Re: [pmacct-discussion] tee plugin ipv6 problem
I've tested in latest code 1.7.5-git (20200510-00) with same result. Some clarification to my previous message In ipv4 all checksums and lengths in all packets are fine. About ipv6 bad packet example: BAD UDP LENGTH 1332 > IP PAYLOAD LENGTH] Len=1324 [ILLEGAL CHECKSUM (0) Data (1304 bytes) UDP header: Length: 1332 (bogus, payload length 1312)<<< in my understanding length should be 1312 (data + 8 bytes) IPV6 header: Length: 1332 (bogus, payload length 1312) <<< in my understanding length should be 1372 (data + 8 bytes + 40) вт, 28 июл. 2020 г. в 12:34, Alexander Brusilov : > Hi all, > i use following scenario in ipv4 and it work fine: > tee plugin listen on external interface and replicate sflow data in two > streams via loopback interface, here is part of configs: > /opt/etc/sf_tee.conf > promisc: false > interface: > ! > sfacctd_port: 2101 > sfacctd_ip: > ! > plugins: tee[sf] > tee_receivers[sf]: /opt/etc/tee_receivers_sf.lst > tee_transparent: true > ! > pre_tag_map: /opt/etc/pretag.map > ! > > /opt/etc/tee_receivers_sf.lst > id=2101 ip=127.0.0.1:2101 > id=111 ip=127.0.0.1:20111 tag=111 > > /opt/etc/pretag.map > set_tag=111 ip= > > i am trying do same with ipv6, but with no success, here is configs: > /opt/etc/sf_tee_v6.conf > promisc: false > interface: > ! > sfacctd_port: 2101 > sfacctd_ip: > ! > plugins: tee[sf] > tee_receivers[sf]: /opt/etc/tee_receivers_sf_v6.lst > tee_transparent: true > ! > pre_tag_map: /opt/etc/pretag.map > ! > > /opt/etc/tee_receivers_sf_v6.lst > id=2101 ip=[::1]:2101 > id=111 ip=[::1]:20111 tag=111 > > ipv6 sflow data stream replicated according configs, but sfacctd backend > (and some other software too) ignore this replicated packets. > I've run tcpdump on external and lo interface and see that packets on lo > interface (replicated by tee plugin) have wrong payload length in ipv6 > header (in udp may be too). In ipv4 all checksums in all packets fine. > It's normal behaviour or not? Can this cause that sfaccd backend ignore > this packets? Or may be i missing something? > > Here example some info of bad packet from wireshark > BAD UDP LENGTH 1332 > IP PAYLOAD LENGTH] Len=1324 [ILLEGAL CHECKSUM (0) > Data (1304 bytes) > UDP: Length: 1332 (bogus, payload length 1312) > IPV6: Length: 1332 (bogus, payload length 1312) <<< in my understanding > length should be 1372 > > # /opt/sbin/sfacctd -V > sFlow Accounting Daemon, sfacctd 1.7.4-git (20191126-01+c6) > > Arguments: > '--prefix=/opt' '--enable-geoipv2' '--enable-jansson' '--enable-zmq' > '--enable-pgsql' 'PKG_CONFIG_PATH=/usr/pgsql-11/lib/pkgconfig' > '--enable-l2' '--enable-64bit' '--enable-traffic-bins' '--enable-bgp-bins' > '--enable-bmp-bins' '--enable-st-bins' > > System: > Linux 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 > x86_64 > > # cat /etc/redhat-release > CentOS Linux release 7.8.2003 (Core) > ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] tee plugin ipv6 problem
Hi all, i use following scenario in ipv4 and it work fine: tee plugin listen on external interface and replicate sflow data in two streams via loopback interface, here is part of configs: /opt/etc/sf_tee.conf promisc: false interface: ! sfacctd_port: 2101 sfacctd_ip: ! plugins: tee[sf] tee_receivers[sf]: /opt/etc/tee_receivers_sf.lst tee_transparent: true ! pre_tag_map: /opt/etc/pretag.map ! /opt/etc/tee_receivers_sf.lst id=2101 ip=127.0.0.1:2101 id=111 ip=127.0.0.1:20111 tag=111 /opt/etc/pretag.map set_tag=111 ip= i am trying do same with ipv6, but with no success, here is configs: /opt/etc/sf_tee_v6.conf promisc: false interface: ! sfacctd_port: 2101 sfacctd_ip: ! plugins: tee[sf] tee_receivers[sf]: /opt/etc/tee_receivers_sf_v6.lst tee_transparent: true ! pre_tag_map: /opt/etc/pretag.map ! /opt/etc/tee_receivers_sf_v6.lst id=2101 ip=[::1]:2101 id=111 ip=[::1]:20111 tag=111 ipv6 sflow data stream replicated according configs, but sfacctd backend (and some other software too) ignore this replicated packets. I've run tcpdump on external and lo interface and see that packets on lo interface (replicated by tee plugin) have wrong payload length in ipv6 header (in udp may be too). In ipv4 all checksums in all packets fine. It's normal behaviour or not? Can this cause that sfaccd backend ignore this packets? Or may be i missing something? Here example some info of bad packet from wireshark BAD UDP LENGTH 1332 > IP PAYLOAD LENGTH] Len=1324 [ILLEGAL CHECKSUM (0) Data (1304 bytes) UDP: Length: 1332 (bogus, payload length 1312) IPV6: Length: 1332 (bogus, payload length 1312) <<< in my understanding length should be 1372 # /opt/sbin/sfacctd -V sFlow Accounting Daemon, sfacctd 1.7.4-git (20191126-01+c6) Arguments: '--prefix=/opt' '--enable-geoipv2' '--enable-jansson' '--enable-zmq' '--enable-pgsql' 'PKG_CONFIG_PATH=/usr/pgsql-11/lib/pkgconfig' '--enable-l2' '--enable-64bit' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' System: Linux 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64 # cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] Does pmacct looking glass suppoorts multipath?
