summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorzsdc <taras@vyos.io>2019-12-24 23:58:19 +0200
committerChristian Poessinger <christian@poessinger.com>2019-12-24 23:17:20 +0100
commitb933cd91c96ccade616a6ddf90e8ddf8bf7cbfd5 (patch)
tree098adf880790fcde6e46423e427183c924b3268e /src/conf_mode
parentc1993205d62033658b36e4ad4ad4bb62afc54ecc (diff)
downloadvyos-1x-b933cd91c96ccade616a6ddf90e8ddf8bf7cbfd5.tar.gz
vyos-1x-b933cd91c96ccade616a6ddf90e8ddf8bf7cbfd5.zip
flow-accounting: T1890: Fixed bugs in flow-accounting
* fixed improper `process.returncode` invokes * added check for if an in-memory table is active before using IMT for flows show * replaced `--nflog-range` to `--nflog-size` in iptables rules, as `--nflog-range` had never works. **WARNING: this change break compatibility with Debian 8!**
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/flow_accounting_conf.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py
index 75dee4e64..0bc50482c 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/flow_accounting_conf.py
@@ -154,7 +154,7 @@ def _iptables_get_nflog():
process = subprocess.Popen(iptables_command, stdout=subprocess.PIPE, shell=True, universal_newlines=True)
stdout, stderr = process.communicate()
if not process.returncode == 0:
- print("Failed to get flows list: command \"{}\" returned exit code: {}\nError: {}".format(command, process.returncode(), stderr))
+ print("Failed to get flows list: command \"{}\" returned exit code: {}\nError: {}".format(command, process.returncode, stderr))
sys.exit(1)
iptables_out = stdout.splitlines()
@@ -196,7 +196,7 @@ def _iptables_config(configured_ifaces):
# create missed rules
for iface_extended in configured_ifaces_extended:
- rule_definition = "{0} -i {1} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-range {2} --nflog-threshold 100".format(iptables_nflog_chain, iface_extended['iface'], default_captured_packet_size)
+ rule_definition = "{0} -i {1} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {2} --nflog-threshold 100".format(iptables_nflog_chain, iface_extended['iface'], default_captured_packet_size)
iptable_commands.append("sudo {0} -t {1} -I {2}".format(iface_extended['iptables_variant'], iptables_nflog_table, rule_definition))
# change iptables