mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 11:26:13 +00:00
netflow: improve error handling in rc.d script (#3658)
This commit is contained in:
Frank Brendel
Ad Schellevis
parent
9cbc0aa5af
commit
5b6b56aac8
@ -42,9 +42,21 @@ extra_commands="status"
|
||||
[ -z "$netflow_enable" ] && netflow_enable="NO"
|
||||
[ -z "$netflow_egress_only" ] && netflow_egress_only=""
|
||||
|
||||
# setup_interface (interface)
|
||||
# - use netgraph + ng_netflow in combination with samplicate to record netflow data and send it to multiple locations
|
||||
setup_interface()
|
||||
# netflow_node_error (interface, message)
|
||||
# - shutdown the netflow node on error to avoid connection problems
|
||||
# with unassigned hooks
|
||||
netflow_node_error()
|
||||
{
|
||||
interface=$1
|
||||
message=$2
|
||||
echo "error $interface: $message"
|
||||
/usr/sbin/ngctl shutdown netflow_$interface: >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# netflow_setup_interface (interface)
|
||||
# - use netgraph + ng_netflow in combination with samplicate to record netflow
|
||||
# data and send it to multiple locations
|
||||
netflow_setup_interface()
|
||||
{
|
||||
# set netflow version (export keyword)
|
||||
if [ "$netflow_version" == "9" ]; then
|
||||
@ -83,16 +95,50 @@ setup_interface()
|
||||
|
||||
# remove earlier setup (if any)
|
||||
/usr/sbin/ngctl shutdown netflow_$interface: >/dev/null 2>&1
|
||||
# configure netflow for this interface, sending all to localhost
|
||||
/usr/sbin/ngctl -f- <<-SEQ
|
||||
mkpeer $interface: netflow lower iface$ifIndex
|
||||
name $interface:lower netflow_$interface
|
||||
connect $interface: netflow_$interface: upper out$ifIndex
|
||||
mkpeer netflow_$interface: ksocket export$nfversion inet/dgram/udp
|
||||
msg netflow_$interface: settimeouts { inactive=$netflow_inactive_timeout active=$netflow_active_timeout }
|
||||
msg netflow_$interface: setconfig {iface=$ifIndex conf=$conf}
|
||||
msg netflow_$interface:export$nfversion connect inet/$netflow_int_destination
|
||||
SEQ
|
||||
|
||||
# configure netflow for this interface
|
||||
# ng_ether:lower <-> ng_netflow:ifaceX <-> ng_netflow:export <-> ng_netflow:outX <-> ng_ether:upper
|
||||
|
||||
# create ng_netflow node and connect ifaceX hook with ng_ether lower hook
|
||||
if ! /usr/sbin/ngctl mkpeer $interface: netflow lower iface$ifIndex; then
|
||||
netflow_node_error $interface "cannot create netflow node for $interface"
|
||||
return
|
||||
fi
|
||||
# set a name for the netflow node
|
||||
if ! /usr/sbin/ngctl name $interface:lower netflow_$interface; then
|
||||
netflow_node_error $interface "cannot set name for $interface:lower"
|
||||
return
|
||||
fi
|
||||
# connect ng_netflow outX hook with ng_ether upper hook to reinject the packets
|
||||
if ! /usr/sbin/ngctl connect $interface: netflow_$interface: upper out$ifIndex; then
|
||||
netflow_node_error $interface "cannot connect $interface:upper with out$ifIndex"
|
||||
return
|
||||
fi
|
||||
# set timeouts
|
||||
if ! /usr/sbin/ngctl msg netflow_$interface: settimeouts { inactive=$netflow_inactive_timeout active=$netflow_active_timeout }; then
|
||||
netflow_node_error $interface "cannot set timouts"
|
||||
return
|
||||
fi
|
||||
# configure ingress
|
||||
if ! /usr/sbin/ngctl msg netflow_$interface: setconfig {iface=$ifIndex conf=$conf}; then
|
||||
netflow_node_error $interface "cannot configure ingress"
|
||||
return
|
||||
fi
|
||||
# create a ng_ksocket node to export the NetFlow datagrams from ng_netflow
|
||||
if ! /usr/sbin/ngctl mkpeer netflow_$interface: ksocket export$nfversion inet/dgram/udp; then
|
||||
netflow_node_error $interface "cannot create ksocket node for netflow_$interface"
|
||||
return
|
||||
fi
|
||||
# set a name for the ksocket node
|
||||
if ! /usr/sbin/ngctl name netflow_$interface:export$nfversion ksocket_netflow_$interface; then
|
||||
netflow_node_error $interface "cannot set name for netflow_$interface:export$nfversion"
|
||||
return
|
||||
fi
|
||||
# connect the ng_ksocket with the NetFlow destination
|
||||
if ! /usr/sbin/ngctl msg netflow_$interface:export$nfversion connect inet/$netflow_int_destination; then
|
||||
netflow_node_error $interface "cannot connect socket_netflow_$interface with inet/$netflow_int_destination"
|
||||
return
|
||||
fi
|
||||
}
|
||||
|
||||
netflow_start()
|
||||
@ -110,7 +156,7 @@ netflow_start()
|
||||
|
||||
# configure interfaces
|
||||
for interface in $netflow_interfaces; do
|
||||
setup_interface "$interface"
|
||||
netflow_setup_interface "$interface"
|
||||
done
|
||||
|
||||
# forward netflow packets, make sure $netflow_int_destination forwards to localhost (127.0.0.1)
|
||||
@ -131,7 +177,7 @@ netflow_stop()
|
||||
fi
|
||||
|
||||
# cleanup netflow processes
|
||||
for netflow_node in `/usr/sbin/ngctl list | grep netflow_ | awk '{print $2;}'`
|
||||
for netflow_node in `/usr/sbin/ngctl list | grep "Type: netflow" | awk '{print $2;}'`
|
||||
do
|
||||
/usr/sbin/ngctl shutdown $netflow_node:
|
||||
done
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user