search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.37k stars 287 forks source link

Inline Accounting not working #8200

Closed WireFr33 closed 4 months ago

WireFr33 commented 4 months ago

Describe the bug Inline accounting not working

To Reproduce Setup packetfence in inline mode with netflow.

Expected behavior bandwidth accounting of inline nodes

Additional context I have an inline installation of version 13.1.

The netflow accounting is not working.

After some debugging I see in that /usr/local/pf/go/cmd/pfacct/net_flow.go does the following on line 58 INSERT INTO bandwidth_accounting (node_id, tenant_id, mac, unique_session_id, time_bucket, in_bytes, out_bytes, source_type) Refer to https://github.com/inverse-inc/packetfence/blob/devel/go/cmd/pfacct/net_flow.go

However the 13.1 and 13.2 schemas in /usr/local/pf/db have the following

CREATE TABLE bandwidth_accounting ( node_id BIGINT UNSIGNED NOT NULL, unique_session_id BIGINT UNSIGNED NOT NULL, time_bucket DATETIME NOT NULL, source_type ENUM('net_flow','radius') NOT NULL, in_bytes BIGINT SIGNED NOT NULL, out_bytes BIGINT SIGNED NOT NULL, mac CHAR(17) NOT NULL, last_updated DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, total_bytes BIGINT SIGNED AS (in_bytes + out_bytes) VIRTUAL, PRIMARY KEY (node_id, time_bucket, unique_session_id), KEY bandwidth_aggregate_buckets (time_bucket, node_id, unique_session_id, in_bytes, out_bytes), KEY bandwidth_source_type_time_bucket (source_type, time_bucket), KEY bandwidth_last_updated_source_type_time_bucket (last_updated, source_type, time_bucket), KEY bandwidth_node_id_unique_session_id_last_updated (node_id, unique_session_id, last_updated), KEY bandwidth_accounting_mac_last_updated (mac, last_updated) ) ENGINE=InnoDB DEFAULT CHARACTER SET = 'utf8mb4' COLLATE = 'utf8mb4_general_ci';

I see that tenant_id was removed from the table in version 12.0.

The CREATE TABLE does not have the tenant_id. Inline accounting is not working as the INSERTs are failing.

The Changelog has the following: commit d8ec20cbccd2f51af945557e5062c94b33bdfb81 Author: James Rouzier jrouzier@inverse.ca Date: Mon Oct 31 15:31:58 2022 -0400

WireFr33 commented 4 months ago

I see that line 60 in https://github.com/inverse-inc/packetfence/blob/devel/go/cmd/pfacct/net_flow.go also has a SELECT with the tenant_id.

WireFr33 commented 4 months ago

A grep of all the files in /usr/local/pf shows that the following code still makes use of tenant_id

  1. go/cmd/pfacct/net_flow_test.go
  2. go/cmd/pfacct/net_flow.go
  3. go/caddy/pfpki/cloud/intune.go
  4. html/pfappserver/lib/pfappserver/Form/Config/Source/AzureAD.pm
  5. html/pfappserver/lib/pfappserver/Form/Config/Cloud/Intune.pm
  6. html/pfappserver/root/src/views/Configuration/clouds/schema.js
  7. html/pfappserver/root/src/views/Configuration/clouds/_components/FormTypeIntune.vue
  8. html/pfappserver/root/src/views/Configuration/sources/schema.js
  9. html/pfappserver/root/src/views/Configuration/sources/_components/FormTypeAzureAD.vue
  10. lib/pf/pfcmd/checkup.pm
  11. lib/pf/util.pm
  12. lib/pf/Authentication/Source/AzureADSource.pm