App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.372 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.372/0.372/0.372/0.000 ms
Step 3: Ping IP address teldat.es from DUT0:
admin@DUT0$ ping teldat.es count 1 size 56 timeout 1Show output
PING teldat.es (82.223.148.162) 56(84) bytes of data. 64 bytes from blog.teldat.com (82.223.148.162): icmp_seq=1 ttl=43 time=12.0 ms --- teldat.es ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 12.031/12.031/12.031/0.000 ms
Step 4: Run command file copy https://teldat.es running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 243 100 243 0 0 2325 0 --:--:-- --:--:-- --:--:-- 2314
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:33 ssl-host:teldat.es\]Show output
Feb 19 18:47:34.464165 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 18:47:34.466522 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 18:47:34.466634 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 18:47:34.483365 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 18:47:35.159895 osdx osdx-coredump[51554]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 18:47:35.171539 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 18:47:36.064131 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:47:36.272455 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Feb 19 18:47:36.420013 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Feb 19 18:47:36.597673 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Feb 19 18:47:36.749091 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Feb 19 18:47:36.875933 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Feb 19 18:47:37.011518 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Feb 19 18:47:37.119262 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Feb 19 18:47:37.265548 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 18:47:37.443953 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Feb 19 18:47:37.592792 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 18:47:37.769721 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Feb 19 18:47:37.987180 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 18:47:38.161298 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 18:47:38.347057 osdx INFO[51602]: FRR daemons did not change Feb 19 18:47:38.602529 osdx kernel: app-detect: module init Feb 19 18:47:38.602607 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 18:47:38.602633 osdx kernel: app-detect: expression init Feb 19 18:47:38.602651 osdx kernel: app-detect: appid cache initialized Feb 19 18:47:38.602671 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 18:47:38.746527 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 18:47:39.240460 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:47:39.300235 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:47:39.339271 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:47:39.582996 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 18:47:39.756207 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping teldat.es count 1 size 56 timeout 1'. Feb 19 18:47:40.031978 osdx file_operation[51802]: using src url: https://teldat.es dst url: running://index.html Feb 19 18:47:40.076592 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=36943 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.077669 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=36944 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.078570 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=36945 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.078615 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1492 TOS=0x00 PREC=0x00 TTL=43 ID=36946 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.082523 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1516 TOS=0x00 PREC=0x00 TTL=43 ID=36948 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.107087 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=43 ID=36950 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.136349 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=599 TOS=0x00 PREC=0x00 TTL=43 ID=36951 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.154541 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=43 ID=36952 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.154658 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=36953 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.154681 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=36954 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.187271 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy https://teldat.es running://index.html force'.
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 15917 0 --:--:-- --:--:-- --:--:-- 15934
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:34 http-host:10.215.168.1\]Show output
Feb 19 18:47:34.464165 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 18:47:34.466522 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 18:47:34.466634 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 18:47:34.483365 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 18:47:35.159895 osdx osdx-coredump[51554]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 18:47:35.171539 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 18:47:36.064131 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:47:36.272455 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Feb 19 18:47:36.420013 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Feb 19 18:47:36.597673 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Feb 19 18:47:36.749091 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Feb 19 18:47:36.875933 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Feb 19 18:47:37.011518 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Feb 19 18:47:37.119262 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Feb 19 18:47:37.265548 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 18:47:37.443953 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Feb 19 18:47:37.592792 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 18:47:37.769721 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Feb 19 18:47:37.987180 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 18:47:38.161298 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 18:47:38.347057 osdx INFO[51602]: FRR daemons did not change Feb 19 18:47:38.602529 osdx kernel: app-detect: module init Feb 19 18:47:38.602607 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 18:47:38.602633 osdx kernel: app-detect: expression init Feb 19 18:47:38.602651 osdx kernel: app-detect: appid cache initialized Feb 19 18:47:38.602671 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 18:47:38.746527 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 18:47:39.240460 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:47:39.300235 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:47:39.339271 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:47:39.582996 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 18:47:39.756207 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping teldat.es count 1 size 56 timeout 1'. Feb 19 18:47:40.031978 osdx file_operation[51802]: using src url: https://teldat.es dst url: running://index.html Feb 19 18:47:40.076592 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=36943 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.077669 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=36944 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.078570 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=36945 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.078615 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1492 TOS=0x00 PREC=0x00 TTL=43 ID=36946 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.082523 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1516 TOS=0x00 PREC=0x00 TTL=43 ID=36948 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.107087 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=43 ID=36950 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.136349 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=599 TOS=0x00 PREC=0x00 TTL=43 ID=36951 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.154541 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=43 ID=36952 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.154658 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=36953 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.154681 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=36954 DF PROTO=TCP SPT=443 DPT=55566 WINDOW=243 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Feb 19 18:47:40.187271 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy https://teldat.es running://index.html force'. Feb 19 18:47:40.372472 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 18:47:40.707457 osdx file_operation[51824]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 18:47:40.717980 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28708 DF PROTO=TCP SPT=80 DPT=34124 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Feb 19 18:47:40.769402 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1191 TOS=0x00 PREC=0x00 TTL=64 ID=28709 DF PROTO=TCP SPT=80 DPT=34124 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Feb 19 18:47:40.775332 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28710 DF PROTO=TCP SPT=80 DPT=34124 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Feb 19 18:47:40.806093 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by an engine dictionary
