3 files changed, 21 insertions, 13 deletions

diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/netflow/uacctd.conf.tmpl
index 27a157531..b6d31746f 100644
--- a/data/templates/netflow/uacctd.conf.tmpl
+++ b/data/templates/netflow/uacctd.conf.tmpl
@@ -4,7 +4,7 @@ promisc: false
 pidfile: /var/run/uacctd.pid
 uacctd_group: 2
 uacctd_nl_size: 2097152
-snaplen: {{ snaplen }}
+snaplen: {{ packet_length }}
 aggregate: in_iface{{ ',out_iface' if enable_egress is defined }},src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows
 {% set pipe_size = buffer_size | int *1024 *1024 %}
 plugin_pipe_size: {{ pipe_size }}
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index ba5c70979..1b57d706c 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -22,6 +22,19 @@
             </properties>
             <defaultValue>10</defaultValue>
           </leafNode>
+          <leafNode name="packet-length">
+            <properties>
+              <help>Specifies the maximum number of bytes to capture for each packet</help>
+              <valueHelp>
+                <format>u32:128-750</format>
+                <description>Packet length in bytes (default: 128)</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 128-750"/>
+              </constraint>
+            </properties>
+            <defaultValue>128</defaultValue>
+          </leafNode>
           <leafNode name="enable-egress">
             <properties>
               <help>Enable egress flow accounting</help>
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py
index 86fbd96b1..3d3b03e10 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/flow_accounting_conf.py
@@ -34,9 +34,6 @@ from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
-# default values
-default_captured_packet_size = 128
-
 uacctd_conf_path = '/etc/pmacct/uacctd.conf'
 iptables_nflog_table = 'raw'
 iptables_nflog_chain = 'VYATTA_CT_PREROUTING_HOOK'
@@ -67,7 +64,7 @@ def _iptables_get_nflog(chain, table):
     return rules
 
 # modify iptables rules
-def _iptables_config(configured_ifaces, direction):
+def _iptables_config(configured_ifaces, direction, length):
     # define list of iptables commands to modify settings
     iptable_commands = []
     iptables_chain = iptables_nflog_chain
@@ -114,7 +111,7 @@ def _iptables_config(configured_ifaces, direction):
         if direction == "egress":
             iptables_op = "-o"
 
-        rule_definition = f'{iptables_chain} {iptables_op} {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {default_captured_packet_size} --nflog-threshold 100'
+        rule_definition = f'{iptables_chain} {iptables_op} {iface} -m comment --comment FLOW_ACCOUNTING_RULE -j NFLOG --nflog-group 2 --nflog-size {length} --nflog-threshold 100'
         iptable_commands.append(f'{iptables} -t {iptables_table} -I {rule_definition}')
 
     # change iptables
@@ -158,8 +155,6 @@ def get_config(config=None):
                     flow_accounting[flow_type]['server'][server] = dict_merge(
                         default_values,flow_accounting[flow_type]['server'][server])
 
-    flow_accounting['snaplen'] = default_captured_packet_size
-
     return flow_accounting
 
 def verify(flow_config):
@@ -253,8 +248,8 @@ def apply(flow_config):
     action = 'restart'
     # Check if flow-accounting was removed and define command
     if not flow_config:
-        _iptables_config([], 'ingress')
-        _iptables_config([], 'egress')
+        _iptables_config([], 'ingress', flow_config['packet_length'])
+        _iptables_config([], 'egress', flow_config['packet_length'])
 
         # Stop flow-accounting daemon
         cmd('systemctl stop uacctd.service')
@@ -265,13 +260,13 @@ def apply(flow_config):
 
     # configure iptables rules for defined interfaces
     if 'interface' in flow_config:
-        _iptables_config(flow_config['interface'], 'ingress')
+        _iptables_config(flow_config['interface'], 'ingress', flow_config['packet_length'])
 
         # configure egress the same way if configured otherwise remove it
         if 'enable_egress' in flow_config:
-            _iptables_config(flow_config['interface'], 'egress')
+            _iptables_config(flow_config['interface'], 'egress', flow_config['packet_length'])
         else:
-            _iptables_config([], 'egress')
+            _iptables_config([], 'egress', flow_config['packet_length'])
 
 if __name__ == '__main__':
     try: