Already triggered CI builds su it will be in tonights version.

Ah ok, sorry, i'm bit slow today.
Awesome!

Nope, this is the output after binding it to eth0 only. It always binds to the loopback interface!

so it still there ?
weird thing

After adding the bind-interfacesparameter to the configuration, movng the configuration file from /etc/dnsmasq.conf to /etc/dnsmasq.d/vyos.conf and switching to systemd, this is the result:

Yes, can do

Want to look into that?

I am very interested in this, has any work been done?

I've found memory leak bug in Cstore perl binding (perlxs).
This binding is a part of vyatta-cfg.

That is fine, maybe with exception for some nasty vulnerabilities, however we also not disappear
just handy to have someone dedicated to wireless (almost separate world)
Thank you!

@syncer thanks for the offer :)

@c-po i think this was fixed by @dmbaturin
marking as solved, if not, reopen

@alainlamar by any chance you want to be maintainer of wireless subsystem ? :)
It looks like you both have knowledge and real life use case and that make it whole easier

I am seeing similar messages in 1.1.8.

@c-po thanks for pointing me to the interface definitions!

@alainlamar nice work digging!

I found an example file in vyatta-lldp:

I found an example XML tag config file in vyatta-lldp:

I'm using ntop-ng + nprobe.

@syncer tools added to base image. This would be perfect for a vyos-1x op mode command. Unfortunately I was not able to build a working template with the relax-ng templates (lack of xml/relax-ng) knowledge. @dmbaturin maybe you can help?

@squeeby which sflow collector do you use? Is there one you can recommend?

Rewrote the scripts using vyos-1x and Python. This is now functioning on my routers.

Working again

Merged into vyatta-netflow package and will be included in tonights build.

Looks good!

Ok, next try: https://www.mybll.net/vyatta-netflow_ver02_all.deb

This appears to operate as expected.

Could you alter the file manually to get a working state and pass it to me by e.g. pasting it here or a https://pastebin.com/ link? Then I could regenerate a package for testing. This would help me a lot as I do not have any flow collector.

So by reverting, the file /opt/vyatta/sbin/vyatta-netflow.pl contains:

328 sub acct_add_nflog_target {
329     my ($intf) = @_;
330
331     my ($table_chain) = acct_get_table_chain();
332     while (my ($chain, $table) = each(%$table_chain)) {
333         my $cmd = "iptables -t $table -I $chain 1 -i $intf -j NFLOG" ." --nflog-group 2";
334         if (defined $nflog_range) {
335             $cmd .= " --nflog-range $nflog_range";
336         }
337         if (defined $nflog_threshold) {
338             $cmd .= " --nflog-threshold $nflog_threshold";
339         }
340         my $ret = system($cmd);
341         if ($ret >> 8) {
342             die "Error: [$cmd] failed - $?\n";
343         }
344     }
345 }

You can revert by switching back to the official VyOS package.

Do you know how I can restore the previous version so I can see if it was this package that changed it?

Strange. I only changed /opt/vyatta/sbin/vyatta-netflow.pl to your recommendation.

I applied your patch but now iptables has reverted to using the ULOG target instead of NFLOG:

squeeb@gw1# commit
[ system flow-accounting interface eth2 ]
iptables: No chain/target/match by that name.
Error: [iptables -t raw -I VYATTA_CT_PREROUTING_HOOK 1 -i eth2 -j ULOG --ulog-nlgroup 2 --ulog-cprange 64 --ulog-qthreshold 10] failed - 256

@squeeby do you mind verifying the following package containing your fix:

Changing the following lines to the excerpt below in /opt/vyatta/sbin/vyatta-netflow.pl seems to work:

@c-po Thank you for the quick response and especially for the workaround! This was of great value...

@alainlamar your effort and support is tremendous and very much appreciated. I'm also super new to VyOS "development".

Problem is that two new packages (mdns-repeater and udp-bcast-relay) are build on the CI server, but somehow do not show up in the package repository at http://dev.packages.vyos.net/vyos/pool/main/ which is used during build.

@c-po I re-arranged the code and the git commits and hope things are fine now so this ticket may come to its deserved end of life.

@dmbaturin Yes, as time permits. That's my worst constraint.

Hey everyone,

@c-po I did some major work on vyatta-wireless, including the introduction of nested nodes to configure card capabilities. Would you mind to take a look at it and suggest improvements for:

• using a better way than Perl smartmatch to compare strings against arbitrary lists of strings (like in Python if "bar" in ["foo", "bar", "baz"]: print("True"))
• a nicer way to getting rid of mutual exclusions without adding too much responsibility on parsing by wireless-hostapd.pl. Transforming ht and vht from multi nodes into nested directories and then implement a bool node for each capability flag would IMHO require much more parsing in wireless-hostapd.pl but would solve the issue with mutual exclusions which could be implemented as simple multi-choice nodes...

@alainlamar thanks for sharing your thoughts. Regarding your MR, you add a node sshd_option where someone could add ANY option to sshd. I'm not a big fan of those "you can do everything nodes".