Yes. Packet drops are classed as "event_samples" internally. Definitions for telemetry counters are here:
https://github.com/sflow/host-sflow/blob/v2.0.50-4/src/Linux/hsflowd.h#L460-L486
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 3 2023
Apr 3 2023
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav updated the task description for T5142: One of the requirements is to use a system auditing tool to monitor and log all security-relevant events..
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables, a subtask of T4470: Rewrite load-balancing wan to XML/Python, from Open to Needs testing.
Viacheslav changed the status of T4362: Wan Load Balancing - Can't create routing tables from Open to Needs testing.
@marc_s Will be fixed in the next rolling release, could you check?
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from In progress to Needs testing.
Will be available in the next rolling release.
GitHub <[email protected]> committed rVYOSONEX94b65bb3936b: Merge pull request #1932 from sever-sever/T5125 (authored by c-po).
GitHub <[email protected]> committed rVYOSONEXbcc9e2092b07: Merge pull request #1934 from sever-sever/T5141 (authored by c-po).
GitHub <[email protected]> committed rVYOSONEX95245860277a: Merge pull request #1933 from sever-sever/T5139 (authored by c-po).
Viacheslav changed the status of T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution from Open to In progress.
Viacheslav added a comment to T5141: Add numbers for dhclient-exit-hooks.d to enforce script order execution.
PR https://github.com/vyos/vyos-1x/pull/1933
set vpn ipsec authentication psk MY-PEER id '192.0.2.1' set vpn ipsec authentication psk MY-PEER id '192.0.2.10' set vpn ipsec authentication psk MY-PEER secret 'SeCrEt' set vpn ipsec esp-group ESP proposal 1 set vpn ipsec ike-group IKE key-exchange 'ikev2' set vpn ipsec ike-group IKE lifetime '0' set vpn ipsec ike-group IKE proposal 1 dh-group '14' set vpn ipsec ike-group IKE proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE proposal 1 hash 'sha256' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer MY-PEER authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer MY-PEER ike-group 'IKE' set vpn ipsec site-to-site peer MY-PEER local-address '192.0.2.1' set vpn ipsec site-to-site peer MY-PEER remote-address '192.0.2.10' set vpn ipsec site-to-site peer MY-PEER tunnel 1 esp-group 'ESP' set vpn ipsec site-to-site peer MY-PEER tunnel 1 local prefix '10.0.2.0/25' set vpn ipsec site-to-site peer MY-PEER tunnel 1 remote prefix '10.5.5.0/25'
Expected `no rekeying
vyos@r14:~$ sudo swanctl -L
MY-PEER: IKEv2, no reauthentication, no rekeying, dpd delay 30s
local: 192.0.2.1
remote: 192.0.2.10
local pre-shared key authentication:
remote pre-shared key authentication:
id: %any
MY-PEER-tunnel-1: TUNNEL, rekeying every 3272s, dpd action is none
local: 10.0.2.0/25
remote: 10.5.5.0/25
vyos@r14:~$Viacheslav changed the status of T5139: IKE life-time should start from 0 for disable rekey from Open to In progress.
Viacheslav changed the subtype of T5139: IKE life-time should start from 0 for disable rekey from "Bug" to "Feature Request".
PR https://github.com/vyos/vyos-1x/pull/1932
vyos@r14:~$ show sflow -------------------------- ----------------------------------- Agent address 192.168.122.14 sFlow interfaces ['eth0', 'eth1'] sFlow servers ['192.168.122.1', '192.168.122.11'] Counter samples sent 159 Datagrams sent 949 Packet samples sent 124 Packet samples dropped 0 Packet drops sent 815 Packet drops suppressed 0 Flow samples suppressed 0 Counter samples suppressed 0 -------------------------- ----------------------------------- vyos@r14:~$
Viacheslav added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
@lcrockett Add please a new bug report.
It actually already exists: https://vyos.dev/T1981
@PSDev Add please a separate bug report
c-po moved T5136: Possible config corruption on upgrade from Need Triage to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T5136: Possible config corruption on upgrade from Open to Finished on the VyOS 1.4 Sagitta board.
PR for VyOS 1.3 https://github.com/vyos/vyatta-cfg-system/pull/199
As mentioned on slack, there are quite a few contenders:
Apr 2 2023
Apr 2 2023
Harliff added a comment to T2747: "enable-local-traffic" has no effect in load-balancing to redirect local traffic.
I can confirm this bug in rolling 1.3-2023-03-30.
I created a PR based on the changes from the OSPF PR: https://github.com/vyos/vyos-1x/pull/1931
https://vyos.dev/T5085 did the changes for OSPF, but we need this for BGP too
We actually need the same for BGP...
c-po closed T5134: Try if netavark networks can be moved to a VRF instance, a subtask of T5082: container: switch to netavark network stack, as Resolved.
