========= Conntrack ========= This chapter covers some aspects related to :osdx:cfg:`system conntrack`, which is a feature that allows the user to track connections through OSDx devices. The conntrack utility provides a featured userspace interface to the Netfilter connection tracking system. It can be used to dump a list of all (or a filtered selection of) currently tracked connections. Connection Format ================= All connections can be structured in a similar fashion to the one shown below: .. code-block:: bash icmp 1 25 src=10.0.0.1 dst=10.0.0.2 type=8 code=0 id=18723 vrf=RED packets=2 bytes=168 src=10.0.0.2 dst=10.0.0.1 type=0 code=0 id=18723 vrf=RED packets=2 bytes=168 mark=33 use=1 appdetect[L3:1] In the example above, you can see a ping connection using a vrf called **RED**. It contains both an origin and a reply message (each with its own fields, such as the source (**src**) and destination (**dst**) ip address and message **code** and **type**), as well as global parameters like the protocol used (**icmp**), the number of **packets** and **bytes** transmitted, and the **id**. In addition to the fields mentioned, there are others related to the traffic policies established in the connections. For example, information on whether the connection is bypassed or not (**Sc: not-bypass**) can be found, as well as on the **mark** packet, the offloaded flag (**[OFFLOAD]** or **[HW_OFFLOAD]**), and app-detect data (**appdetect[engineId:appID]**). More information about these fields and their configuration is found in :doc:`Traffic Routing Articles ` and :doc:`Firewall Service `. Running the :osdx:op:`system conntrack monitor` command will monitor all current connections (containing the previously described fields) via three different states: * **NEW**: New conntrack messages. * **UPDATE**: Updated conntrack messages. * **DESTROY**: Conntrack messages indicating disconnection. Logging ======= :osdx:cfg:`system conntrack logging` is an option that allows conntrack information to be sent via syslog. The message types to be captured, NEW, UPDATE, DESTROY or ALL of them (**events** option with **destroy** as default value) must be configured, as well as the log level of those events (**log-level** option). This last option indicates the log level at which messages will be displayed, and not their own level. For example, setting this option to **err** will display the conntrack messages with error format, but configuring it with **debug** will show the information with debug style (**info** level by default). The expected output when running :osdx:op:`system journal monitor` or :osdx:op:`system journal show` will be as follows: .. code-block:: bash osdx ulogd[9431]: [NEW] ORIG: SRC=10.0.0.1 DST=10.0.0.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.0.0.2 DST=10.0.0.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=LOCAL In addition to the default conntrack message, the label field associated to a traffic policy is also included. However, the app detect information has not yet been implemented. Some examples of this feature and how to configure it can be found :doc:`here `. Configuration commands ====================== .. osdx:cmdtree:: cfg :maxdepth: 1 system conntrack Operational Commands ==================== .. osdx:cmdtree:: op :maxdepth: 2 system conntrack