summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/configd-include.json1
-rw-r--r--data/templates/accel-ppp/ipoe.config.j216
-rw-r--r--data/templates/sflow/hsflowd.conf.j231
-rw-r--r--data/templates/sflow/override.conf.j216
-rw-r--r--debian/control1
-rw-r--r--interface-definitions/system-sflow.xml.in115
-rw-r--r--op-mode-definitions/show-ip-route.xml.in17
-rwxr-xr-xsmoketest/scripts/cli/test_system_sflow.py100
-rwxr-xr-xsrc/conf_mode/service_ipoe-server.py11
-rwxr-xr-xsrc/conf_mode/system_sflow.py124
10 files changed, 424 insertions, 8 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index 648655a8b..456211caa 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -74,6 +74,7 @@
"system-logs.py",
"system-option.py",
"system-proxy.py",
+"system_sflow.py",
"system_sysctl.py",
"system-syslog.py",
"system-timezone.py",
diff --git a/data/templates/accel-ppp/ipoe.config.j2 b/data/templates/accel-ppp/ipoe.config.j2
index 27621bc9b..ac83c3dbd 100644
--- a/data/templates/accel-ppp/ipoe.config.j2
+++ b/data/templates/accel-ppp/ipoe.config.j2
@@ -44,18 +44,18 @@ vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }}
{% endif %}
{% if authentication.mode is vyos_defined('noauth') %}
noauth=1
-{% if client_ip_pool.name is vyos_defined %}
-{% for pool, pool_options in client_ip_pool.name.items() %}
-{% if pool_options.subnet is vyos_defined and pool_options.gateway_address is vyos_defined %}
-ip-pool={{ pool }}
-gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
-{% endif %}
-{% endfor %}
-{% endif %}
{% elif authentication.mode is vyos_defined('local') %}
username=ifname
password=csid
{% endif %}
+{% if client_ip_pool.name is vyos_defined %}
+{% for pool, pool_options in client_ip_pool.name.items() %}
+{% if pool_options.subnet is vyos_defined and pool_options.gateway_address is vyos_defined %}
+ip-pool={{ pool }}
+gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
+{% endif %}
+{% endfor %}
+{% endif %}
proxy-arp=1
{% if client_ip_pool.name is vyos_defined %}
diff --git a/data/templates/sflow/hsflowd.conf.j2 b/data/templates/sflow/hsflowd.conf.j2
new file mode 100644
index 000000000..94f5939be
--- /dev/null
+++ b/data/templates/sflow/hsflowd.conf.j2
@@ -0,0 +1,31 @@
+# Genereated by /usr/libexec/vyos/conf_mode/system_sflow.py
+# Parameters http://sflow.net/host-sflow-linux-config.php
+
+sflow {
+{% if polling is vyos_defined %}
+ polling={{ polling }}
+{% endif %}
+{% if sampling_rate is vyos_defined %}
+ sampling={{ sampling_rate }}
+ sampling.bps_ratio=0
+{% endif %}
+{% if agent_address is vyos_defined %}
+ agentIP={{ agent_address }}
+{% endif %}
+{% if agent_interface is vyos_defined %}
+ agent={{ agent_interface }}
+{% endif %}
+{% if server is vyos_defined %}
+{% for server, server_config in server.items() %}
+ collector { ip = {{ server }} udpport = {{ server_config.port }} }
+{% endfor %}
+{% endif %}
+{% if interface is vyos_defined %}
+{% for iface in interface %}
+ pcap { dev={{ iface }} }
+{% endfor %}
+{% endif %}
+{% if drop_monitor_limit is vyos_defined %}
+ dropmon { limit={{ drop_monitor_limit }} start=on sw=on hw=off }
+{% endif %}
+}
diff --git a/data/templates/sflow/override.conf.j2 b/data/templates/sflow/override.conf.j2
new file mode 100644
index 000000000..f2a982528
--- /dev/null
+++ b/data/templates/sflow/override.conf.j2
@@ -0,0 +1,16 @@
+[Unit]
+After=
+After=vyos-router.service
+ConditionPathExists=
+ConditionPathExists=/run/sflow/hsflowd.conf
+
+[Service]
+EnvironmentFile=
+ExecStart=
+ExecStart=/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
+WorkingDirectory=
+WorkingDirectory=/run/sflow
+PIDFile=
+PIDFile=/run/sflow/hsflowd.pid
+Restart=always
+RestartSec=10
diff --git a/debian/control b/debian/control
index c3854252f..028b7cd43 100644
--- a/debian/control
+++ b/debian/control
@@ -64,6 +64,7 @@ Depends:
libpam-google-authenticator,
grc,
hostapd,
+ hsflowd,
hvinfo,
igmpproxy,
ipaddrcheck,
diff --git a/interface-definitions/system-sflow.xml.in b/interface-definitions/system-sflow.xml.in
new file mode 100644
index 000000000..335181fe1
--- /dev/null
+++ b/interface-definitions/system-sflow.xml.in
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- sflow configuration -->
+<interfaceDefinition>
+ <node name="system">
+ <children>
+ <node name="sflow" owner="${vyos_conf_scripts_dir}/system_sflow.py">
+ <properties>
+ <help>sFlow settings</help>
+ <priority>990</priority>
+ </properties>
+ <children>
+ <leafNode name="agent-address">
+ <properties>
+ <help>sFlow agent IPv4 or IPv6 address</help>
+ <completionHelp>
+ <list>auto</list>
+ <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+ </completionHelp>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>sFlow IPv4 agent address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>sFlow IPv6 agent address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ <validator name="ipv6-link-local"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="agent-interface">
+ <properties>
+ <help>IP address associated with this interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces</script>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Interface name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/interface-name.xml.in>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="drop-monitor-limit">
