Page MenuHomeVyOS Platform

Flow Accounting returns permission error and fails to start
Closed, ResolvedPublicBUG

Description

Flow accounting does not start on VyOS 1.4 202204200217

set system flow-accounting buffer-size '64'
set system flow-accounting disable-imt
set system flow-accounting interface 'eth0'
set system flow-accounting interface 'eth1'
set system flow-accounting interface 'eth2'
set system flow-accounting netflow engine-id '5'
set system flow-accounting netflow max-flows '640000'
set system flow-accounting netflow sampling-rate '100'
set system flow-accounting netflow server 10.0.10.1
set system flow-accounting netflow source-address '10.0.0.1'
set system flow-accounting netflow timeout expiry-interval '30'
set system flow-accounting netflow timeout flow-generic '30'
set system flow-accounting netflow timeout icmp '30'
set system flow-accounting netflow timeout max-active-life '30'
set system flow-accounting netflow timeout tcp-fin '30'
set system flow-accounting netflow timeout tcp-generic '30'
set system flow-accounting netflow timeout tcp-rst '30'
set system flow-accounting netflow timeout udp '30'
set system flow-accounting netflow version '9'
me@gw01# run show flow-accounting
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/flow_accounting_op.py", line 244, in <module>
    flows_list = _get_flows_list()
  File "/usr/libexec/vyos/op_mode/flow_accounting_op.py", line 97, in _get_flows_list
    out = cmd(f'/usr/bin/pmacct -s -O json -T flows -p {uacctd_pipefile}',
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] Failed to get flows list
failed to run command: /usr/bin/pmacct -s -O json -T flows -p /tmp/uacctd.pipe
returned: INFO: Connection refused while trying to connect to '/tmp/uacctd.pipe'
exit code: 1

When starting a basic configuration, uacctd starts but no flows are displayed

set system flow-accounting interface 'eth0'
set system flow-accounting interface 'eth1'
set system flow-accounting interface 'eth2'
set system flow-accounting netflow engine-id '100'
set system flow-accounting netflow sampling-rate '100'
set system flow-accounting netflow server 10.0.10.1
set system flow-accounting netflow source-address '10.0.0.1'
set system flow-accounting netflow version '9'
me@gw01# run show flow-accounting interface eth0
IN_IFACE    SRC_MAC    DST_MAC    SRC_IP    DST_IP    SRC_PORT    DST_PORT    PROTOCOL    TOS    PACKETS    FLOWS    BYTES
----------  ---------  ---------  --------  --------  ----------  ----------  ----------  -----  ---------  -------  -------

me@gw01# run show flow-accounting interface eth1
IN_IFACE    SRC_MAC    DST_MAC    SRC_IP    DST_IP    SRC_PORT    DST_PORT    PROTOCOL    TOS    PACKETS    FLOWS    BYTES
----------  ---------  ---------  --------  --------  ----------  ----------  ----------  -----  ---------  -------  -------

me@gw01# run show flow-accounting interface eth2
IN_IFACE    SRC_MAC    DST_MAC    SRC_IP    DST_IP    SRC_PORT    DST_PORT    PROTOCOL    TOS    PACKETS    FLOWS    BYTES
----------  ---------  ---------  --------  --------  ----------  ----------  ----------  -----  ---------  -------  -------

me@gw01# run show flow-accounting interface eth2
IN_IFACE    SRC_MAC    DST_MAC    SRC_IP    DST_IP    SRC_PORT    DST_PORT    PROTOCOL    TOS    PACKETS    FLOWS    BYTES
----------  ---------  ---------  --------  --------  ----------  ----------  ----------  -----  ---------  -------  -------

On checking dmesg, segfaults can be found:

[29026.586717] Code: 4c 8d 0c 16 4c 39 cf 0f 82 63 01 00 00 48 89 d1 f3 a4 c3 80 fa 08 73 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 <48> 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b
[29037.634096] uacctd[37885]: segfault at 6 ip 00007f310f34a77e sp 00007ffd3e427388 error 4 in libc-2.31.so[7f310f2c8000+14b000]

Details

Version
1.4-rolling-202204200217
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

I can't reproduce it VyOS 1.4-rolling-202204230217

The first config should print that imt plugin is disabled

vyos@t14# run show flow-accounting 
In-memory table is not available
[edit]
vyos@t14#

The second config works without any issue:

vyos@t14# run show flow-accounting  | strip-private 
IN_IFACE    SRC_MAC            DST_MAC            SRC_IP        DST_IP          SRC_PORT    DST_PORT  PROTOCOL      TOS    PACKETS    FLOWS    BYTES
----------  -----------------  -----------------  ------------  ------------  ----------  ----------  ----------  -----  ---------  -------  -------
eth1        xx:xx:xx:xx:xx:4c  xx:xx:xx:xx:xx:01  xxx.xxx.254.1  xxx.xxx.80.23       58475          22  tcp            72         50        1     2600
eth1        xx:xx:xx:xx:xx:4c  xx:xx:xx:xx:xx:01  xxx.xxx.254.1  xxx.xxx.80.23       58475          22  tcp            74         43        0     3952
[edit]
vyos@t14#
zsdc claimed this task.
zsdc moved this task from Open to Finished on the VyOS 1.4 Sagitta board.