Description
This example illustrates how to match all traffic in an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=8.99 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 8.990/8.990/8.990/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (216.58.209.68) 56(84) bytes of data. 64 bytes from mad07s22-in-f4.1e100.net (216.58.209.68): icmp_seq=1 ttl=109 time=35.7 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 35.677/35.677/35.677/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 6552k 0 --:--:-- --:--:-- --:--:-- 6658k
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 19753 0 19753 0 0 44261 0 --:--:-- --:--:-- --:--:-- 44289
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:6 ssl-host:www.google.com\]Show output
Feb 19 18:47:51.486491 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 18:47:51.488520 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 18:47:51.488599 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 18:47:51.504087 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 18:47:52.120018 osdx osdx-coredump[52035]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 18:47:52.134057 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 18:47:53.016326 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:47:53.151421 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Feb 19 18:47:53.283900 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Feb 19 18:47:53.402356 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Feb 19 18:47:53.550420 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Feb 19 18:47:53.677273 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Feb 19 18:47:53.841264 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 18:47:54.016429 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Feb 19 18:47:54.191566 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 18:47:54.381179 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 18:47:54.645683 osdx INFO[52079]: FRR daemons did not change Feb 19 18:47:54.680559 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 18:47:55.228572 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:47:55.297954 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:47:55.388989 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:47:55.702333 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 18:47:55.926283 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Feb 19 18:47:56.296543 osdx file_operation[52245]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Feb 19 18:47:56.393960 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Feb 19 18:47:56.636358 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:47:56.804270 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Feb 19 18:47:56.957730 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 18:47:57.125102 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Feb 19 18:47:57.293977 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show changes'. Feb 19 18:47:57.463690 osdx INFO[52262]: FRR daemons did not change Feb 19 18:47:57.752007 osdx kernel: app-detect: module init Feb 19 18:47:57.752074 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 18:47:57.756611 osdx kernel: app-detect: expression init Feb 19 18:47:57.756648 osdx kernel: app-detect: appid cache initialized Feb 19 18:47:57.756669 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 18:47:58.331086 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:47:58.344608 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:47:58.403168 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:47:58.843598 osdx file_operation[52315]: using src url: https://www.google.com dst url: running://index.html Feb 19 18:47:58.900798 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47170 PROTO=TCP SPT=443 DPT=58126 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.921912 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47171 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.922054 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47172 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.922095 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1512 TOS=0x00 PREC=0x00 TTL=112 ID=47173 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.945244 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47175 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.945325 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=47176 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.945347 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=47177 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.951234 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47178 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.952740 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47179 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.283864 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1025 TOS=0x00 PREC=0x00 TTL=112 ID=47180 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.283950 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47181 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.283982 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47182 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284815 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47183 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284863 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47184 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284893 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47185 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284919 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47186 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284939 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47187 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284957 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47188 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288517 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47189 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288583 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47190 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288606 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47191 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288626 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=157 TOS=0x00 PREC=0x00 TTL=112 ID=47192 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290014 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47193 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290059 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47194 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290232 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47195 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290550 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=112 ID=47196 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290588 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=91 TOS=0x00 PREC=0x00 TTL=112 ID=47198 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.307996 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47199 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.308266 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47200 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.329865 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1089 0 1089 0 0 127k 0 --:--:-- --:--:-- --:--:-- 132k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:30 http-host:10.215.168.1\]Show output