+ <properties>
+ <help>Export headers of dropped by kernel packets</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Maximum rate limit of N drops per second send out in the sFlow datagrams</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/generic-interface-multi.xml.i>
+ <leafNode name="polling">
+ <properties>
+ <help>Schedule counter-polling in seconds</help>
+ <valueHelp>
+ <format>u32:1-600</format>
+ <description>Polling rate in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-600"/>
+ </constraint>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="sampling-rate">
+ <properties>
+ <help>sFlow sampling-rate</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Sampling rate (1 in N packets)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>1000</defaultValue>
+ </leafNode>
+ <tagNode name="server">
+ <properties>
+ <help>sFlow destination server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 server to export sFlow</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 server to export sFlow</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/port-number.xml.i>
+ <leafNode name="port">
+ <defaultValue>6343</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/op-mode-definitions/show-ip-route.xml.in b/op-mode-definitions/show-ip-route.xml.in
index 681aa089f..c878bf712 100644
--- a/op-mode-definitions/show-ip-route.xml.in
+++ b/op-mode-definitions/show-ip-route.xml.in
@@ -92,6 +92,23 @@
#include <include/show-route-static.xml.i>
#include <include/show-route-supernets-only.xml.i>
#include <include/show-route-tag.xml.i>
+ <node name="node.tag">
+ <properties>
+ <help>Show IP routes of specified IP address or prefix</help>
+ <completionHelp>
+ <list>&lt;x.x.x.x&gt; &lt;x.x.x.x/x&gt;</list>
+ </completionHelp>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ <children>
+ <leafNode name="longer-prefixes">
+ <properties>
+ <help>Show longer prefixes of routes for specified prefix</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ </leafNode>
+ </children>
+ </node>
</children>
</tagNode>
</children>
diff --git a/smoketest/scripts/cli/test_system_sflow.py b/smoketest/scripts/cli/test_system_sflow.py
new file mode 100755
index 000000000..fef88b56a
--- /dev/null
+++ b/smoketest/scripts/cli/test_system_sflow.py
@@ -0,0 +1,100 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import unittest
+
+from base_vyostest_shim import VyOSUnitTestSHIM
+
+from vyos.configsession import ConfigSessionError
+from vyos.ifconfig import Section
+from vyos.util import cmd
+from vyos.util import process_named_running
+from vyos.util import read_file
+
+PROCESS_NAME = 'hsflowd'
+base_path = ['system', 'sflow']
+
+hsflowd_conf = '/run/sflow/hsflowd.conf'
+
+
+class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
+
+ @classmethod
+ def setUpClass(cls):
+ super(TestSystemFlowAccounting, cls).setUpClass()
+
+ # ensure we can also run this test on a live system - so lets clean
+ # out the current configuration :)
+ cls.cli_delete(cls, base_path)
+
+ def tearDown(self):
+ # after service removal process must no longer run
+ self.assertTrue(process_named_running(PROCESS_NAME))
+
+ self.cli_delete(base_path)
+ self.cli_commit()
+
+ # after service removal process must no longer run
+ self.assertFalse(process_named_running(PROCESS_NAME))
+
+ def test_sflow(self):
+ agent_address = '192.0.2.5'
+ agent_interface = 'eth0'
+ polling = '24'
+ sampling_rate = '128'
+ server = '192.0.2.254'
+ local_server = '127.0.0.1'
+ port = '8192'
+ default_port = '6343'
+ mon_limit = '50'
+
+ self.cli_set(
+ ['interfaces', 'dummy', 'dum0', 'address', f'{agent_address}/24'])
+ self.cli_set(base_path + ['agent-address', agent_address])
+ self.cli_set(base_path + ['agent-interface', agent_interface])
+
+ # You need to configure at least one interface for sflow
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ for interface in Section.interfaces('ethernet'):
+ self.cli_set(base_path + ['interface', interface])
+
+ self.cli_set(base_path + ['polling', polling])
+ self.cli_set(base_path + ['sampling-rate', sampling_rate])
+ self.cli_set(base_path + ['server', server, 'port', port])
+ self.cli_set(base_path + ['server', local_server])
+ self.cli_set(base_path + ['drop-monitor-limit', mon_limit])
+
+ # commit changes
+ self.cli_commit()
+
+ # verify configuration
+ hsflowd = read_file(hsflowd_conf)
+
+ self.assertIn(f'polling={polling}', hsflowd)
+ self.assertIn(f'sampling={sampling_rate}', hsflowd)
+ self.assertIn(f'agentIP={agent_address}', hsflowd)
+ self.assertIn(f'agent={agent_interface}', hsflowd)
+ self.assertIn(f'collector {{ ip = {server} udpport = {port} }}', hsflowd)
+ self.assertIn(f'collector {{ ip = {local_server} udpport = {default_port} }}', hsflowd)
+ self.assertIn(f'dropmon {{ limit={mon_limit} start=on sw=on hw=off }}', hsflowd)
+
+ for interface in Section.interfaces('ethernet'):
+ self.assertIn(f'pcap {{ dev={interface} }}', hsflowd)
+
+
+if __name__ == '__main__':
+ unittest.main(verbosity=2)
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 9cdfa08ef..4fabe170f 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -60,6 +60,17 @@ def verify(ipoe):
'Use "ipoe client-ip-pool" instead.')
