summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/netflow/uacctd.conf.tmpl2
-rw-r--r--interface-definitions/flow-accounting-conf.xml.in13
-rwxr-xr-xsrc/conf_mode/flow_accounting_conf.py19
3 files changed, 21 insertions, 13 deletions
diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/netflow/uacctd.conf.tmpl
index 27a157531..b6d31746f 100644
--- a/data/templates/netflow/uacctd.conf.tmpl
+++ b/data/templates/netflow/uacctd.conf.tmpl
@@ -4,7 +4,7 @@ promisc: false
pidfile: /var/run/uacctd.pid
uacctd_group: 2
uacctd_nl_size: 2097152
-snaplen: {{ snaplen }}
+snaplen: {{ packet_length }}
aggregate: in_iface{{ ',out_iface' if enable_egress is defined }},src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows
{% set pipe_size = buffer_size | int *1024 *1024 %}
plugin_pipe_size: {{ pipe_size }}
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index ba5c70979..1b57d706c 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -22,6 +22,19 @@
</properties>
<defaultValue>10</defaultValue>
</leafNode>
+ <leafNode name="packet-length">
+ <properties>
+ <help>Specifies the maximum number of bytes to capture for each packet</help>
+ <valueHelp>
+ <format>u32:128-750</format>
+ <description>Packet length in bytes (default: 128)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 128-750"/>
+ </constraint>
+ </properties>
+ <defaultValue>128</defaultValue>
+ </leafNode>
<leafNode name="enable-egress">
<properties>
<help>Enable egress flow accounting</help>
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py
index 86fbd96b1..3d3b03e10 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/flow_accounting_conf.py
@@ -34,9 +34,6 @@ from vyos import ConfigError
from vyos import airbag
airbag.enable()
-# default values
-default_captured_packet_size = 128
-
uacctd_conf_path = '/etc/pmacct/uacctd.conf'
iptables_nflog_table = 'raw'
iptables_nflog_chain = 'VYATTA_CT_PREROUTING_HOOK'
@@ -67,7 +64,7 @@ def _iptables_get_nflog(chain, table):
return rules
# modify iptables rules
-def _iptables_config(configured_ifaces, direction):
+def _iptables_config(configured_ifaces, direction, length):
# define list of iptables commands to modify settings
iptable_commands = []
iptables_chain = iptables_nflog_chain
@@ -114,7 +111,7 @@ def _iptables_config(configured_ifaces, direction):
if direction == "egress":
iptables_op = "-o"
- rule_definition = f'{iptables_chain} {iptables_op} {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {default_captured_packet_size} --nflog-threshold 100'
+ rule_definition = f'{iptables_chain} {iptables_op} {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {length} --nflog-threshold 100'
iptable_commands.append(f'{iptables} -t {iptables_table} -I {rule_definition}')
# change iptables
@@ -158,8 +155,6 @@ def get_config(config=None):
flow_accounting[flow_type]['server'][server] = dict_merge(
default_values,flow_accounting[flow_type]['server'][server])
- flow_accounting['snaplen'] = default_captured_packet_size
-
return flow_accounting
def verify(flow_config):
@@ -253,8 +248,8 @@ def apply(flow_config):
action = 'restart'
# Check if flow-accounting was removed and define command
if not flow_config:
- _iptables_config([], 'ingress')
- _iptables_config([], 'egress')
+ _iptables_config([], 'ingress', flow_config['packet_length'])
+ _iptables_config([], 'egress', flow_config['packet_length'])
# Stop flow-accounting daemon
cmd('systemctl stop uacctd.service')
@@ -265,13 +260,13 @@ def apply(flow_config):
# configure iptables rules for defined interfaces
if 'interface' in flow_config:
- _iptables_config(flow_config['interface'], 'ingress')
+ _iptables_config(flow_config['interface'], 'ingress', flow_config['packet_length'])
# configure egress the same way if configured otherwise remove it
if 'enable_egress' in flow_config:
- _iptables_config(flow_config['interface'], 'egress')
+ _iptables_config(flow_config['interface'], 'egress', flow_config['packet_length'])
else:
- _iptables_config([], 'egress')
+ _iptables_config([], 'egress', flow_config['packet_length'])
if __name__ == '__main__':
try: