Re: [pmacct-discussion] tee plugin ipv6 problem

2020-07-28 Thread Alexander Brusilov 
I've tested in latest code 1.7.5-git (20200510-00) with same result.
Some clarification to my previous message
In ipv4 all checksums and lengths in all packets are fine.
About ipv6 bad packet example:
BAD UDP LENGTH 1332 > IP PAYLOAD LENGTH] Len=1324 [ILLEGAL CHECKSUM (0)
Data (1304 bytes)
UDP header: Length: 1332 (bogus, payload length 1312)<<< in my
understanding length should be 1312 (data + 8 bytes)
IPV6 header: Length: 1332 (bogus, payload length 1312)   <<< in my
understanding length should be 1372 (data + 8 bytes + 40)

вт, 28 июл. 2020 г. в 12:34, Alexander Brusilov :

> Hi all,
> i use following scenario in ipv4 and it work fine:
> tee plugin listen on external interface and replicate sflow data in two
> streams via loopback interface, here is part of configs:
> /opt/etc/sf_tee.conf
> promisc: false
> interface: 
> !
> sfacctd_port: 2101
> sfacctd_ip: 
> !
> plugins: tee[sf]
> tee_receivers[sf]: /opt/etc/tee_receivers_sf.lst
> tee_transparent: true
> !
> pre_tag_map: /opt/etc/pretag.map
> !
>
> /opt/etc/tee_receivers_sf.lst
> id=2101 ip=127.0.0.1:2101
> id=111 ip=127.0.0.1:20111 tag=111
>
> /opt/etc/pretag.map
> set_tag=111 ip=
>
> i am trying do same with ipv6, but with no success, here is configs:
> /opt/etc/sf_tee_v6.conf
> promisc: false
> interface: 
> !
> sfacctd_port: 2101
> sfacctd_ip: 
> !
> plugins: tee[sf]
> tee_receivers[sf]: /opt/etc/tee_receivers_sf_v6.lst
> tee_transparent: true
> !
> pre_tag_map: /opt/etc/pretag.map
> !
>
> /opt/etc/tee_receivers_sf_v6.lst
> id=2101 ip=[::1]:2101
> id=111 ip=[::1]:20111 tag=111
>
> ipv6 sflow data stream replicated according configs, but sfacctd backend
> (and some other software too) ignore this replicated packets.
> I've run tcpdump on external and lo interface and see that packets on lo
> interface (replicated by tee plugin) have wrong payload length in ipv6
> header (in udp may be too). In ipv4 all checksums in all packets fine.
> It's normal behaviour or not? Can this cause that sfaccd backend ignore
> this packets? Or may be i missing something?
>
> Here example some info of bad packet from wireshark
> BAD UDP LENGTH 1332 > IP PAYLOAD LENGTH] Len=1324 [ILLEGAL CHECKSUM (0)
> Data (1304 bytes)
> UDP: Length: 1332 (bogus, payload length 1312)
> IPV6: Length: 1332 (bogus, payload length 1312)   <<< in my understanding
> length should be 1372
>
> # /opt/sbin/sfacctd -V
> sFlow Accounting Daemon, sfacctd 1.7.4-git (20191126-01+c6)
>
> Arguments:
>  '--prefix=/opt' '--enable-geoipv2' '--enable-jansson' '--enable-zmq'
> '--enable-pgsql' 'PKG_CONFIG_PATH=/usr/pgsql-11/lib/pkgconfig'
> '--enable-l2' '--enable-64bit' '--enable-traffic-bins' '--enable-bgp-bins'
> '--enable-bmp-bins' '--enable-st-bins'
>
> System:
> Linux 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020
> x86_64
>
> # cat /etc/redhat-release
> CentOS Linux release 7.8.2003 (Core)
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] tee plugin ipv6 problem

2020-07-28 Thread Alexander Brusilov 
Hi all,
i use following scenario in ipv4 and it work fine:
tee plugin listen on external interface and replicate sflow data in two
streams via loopback interface, here is part of configs:
/opt/etc/sf_tee.conf
promisc: false
interface: 
!
sfacctd_port: 2101
sfacctd_ip: 
!
plugins: tee[sf]
tee_receivers[sf]: /opt/etc/tee_receivers_sf.lst
tee_transparent: true
!
pre_tag_map: /opt/etc/pretag.map
!

/opt/etc/tee_receivers_sf.lst
id=2101 ip=127.0.0.1:2101
id=111 ip=127.0.0.1:20111 tag=111

/opt/etc/pretag.map
set_tag=111 ip=

i am trying do same with ipv6, but with no success, here is configs:
/opt/etc/sf_tee_v6.conf
promisc: false
interface: 
!
sfacctd_port: 2101
sfacctd_ip: 
!
plugins: tee[sf]
tee_receivers[sf]: /opt/etc/tee_receivers_sf_v6.lst
tee_transparent: true
!
pre_tag_map: /opt/etc/pretag.map
!

/opt/etc/tee_receivers_sf_v6.lst
id=2101 ip=[::1]:2101
id=111 ip=[::1]:20111 tag=111

ipv6 sflow data stream replicated according configs, but sfacctd backend
(and some other software too) ignore this replicated packets.
I've run tcpdump on external and lo interface and see that packets on lo
interface (replicated by tee plugin) have wrong payload length in ipv6
header (in udp may be too). In ipv4 all checksums in all packets fine.
It's normal behaviour or not? Can this cause that sfaccd backend ignore
this packets? Or may be i missing something?