#verify_accel_ppp_base_service(ipoe, local_users=False)
+ # IPoE server does not have 'gateway' option in the CLI
+ # we cannot use configverify.py verify_accel_ppp_base_service for ipoe-server
+
+ if dict_search('authentication.mode', ipoe) == 'radius':
+ if not dict_search('authentication.radius.server', ipoe):
+ raise ConfigError('RADIUS authentication requires at least one server')
+
+ for server in dict_search('authentication.radius.server', ipoe):
+ radius_config = ipoe['authentication']['radius']['server'][server]
+ if 'key' not in radius_config:
+ raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
if 'client_ipv6_pool' in ipoe:
if 'delegate' in ipoe['client_ipv6_pool'] and 'prefix' not in ipoe['client_ipv6_pool']:
diff --git a/src/conf_mode/system_sflow.py b/src/conf_mode/system_sflow.py
new file mode 100755
index 000000000..a0c3fca7f
--- /dev/null
+++ b/src/conf_mode/system_sflow.py
@@ -0,0 +1,124 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+
+from vyos.config import Config
+from vyos.configdict import dict_merge
+from vyos.template import render
+from vyos.util import call
+from vyos.validate import is_addr_assigned
+from vyos.xml import defaults
+from vyos import ConfigError
+from vyos import airbag
+airbag.enable()
+
+hsflowd_conf_path = '/run/sflow/hsflowd.conf'
+systemd_service = 'hsflowd.service'
+systemd_override = f'/run/systemd/system/{systemd_service}.d/override.conf'
+
+
+def get_config(config=None):
+ if config:
+ conf = config
+ else:
+ conf = Config()
+ base = ['system', 'sflow']
+ if not conf.exists(base):
+ return None
+
+ sflow = conf.get_config_dict(base,
+ key_mangling=('-', '_'),
+ get_first_key=True)
+
+ # We have gathered the dict representation of the CLI, but there are default
+ # options which we need to update into the dictionary retrived.
+ default_values = defaults(base)
+
+ sflow = dict_merge(default_values, sflow)
+
+ # Ignore default XML values if config doesn't exists
+ # Delete key from dict
+ if 'port' in sflow['server']:
+ del sflow['server']['port']
+
+ # Set default values per server
+ if 'server' in sflow:
+ for server in sflow['server']:
+ default_values = defaults(base + ['server'])
+ sflow['server'][server] = dict_merge(default_values, sflow['server'][server])
+
+ return sflow
+
+
+def verify(sflow):
+ if not sflow:
+ return None
+
+ # Check if configured sflow agent-address exist in the system
+ if 'agent_address' in sflow:
+ tmp = sflow['agent_address']
+ if not is_addr_assigned(tmp):
+ raise ConfigError(
+ f'Configured "sflow agent-address {tmp}" does not exist in the system!'
+ )
+
+ # Check if at least one interface is configured
+ if 'interface' not in sflow:
+ raise ConfigError(
+ 'sFlow requires at least one interface to be configured!')
+
+ # Check if at least one server is configured
+ if 'server' not in sflow:
+ raise ConfigError('You need to configure at least one sFlow server!')
+
+ # return True if all checks were passed
+ return True
+
+
+def generate(sflow):
+ if not sflow:
+ return None
+
+ render(hsflowd_conf_path, 'sflow/hsflowd.conf.j2', sflow)
+ render(systemd_override, 'sflow/override.conf.j2', sflow)
+ # Reload systemd manager configuration
+ call('systemctl daemon-reload')
+
+
+def apply(sflow):
+ if not sflow:
+ # Stop flow-accounting daemon and remove configuration file
+ call(f'systemctl stop {systemd_service}')
+ if os.path.exists(hsflowd_conf_path):
+ os.unlink(hsflowd_conf_path)
+ return
+
+ # Start/reload flow-accounting daemon
+ call(f'systemctl restart {systemd_service}')
+
+
+if __name__ == '__main__':
+ try:
+ config = get_config()
+ verify(config)
+ generate(config)
+ apply(config)
+ except ConfigError as e:
+ print(e)
+ exit(1)