diff --git a/data/templates/sflow/override.conf.j2 b/data/templates/sflow/override.conf.j2
index f2a982528..73588fdb2 100644
--- a/data/templates/sflow/override.conf.j2
+++ b/data/templates/sflow/override.conf.j2
@@ -1,16 +1,17 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
After=
After=vyos-router.service
ConditionPathExists=
ConditionPathExists=/run/sflow/hsflowd.conf
[Service]
EnvironmentFile=
ExecStart=
-ExecStart=/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
+ExecStart={{ vrf_command }}/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
WorkingDirectory=
WorkingDirectory=/run/sflow
PIDFile=
PIDFile=/run/sflow/hsflowd.pid
Restart=always
RestartSec=10
diff --git a/interface-definitions/system_sflow.xml.in b/interface-definitions/system_sflow.xml.in
index c5152abe9..aaf4033d8 100644
--- a/interface-definitions/system_sflow.xml.in
+++ b/interface-definitions/system_sflow.xml.in
@@ -1,113 +1,114 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- sflow configuration -->
<interfaceDefinition>
<node name="system">
<children>
<node name="sflow" owner="${vyos_conf_scripts_dir}/system_sflow.py">
<properties>
<help>sFlow settings</help>
<priority>990</priority>
</properties>
<children>
<leafNode name="agent-address">
<properties>
<help>sFlow agent IPv4 or IPv6 address</help>
<completionHelp>
<list>auto</list>
<script>${vyos_completion_dir}/list_local_ips.sh --both</script>
</completionHelp>
<valueHelp>
<format>ipv4</format>
<description>sFlow IPv4 agent address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>sFlow IPv6 agent address</description>
</valueHelp>
<constraint>
<validator name="ip-address"/>
<validator name="ipv6-link-local"/>
</constraint>
</properties>
</leafNode>
<leafNode name="agent-interface">
<properties>
<help>IP address associated with this interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
<valueHelp>
<format>txt</format>
<description>Interface name</description>
</valueHelp>
<constraint>
#include <include/constraint/interface-name.xml.i>
</constraint>
</properties>
</leafNode>
<leafNode name="drop-monitor-limit">
<properties>
<help>Export headers of dropped by kernel packets</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Maximum rate limit of N drops per second send out in the sFlow datagrams</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
#include <include/generic-interface-multi.xml.i>
<leafNode name="polling">
<properties>
<help>Schedule counter-polling in seconds</help>
<valueHelp>
<format>u32:1-600</format>
<description>Polling rate in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-600"/>
</constraint>
</properties>
<defaultValue>30</defaultValue>
</leafNode>
<leafNode name="sampling-rate">
<properties>
<help>sFlow sampling-rate</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Sampling rate (1 in N packets)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
<defaultValue>1000</defaultValue>
</leafNode>
<tagNode name="server">
<properties>
<help>sFlow destination server</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 server to export sFlow</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>IPv6 server to export sFlow</description>
</valueHelp>
<constraint>
<validator name="ip-address"/>
</constraint>
</properties>
<children>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>6343</defaultValue>
</leafNode>
</children>
</tagNode>
+ #include <include/interface/vrf.xml.i>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/smoketest/scripts/cli/test_system_sflow.py b/smoketest/scripts/cli/test_system_sflow.py
index 63262db69..c0424d915 100755
--- a/smoketest/scripts/cli/test_system_sflow.py
+++ b/smoketest/scripts/cli/test_system_sflow.py
@@ -1,101 +1,123 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2023 VyOS maintainers and contributors
+# Copyright (C) 2023-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
+from time import sleep
from vyos.configsession import ConfigSessionError
from vyos.ifconfig import Section
from vyos.utils.process import cmd
from vyos.utils.process import process_named_running
from vyos.utils.file import read_file
PROCESS_NAME = 'hsflowd'
base_path = ['system', 'sflow']
+vrf = 'mgmt'
hsflowd_conf = '/run/sflow/hsflowd.conf'
-
class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
-
@classmethod
def setUpClass(cls):
super(TestSystemFlowAccounting, cls).setUpClass()
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
cls.cli_delete(cls, base_path)
def tearDown(self):
# after service removal process must no longer run
self.assertTrue(process_named_running(PROCESS_NAME))
self.cli_delete(base_path)
+ self.cli_delete(['vrf', 'name', vrf])
self.cli_commit()
# after service removal process must no longer run
self.assertFalse(process_named_running(PROCESS_NAME))
