Page MenuHomeVyOS Platform

flow-accounting broken in rolling
Closed, ResolvedPublicBUG

Description

set system flow-accounting interface 'eth0'
set system flow-accounting interface 'eth1'
set system flow-accounting sflow agent-address 'auto'
set system flow-accounting sflow server 192.168.0.10 port '6343'
vyos@vyos# commit
[ system flow-accounting sflow server 192.168.0.10 ]


[ system flow-accounting sflow server 192.168.0.10 port 6343 ]


[ system flow-accounting ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 372, in <module>
    apply(config)
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 363, in apply
    _iptables_config(config['interfaces'])
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 109, in _iptables_config
    active_nflog_rules = _iptables_get_nflog()
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 85, in _iptables_get_nflog
    cmd(iptables_command, universal_newlines=True, message='Failed to get flows list')
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 80, in cmd
    decode=decode,
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 50, in popen
    decoded = tmp.decode(decode) if decode else tmp.decode()
AttributeError: 'str' object has no attribute 'decode'

[[system flow-accounting]] failed
Commit failed

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202004111719
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Unknown Object (User) created this task.Apr 12 2020, 6:29 AM

I've found that on the most recent releases of VyOS, Netflow flow-accounting is also broken. I've managed to fix the first 2 errors I encountered and verify uacctd is indeed running; however, if IPv6 is used, another error is encountered which I did not fix. I also probably did not fix Sflow entirely with these changes.
Initial error:

vyos@cr01a-vyos# commit
[ system flow-accounting buffer-size 2048 ]


[ system flow-accounting netflow server 192.168.255.1 ]



[ system flow-accounting ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 30, in <module>
    from vyos.render import render
ModuleNotFoundError: No module named 'vyos.render'

Fixed by importing the correct module (vyos.template). Second error after fixing this:

vyos@cr01a-vyos# commit
[ system flow-accounting buffer-size 2048 ]


[ system flow-accounting netflow server 192.168.255.1 ]


[ system flow-accounting ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 367, in <module>
    apply(config)
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 358, in apply
    _iptables_config(config['interfaces'])
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 110, in _iptables_config
    active_nflog_rules = _iptables_get_nflog()
  File "/usr/libexec/vyos/conf_mode/flow_accounting_conf.py", line 87, in _iptables_get_nflog
    iptables_out = stdout.splitlines()
NameError: name 'stdout' is not defined

[[system flow-accounting]] failed
Commit failed
[edit system flow-accounting netflow]

Here's the diff of how I fixed it (sorry but I don't have a dev env set up yet, so no PRs or anything), the new changes are on the left:

vyos@cr01b-vyos# diff /usr/libexec/vyos/conf_mode/flow_accounting_conf.py /config/flow_accounting_conf.py
30c30
< from vyos.template import render
---
> from vyos.render import render
86c86
<         stdout = cmd(iptables_command, message='Failed to get flows list')
---
>         cmd(iptables_command, message='Failed to get flows list')
[edit system flow-accounting netflow]

(Sanitized) Proof it works:

vyos@cr01a-vyos# run show flow-accounting | head -4
IN_IFACE    SRC_MAC            DST_MAC            SRC_IP                             DST_IP                               SRC_PORT    DST_PORT  PROTOCOL      TOS    PACKETS    FLOWS    BYTES                    
----------  -----------------  -----------------  ---------------------------------  ---------------------------------  ----------  ----------  ----------  -----  ---------  -------  -------                    
bond0.110   44:44:44:44:44:44  00:07:43:99:99:99  192.168.2.8                        8.8.8.8                                     0           0  icmp            0         58       29     4872                    
bond0.110   44:44:44:44:44:44  00:07:43:99:99:99  192.168.2.5                        8.8.8.8                                     0           0  icmp            0         58       29     4872

I'd also recommend not using a variable named stdout later on since it's very confusing (easily confused with sys.stdout, which took me a minute to figure out).

@trae32566 thanks for reporthing the issue so clearly, fix will be in next rolling release

erkin set Issue type to Bug (incorrect behavior).Aug 30 2021, 7:10 AM
erkin removed a subscriber: Active contributors.