filter.search(address): - return regex_filter.search(address).group('ipaddr') - - # return nothing by default - return None - # get iptables rule dict for chain in table def _iptables_get_nflog(chain, table): # define list with rules @@ -223,14 +200,16 @@ def verify(flow_config): # check agent-id for sFlow: we should avoid mixing IPv4 agent-id with IPv6 collectors and vice-versa for server in flow_config['sflow']['server']: - if flow_config['sflow']['agent_address'] != 'auto': + if 'agent_address' in flow_config['sflow']: if ip_address(server).version != ip_address(flow_config['sflow']['agent_address']).version: - raise ConfigError("Different IP address versions cannot be mixed in \"sflow agent-address\" and \"sflow server\". You need to set manually the same IP version for \"agent-address\" as for all sFlow servers") + raise ConfigError('IPv4 and IPv6 addresses can not be mixed in "sflow agent-address" and "sflow '\ + 'server". You need to set the same IP version for both "agent-address" and '\ + 'all sFlow servers') if 'agent_address' in flow_config['sflow']: - agent_address = flow_config['sflow']['agent_address'] - if agent_address != 'auto' and not is_addr_assigned(agent_address): - print(f'Warning: Configured "sflow agent-address" does not exist in the system!') + if not is_addr_assigned(agent_address): + tmp = flow_config['sflow']['agent_address'] + print(f'Warning: Configured "sflow agent-address {tmp}" does not exist in the system!') # check NetFlow configuration if 'netflow' in flow_config: @@ -241,7 +220,8 @@ def verify(flow_config): # check if configured netflow source-ip exist in the system if 'source_address' in flow_config['netflow']: if not is_addr_assigned(flow_config['netflow']['source_address']): - print(f'Warning: Configured "netflow source-address" does not exist on the system!') + tmp = flow_config['netflow']['source_address'] + print(f'Warning: Configured "netflow source-address {tmp}" does not exist on the system!') # check if engine-id compatible with selected protocol version if 'engine_id' in flow_config['netflow']: |