Here example some info of bad packet from wireshark
BAD UDP LENGTH 1332 > IP PAYLOAD LENGTH] Len=1324 [ILLEGAL CHECKSUM (0)
Data (1304 bytes)
UDP: Length: 1332 (bogus, payload length 1312)
IPV6: Length: 1332 (bogus, payload length 1312)   <<< in my understanding
length should be 1372

# /opt/sbin/sfacctd -V
sFlow Accounting Daemon, sfacctd 1.7.4-git (20191126-01+c6)

Arguments:
 '--prefix=/opt' '--enable-geoipv2' '--enable-jansson' '--enable-zmq'
'--enable-pgsql' 'PKG_CONFIG_PATH=/usr/pgsql-11/lib/pkgconfig'
'--enable-l2' '--enable-64bit' '--enable-traffic-bins' '--enable-bgp-bins'
'--enable-bmp-bins' '--enable-st-bins'

System:
Linux 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64

# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Does pmacct looking glass suppoorts multipath?

2023-01-30 Thread Alexander Brusilov 
Hi everyone, Paolo,

I am trying to set up a Looking Glass server, everything works good, but
bgp multipath. Here is part of logs:

nfacctd[13959]: INFO ( default/core ):  '--prefix=/opt/pmacct-1.7.8'
'--enable-geoipv2' '--enable-jansson' '--enable-zmq' '--enable-pgsql'
'PKG_CONFIG_PATH=/usr/pgsql-14/lib/pkgconfig' '--enable-l2'
'--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins'
'--enable-st-bins'
nfacctd[13959]: INFO ( default/core ): Reading configuration file
'/opt/pmacct-1.7.8/etc/nfacctd.conf'.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/sampling.map]
(re)loading map.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/sampling.map] map
successfully (re)loaded.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/agent_to_peer.map]
(re)loading map.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/agent_to_peer.map]
map successfully (re)loaded.
nfacctd[13959]: INFO ( default/core/lg ): Looking Glass listening on
192.168.X.X:1791
nfacctd[13959]: INFO ( default/core/BGP ): maximum BGP peers allowed: 3
nfacctd[13959]: INFO ( default/core/BGP ): bgp_daemon_pipe_size:
obtained=33554432 target=16777216.
nfacctd[13959]: INFO ( default/core/BGP ): waiting for BGP data on
192.168.X.X:179
nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] BGP peers usage: 3/3
nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability:
MultiProtocol [1] AFI [1] SAFI [1]
nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability:
MultiProtocol [1] AFI [2] SAFI [1]
nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability: 4-bytes
AS [65] ASN [XX]
nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability:
ADD-PATHs [69] AFI [1] SAFI [1] SEND_RECEIVE [2]
nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] Capability:
ADD-PATHs [69] AFI [2] SAFI [1] SEND_RECEIVE [2]
nfacctd[13959]: INFO ( default/core/BGP ): [10.X.X.X1] BGP_OPEN: Local AS:
XX Remote AS: XX HoldTime: 90
nfacctd[13959]: INFO ( nfacct_bgp_v4/pgsql ): cache entries=524288 base
cache memory=214005504 bytes
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map]
(re)loading map.
nfacctd[13959]: INFO ( nfacct_bgp_v6/pgsql ): cache entries=524288 base
cache memory=214005504 bytes
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] map
successfully (re)loaded.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map]
(re)loading map.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] map
successfully (re)loaded.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map]
(re)loading map.
nfacctd[13959]: INFO ( default/core ): [/opt/pmacct/etc/pretag.map] map
successfully (re)loaded.
nfacctd[13959]: INFO ( default/core ): waiting for NetFlow/IPFIX data on
:::9995
nfacctd[13959]: INFO ( default/core/BGP ): *** Dumping BGP tables - START
(PID: 13991 RID: 1) ***
nfacctd[13959]: INFO ( default/core/BGP ): *** Dumping BGP tables - END
(PID: 13991 RID: 1 TABLES: 3 ENTRIES: 3345336 ET: 53) ***

ADD-PATHs successfully negotiated and present in dump file:
$ sudo grep 'X.X.X.0/24'
/opt/pmacct/var/nfacct-bgp-20230130-131675075080-10_X_X_X.json
{"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X",
"peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1,
"ip_prefix": "X.X.X.0/24", "as_path_id": 1, "bgp_nexthop": "",
"as_path": "", "comms": "", "origin": "i", "local_pref": 100,
"med": 20}
{"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X",
"peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1,
"ip_prefix": "X.X.X.0/24", "as_path_id": 3, "bgp_nexthop": "",
"as_path": "", "comms": "", "origin": "i", "local_pref": 100,
"med": 20}
{"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X",
"peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1,
"ip_prefix": "X.X.X.0/24", "as_path_id": 5, "bgp_nexthop": "",
"as_path": "", "comms": "", "origin": "i", "local_pref": 100,
"med": 20}
{"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X",
"peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1,
"ip_prefix": "X.X.X.0/24", "as_path_id": 4, "bgp_nexthop": "",
"as_path": "", "comms": "", "origin": "i", "local_pref": 100,
"med": 20}
{"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X",
"peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1,
"ip_prefix": "X.X.X.0/24", "as_path_id": 2, "bgp_nexthop": "",
"as_path": "", "comms": "", "origin": "i", "local_pref": 100,
"med": 20}
{"seq": 0, "timestamp": "1675075080", "peer_ip_src": "10.X.X.X",
"peer_tcp_port": 50573, "event_type": "dump", "afi": 1, "safi": 1,
"ip_prefix": "X.X.X.0/24", "as_path_id": 6, "bgp_nexthop": "",
"as_path": "", "comms": "", "origin": "i", "local_pref": 100,
"med": 20}
$
But Looking Glass always response with one prefix:
$ ./pmbgp.py -g -u pmacct -p 
b'{"results": 3, "query_type": 2}'
b'{"peer_ip_src": "10.X.X.X3", "peer_id": "10.X.X.X3", "peer_tcp_port":
65164, "peer_as": }'
b'{"peer_ip_src":