Hi everyone, Paolo, I am trying to set up a Looking Glass server, everything works good, but bgp multipath. Here is part of logs: nfacctd[13959]: INFO ( default/core ): '--prefix=/opt/pmacct-1.7.8' '--enable-geoipv2' '--enable-jansson' '--enable-zmq' '--enable-pgsql' 'PKG_CONFIG_PATH=/usr/pgsql-14/lib/pkgconfig' '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' nfacctd[13959]: INFO ( default/core ): Reading configuration file '/opt/pmacct-1.7.8/etc/nfacctd.conf'. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/sampling.map] (re)loading map. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/sampling.map] map successfully (re)loaded. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/agent_to_peer.map] (re)loading map. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/agent_to_peer.map] map successfully (re)loaded. nfacctd[13959]: INFO ( default/core/lg ): Looking Glass listening on 192.168.X.X:1791 nfacctd[13959]: INFO ( default/core/BGP ): maximum BGP peers allowed: 3 nfacctd[13959]: INFO ( default/core/BGP ): bgp_daemon_pipe_size: obtained=33554432 target=16777216. nfacctd[13959]: INFO ( default/core/BGP ): waiting for BGP data on 192.168.X.X:179 nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] BGP peers usage: 3/3 nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability: MultiProtocol [1] AFI [1] SAFI [1] nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability: MultiProtocol [1] AFI [2] SAFI [1] nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability: 4-bytes AS [65] ASN [XX] nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability: ADD-PATHs [69] AFI [1] SAFI [1] SEND_RECEIVE [2] nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability: ADD-PATHs [69] AFI [2] SAFI [1] SEND_RECEIVE [2] nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] BGP_OPEN: Local AS: XX Remote AS: XX HoldTime: 90 nfacctd[13959]: INFO ( nfacct_bgp_v4/pgsql ): cache entries=524288 base cache memory=214005504 bytes nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] (re)loading map. nfacctd[13959]: INFO ( nfacct_bgp_v6/pgsql ): cache entries=524288 base cache memory=214005504 bytes nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] map successfully (re)loaded. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] (re)loading map. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] map successfully (re)loaded. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] (re)loading map. nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] map successfully (re)loaded. nfacctd[13959]: INFO ( default/core ): waiting for NetFlow/IPFIX data on :::9995 nfacctd[13959]: INFO ( default/core/BGP ): *** Dumping BGP tables - START (PID: 13991 RID: 1) *** nfacctd[13959]: INFO ( default/core/BGP ): *** Dumping BGP tables - END (PID: 13991 RID: 1 TABLES: 3 ENTRIES: 3345336 ET: 53) *** ADD-PATHs successfully negotiated and present in dump file: $ sudo grep 'X.X.X.0/24' /opt/pmacct/var/nfacct-bgp-20230130-131675075080-10_X_X_X.json {"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X", "peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1, "ip_prefix": "X.X.X.0/24", "as_path_id": 1, "bgp_nexthop": "", "as_path": "", "comms": "", "origin": "i", "local_pref": 100, "med": 20} {"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X", "peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1, "ip_prefix": "X.X.X.0/24", "as_path_id": 3, "bgp_nexthop": "", "as_path": "", "comms": "", "origin": "i", "local_pref": 100, "med": 20} {"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X", "peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1, "ip_prefix": "X.X.X.0/24", "as_path_id": 5, "bgp_nexthop": "", "as_path": "", "comms": "", "origin": "i", "local_pref": 100, "med": 20} {"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X", "peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1, "ip_prefix": "X.X.X.0/24", "as_path_id": 4, "bgp_nexthop": "", "as_path": "", "comms": "", "origin": "i", "local_pref": 100, "med": 20} {"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X", "peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1, "ip_prefix": "X.X.X.0/24", "as_path_id": 2, "bgp_nexthop": "", "as_path": "", "comms": "", "origin": "i", "local_pref": 100, "med": 20} {"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X", "peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1, "ip_prefix": "X.X.X.0/24", "as_path_id": 6, "bgp_nexthop": "", "as_path": "", "comms": "", "origin": "i", "local_pref": 100, "med": 20} $ But Looking Glass always response with one prefix: $ ./pmbgp.py -g -u pmacct -p b'{"results": 3, "query_type": 2}' b'{"peer_ip_src": "10.X.X.X3", "peer_id": "10.X.X.X3", "peer_tcp_port": 65164, "peer_as": }' b'{"peer_ip_src":