flowd not working after upgrade.

[AdSchellevis]

Normally the netgraph modules should be loaded automatically, but not all of them seem to be doing that at the moment.

If you can identify which ones we should add by minimal for your issue and open a ticket here https://github.com/opnsense/core/issues we can add those in the netflow loader script, like the ng_ether module added here https://github.com/opnsense/core/commit/4edbacc5193319337f4c1004e2505fe0821cb0c3

You can see the ones loaded (automatically) using the following command:

Code Select Expand


kldstat | grep ng_


Best regards,

Ad

[Waschbuesch]

Thanks, Ad.

I have tried to find out what the missing modules might be, but so far, no luck.

If I do not touch modules, I end up with the graph as shown in the attached vanilla.png
and the output of

Code Select Expand

ngctl types is:

Code Select Expand


There are 10 total types:
      Type name   Number of living nodes
      ---------   ----------------------
        ksocket       1
        netflow       1
         tcpmss       1
          pppoe       1
          ether      10
            tee       1
            ppp       1
          iface       1
           mppc       0
         socket       6


If I put all these (https://github.com/opnsense/core/blob/stable/19.7/src/etc/rc.loader.d/20-netgraph) into /boot/loader.conf.local, I end up with the graph as shown in the attached modules.png and this output

Code Select Expand


There are 31 total types:
      Type name   Number of living nodes
      ---------   ----------------------
        netflow       4
         socket       6
           vlan       0
            vjc       0
            tty       0
            tee       1
         tcpmss       1
          ether      13
         eiface       0
        rfc1490       0
          pred1       0
           echo       0
        pptpgre       0
          pppoe       1
        deflate       0
            ppp       1
          async       0
           pipe       0
          cisco       0
       one2many       0
           mppc       0
            car       0
         bridge       0
            lmi       0
           l2tp       0
        ksocket       4
            bpf       0
          iface       1
             UI       0
           hole       0
    frame_relay       0


I assumed I would see which types are missing by listing the used node types, but apparently, that is not true (or there might be ng_xyz modules that are not node types themselves, but add functionality to existing types?).

Also note that, apparently, I have to reboot after adding modules. Using

Code Select Expand

kldload ng_xyz to load each of the modules mentioned in https://github.com/opnsense/core/blob/stable/19.7/src/etc/rc.loader.d/20-netgraph without a reboot and then doing

Code Select Expand

/usr/local/etc/rc.d/netflow restart, I do not get the same results.

How would I go about narrowing this down without doing trial and error and module by module and having to reboot? Is there another service that needs restarting or is a reboot really necessary?

[franco]

I am kind of lost now WRT what works when and how and if this can actually be restored to pre-20.1 behaviour despite general lack of reports that suggest there is a pre-20.1 behaviour.


Cheers,
Franco

[Waschbuesch]

Franco, let's forget about the unsure stuff for a moment (For the unsure stuff I will have to reinstall 19.7 on some box and test it.).
What I am certain about:

Say you create a bridge, add ports and assign the bridge as an interface e.g. OPT1.
And then enable flowd for OPT1.

Pre 20.x it would record traffic out of the box. With 20.x it does not.

This is definitely due to the modules mentioned and is what I can get back working when adding the modules back in.
The previous post explained how I was so far unable to narrow it down to which specific modules are responsible.

[franco]

Thanks for the explanation. How about we load "netgraph" kernel module on system loading time like before but load all other required modules on demand? ng_bridge seems like a good candidate.

I just don't want to go full circle with this as netgraph modules may needlessly slow down processing time.


Cheers,
Franco

[Waschbuesch]

That's what I had attempted. The problem is, adding ng_bridge on boot is not sufficient (though that would have seemed like the obvious thing).
I have not yet made out what other module is needed. :-(