def test_sflow(self):
agent_address = '192.0.2.5'
agent_interface = 'eth0'
polling = '24'
sampling_rate = '128'
server = '192.0.2.254'
local_server = '127.0.0.1'
port = '8192'
default_port = '6343'
mon_limit = '50'
self.cli_set(
['interfaces', 'dummy', 'dum0', 'address', f'{agent_address}/24'])
self.cli_set(base_path + ['agent-address', agent_address])
self.cli_set(base_path + ['agent-interface', agent_interface])
# You need to configure at least one interface for sflow
with self.assertRaises(ConfigSessionError):
self.cli_commit()
for interface in Section.interfaces('ethernet'):
self.cli_set(base_path + ['interface', interface])
self.cli_set(base_path + ['polling', polling])
self.cli_set(base_path + ['sampling-rate', sampling_rate])
self.cli_set(base_path + ['server', server, 'port', port])
self.cli_set(base_path + ['server', local_server])
self.cli_set(base_path + ['drop-monitor-limit', mon_limit])
# commit changes
self.cli_commit()
# verify configuration
hsflowd = read_file(hsflowd_conf)
self.assertIn(f'polling={polling}', hsflowd)
self.assertIn(f'sampling={sampling_rate}', hsflowd)
self.assertIn(f'agentIP={agent_address}', hsflowd)
self.assertIn(f'agent={agent_interface}', hsflowd)
self.assertIn(f'collector {{ ip = {server} udpport = {port} }}', hsflowd)
self.assertIn(f'collector {{ ip = {local_server} udpport = {default_port} }}', hsflowd)
self.assertIn(f'dropmon {{ limit={mon_limit} start=on sw=on hw=off }}', hsflowd)
self.assertIn('dbus { }', hsflowd)
for interface in Section.interfaces('ethernet'):
self.assertIn(f'pcap {{ dev={interface} }}', hsflowd)
+ def test_vrf(self):
+ interface = 'eth0'
+ server = '192.0.2.1'
+
+ # Check if sFlow service can be bound to given VRF
+ self.cli_set(['vrf', 'name', vrf, 'table', '10100'])
+ self.cli_set(base_path + ['interface', interface])
+ self.cli_set(base_path + ['server', server])
+ self.cli_set(base_path + ['vrf', vrf])
+
+ # commit changes
+ self.cli_commit()
+
+ # verify configuration
+ hsflowd = read_file(hsflowd_conf)
+ self.assertIn(f'collector {{ ip = {server} udpport = 6343 }}', hsflowd) # default port
+ self.assertIn(f'pcap {{ dev=eth0 }}', hsflowd)
+
+ # Check for process in VRF
+ tmp = cmd(f'ip vrf pids {vrf}')
+ self.assertIn(PROCESS_NAME, tmp)
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/conf_mode/system_sflow.py b/src/conf_mode/system_sflow.py
index 2df1bbb7a..41119b494 100755
--- a/src/conf_mode/system_sflow.py
+++ b/src/conf_mode/system_sflow.py
@@ -1,105 +1,102 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2023 VyOS maintainers and contributors
+# Copyright (C) 2023-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
from sys import exit
from vyos.config import Config
+from vyos.configverify import verify_vrf
from vyos.template import render
from vyos.utils.process import call
from vyos.utils.network import is_addr_assigned
from vyos import ConfigError
from vyos import airbag
airbag.enable()
hsflowd_conf_path = '/run/sflow/hsflowd.conf'
systemd_service = 'hsflowd.service'
systemd_override = f'/run/systemd/system/{systemd_service}.d/override.conf'
def get_config(config=None):
if config:
conf = config
else:
conf = Config()
base = ['system', 'sflow']
if not conf.exists(base):
return None
sflow = conf.get_config_dict(base, key_mangling=('-', '_'),
get_first_key=True,
with_recursive_defaults=True)
return sflow
-
def verify(sflow):
if not sflow:
return None
# Check if configured sflow agent-address exist in the system
if 'agent_address' in sflow:
tmp = sflow['agent_address']
if not is_addr_assigned(tmp):
raise ConfigError(
f'Configured "sflow agent-address {tmp}" does not exist in the system!'
)
# Check if at least one interface is configured
if 'interface' not in sflow:
raise ConfigError(
'sFlow requires at least one interface to be configured!')
# Check if at least one server is configured
if 'server' not in sflow:
raise ConfigError('You need to configure at least one sFlow server!')
- # return True if all checks were passed
- return True
-
+ verify_vrf(sflow)
+ return None
def generate(sflow):
if not sflow:
return None
render(hsflowd_conf_path, 'sflow/hsflowd.conf.j2', sflow)
render(systemd_override, 'sflow/override.conf.j2', sflow)
# Reload systemd manager configuration
call('systemctl daemon-reload')
-
def apply(sflow):
if not sflow:
# Stop flow-accounting daemon and remove configuration file
call(f'systemctl stop {systemd_service}')
if os.path.exists(hsflowd_conf_path):
os.unlink(hsflowd_conf_path)
return
# Start/reload flow-accounting daemon
call(f'systemctl restart {systemd_service}')
-
if __name__ == '__main__':
try:
config = get_config()
verify(config)
generate(config)
apply(config)
except ConfigError as e:
print(e)
exit(1)