Unknown Object (User) added a comment to T5137: show tech support command.
Unknown Object (User) added a comment to T5137: show tech support command.
show_techsupport_report.py12 KBDownload
Apr 1 2023
Apr 1 2023
The packet-drop events are not really samples in the same way as the packets are random-samples and the counters are time-samples. Even if there is only 1 dropped packet it will be sent. So it might be better to change the wording from “Samples drop events sent” to something like “Packet drop events sent” or just “Packet drops sent”. Make sense?
GitHub <[email protected]> committed rVYOSONEX37740abd88aa: Merge pull request #1929 from sever-sever/T5125 (authored by c-po).
Apologies. I believe it is corrected now.
a.apostoliuk changed the status of T5135: Rewrite opennhrp script using vyos.ipsec library from Open to In progress.
c-po updated the task description for T5134: Try if netavark networks can be moved to a VRF instance.
c-po changed the status of T5134: Try if netavark networks can be moved to a VRF instance, a subtask of T5082: container: switch to netavark network stack, from Open to In progress.
c-po changed the status of T5134: Try if netavark networks can be moved to a VRF instance from Open to In progress.
PR for VyOS 1.3 https://github.com/vyos/vyos-1x/pull/1928
c-po moved T4959: Add container registry authentication config for containers from In Progress to Backport Candidates on the VyOS 1.3 Equuleus (1.3.3) board.
c-po moved T4959: Add container registry authentication config for containers from Need Triage to In Progress on the VyOS 1.3 Equuleus (1.3.3) board.
GitHub <[email protected]> committed rVYOSONEXe890a70d134f: Merge pull request #1919 from c-po/equuleus (authored by c-po).
c-po moved T5082: container: switch to netavark network stack from Open to Finished on the VyOS 1.4 Sagitta board.
c-po closed T5132: Operational command "show isis vrf XXX route | neighbord" aren't working as Resolved.
GitHub <[email protected]> committed rVYOSONEXdcd2edc6ddee: Merge pull request #1926 from aapostoliuk/T5093-sagitta (authored by c-po).
In T5125#146162, @neilmckee wrote:I think there should be one more metric - the number of packet-drop-events sent. I just checked in a change that adds to the example telemetry.py script:
https://github.com/sflow/host-sflow/commit/5b01779abf21a7553e07188ff2f54850c568f786But we should also expose the number of drops that were suppressed by the mod_dropmon rate limit. I'll check in 2.0.50-4 later today to add that option too.
when I enter 'show dns dynamic status' it gives me 'no connect' result for the hosts
In T2819#145957, @indrajitr wrote:Should we revive this consideration again? See https://github.com/ddclient/ddclient/issues/528.
They did have a recent release, but things continue to be unpredictable. So we'll either have to have a different tool (and rewrite the configs) or have to maintain a fork. I see that there used to be a VyOS-maintained fork in the past.
Mar 31 2023
Mar 31 2023
GitHub <[email protected]> committed rVYOSONEX960b635f98b3: Merge pull request #1920 from jestabro/https-allow-client (authored by Viacheslav).
I think there should be one more metric - the number of packet-drop-events sent. I just checked in a change that adds to the example telemetry.py script:
https://github.com/sflow/host-sflow/commit/5b01779abf21a7553e07188ff2f54850c568f786
fernando triaged T5132: Operational command "show isis vrf XXX route | neighbord" aren't working as Low priority.
@fernando Can you see them now? I attached them to the main post.
devon updated the task description for T5127: VPNv4/VPNv6 routes are not reinstalled following link flap.
fernando added a comment to T5131: Operational command "show isis segment-routing prefix-sids" isn't working .
merge done, it fixed the issues :
lcrockett added a comment to T4081: VRRP health-check script stops working when setting up a sync group.
Running '1.4-rolling-202303270317' i'm experiencing the opposite behaviour. A VRRP health-check script in a VRRP group that is a member of a VRRP sync group stops working (VRRP group immediately transitions to 'FAULT' state upon start of keepalived). If i take out the 'track_script' block in the produced '/run/keepalived/keepalived.conf' and restart keepalived (sudo systemctl restart keepalived) the health-check script functions as expected again. Any pointers ? Or shall I create a new issue containing the appropriate details ?
GitHub <[email protected]> committed rVYOSONEX11ace86f5826: Merge pull request #1922 from nicolas-fort/T5128 (authored by c-po).
Viacheslav changed the status of T5125: Add op-mode commands for hsflowd based sflow, a subtask of T5086: Integrate hsflowd for sflow accounting, from In progress to Needs testing.
Viacheslav changed the status of T5125: Add op-mode commands for hsflowd based sflow from In progress to Needs testing.