This morning we came across a peculiar error in vyos. When trying to add a network to a network-group, we got the cryptic error message ‘set failed’ with no explanation. Checking /var/log/vyatta/cfg-stdout.log revealed the following:
# tail /var/log/vyatta/cfg-stdout.log set cfg path failed write_file too large failed to write node value (write) [/opt/vyatta/config/tmp/new_config_19469/firewall/group/network-group/BLACKHOLE-NET-GRP/network/node.val] set cfg path failed write_file too large failed to write node value (write) [/opt/vyatta/config/tmp/new_config_19638/firewall/group/network-group/BLACKHOLE-NET-GRP/network/node.val] set cfg path failed
Searching the source on github took me to UnionfsCstore::write_file in vyatta-cfg/src/cstore/unionfs/cstore-unionfs.cpp which logs that message if the node.val being written is > C_UNIONFS_MAX_FILE_SIZE which is defined in vyatta-cfg/src/cstore/unionfs/cstore-unionfs.hpp to be 256k.
Checking the file /opt/vyatta/config/tmp/new_config_19638/firewall/group/network-group/BLACKHOLE-NET-GRP/network/node.val it is indeed a hair over 256K:
# ls -l /opt/vyatta/config/tmp/new_config_19638/firewall/group/network-group/BLACKHOLE-NET-GRP/network/node.val -rw-rw-r-- 1 root root 261802 Jun 22 11:44 /opt/vyatta/config/tmp/new_config_19638/firewall/group/network-group/BLACKHOLE-NET-GRP/network/node.val
Is there a reason for this file size limitation? Any way for me to change it at runtime? This is a rather large network group, its used by our IDS software to automatically block people that try to do $badthings to our network.