Feb 19 18:47:51.486491 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 18:47:51.488520 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 18:47:51.488599 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 18:47:51.504087 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 18:47:52.120018 osdx osdx-coredump[52035]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 18:47:52.134057 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 18:47:53.016326 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:47:53.151421 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Feb 19 18:47:53.283900 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Feb 19 18:47:53.402356 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Feb 19 18:47:53.550420 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Feb 19 18:47:53.677273 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Feb 19 18:47:53.841264 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 18:47:54.016429 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Feb 19 18:47:54.191566 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 18:47:54.381179 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 18:47:54.645683 osdx INFO[52079]: FRR daemons did not change Feb 19 18:47:54.680559 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 18:47:55.228572 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:47:55.297954 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:47:55.388989 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:47:55.702333 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 18:47:55.926283 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Feb 19 18:47:56.296543 osdx file_operation[52245]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Feb 19 18:47:56.393960 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Feb 19 18:47:56.636358 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:47:56.804270 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Feb 19 18:47:56.957730 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 18:47:57.125102 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Feb 19 18:47:57.293977 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show changes'. Feb 19 18:47:57.463690 osdx INFO[52262]: FRR daemons did not change Feb 19 18:47:57.752007 osdx kernel: app-detect: module init Feb 19 18:47:57.752074 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 18:47:57.756611 osdx kernel: app-detect: expression init Feb 19 18:47:57.756648 osdx kernel: app-detect: appid cache initialized Feb 19 18:47:57.756669 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 18:47:58.331086 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:47:58.344608 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:47:58.403168 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:47:58.843598 osdx file_operation[52315]: using src url: https://www.google.com dst url: running://index.html Feb 19 18:47:58.900798 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47170 PROTO=TCP SPT=443 DPT=58126 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.921912 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47171 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.922054 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47172 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.922095 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1512 TOS=0x00 PREC=0x00 TTL=112 ID=47173 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.945244 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47175 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.945325 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=47176 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.945347 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=47177 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.951234 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47178 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:58.952740 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47179 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.283864 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1025 TOS=0x00 PREC=0x00 TTL=112 ID=47180 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.283950 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47181 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.283982 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47182 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284815 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47183 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284863 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47184 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284893 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47185 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284919 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47186 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284939 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47187 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.284957 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47188 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288517 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47189 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288583 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47190 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288606 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47191 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.288626 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=157 TOS=0x00 PREC=0x00 TTL=112 ID=47192 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290014 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47193 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290059 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47194 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290232 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=47195 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290550 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=112 ID=47196 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.290588 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=91 TOS=0x00 PREC=0x00 TTL=112 ID=47198 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.307996 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47199 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.308266 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=47200 PROTO=TCP SPT=443 DPT=58126 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Feb 19 18:47:59.329865 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Feb 19 18:47:59.587330 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 18:48:00.030475 osdx file_operation[52337]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 18:48:00.044629 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=47442 DF PROTO=TCP SPT=80 DPT=35268 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Feb 19 18:48:00.044723 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1308 TOS=0x00 PREC=0x00 TTL=64 ID=47443 DF PROTO=TCP SPT=80 DPT=35268 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Feb 19 18:48:00.085782 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=47444 DF PROTO=TCP SPT=80 DPT=35268 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Feb 19 18:48:00.095199 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a custom dictionary
Description
This example illustrates how to drop all traffic that does not belong to a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id custom -1
Step 2: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (151.101.133.50) 56(84) bytes of data. 64 bytes from 151.101.133.50 (151.101.133.50): icmp_seq=1 ttl=49 time=3.85 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.847/3.847/3.847/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (216.58.209.68) 56(84) bytes of data. 64 bytes from mad07s22-in-f4.1e100.net (216.58.209.68): icmp_seq=1 ttl=109 time=8.05 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 8.046/8.046/8.046/0.000 ms
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Feb 19 18:48:08.459083 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.2M free. Feb 19 18:48:08.462154 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 18:48:08.463144 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 18:48:08.478939 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 18:48:09.177447 osdx osdx-coredump[52553]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 18:48:09.190820 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 18:48:10.494891 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:48:10.684265 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Feb 19 18:48:10.818564 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Feb 19 18:48:10.955305 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Feb 19 18:48:11.099045 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Feb 19 18:48:11.229928 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Feb 19 18:48:11.360327 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Feb 19 18:48:11.482828 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Feb 19 18:48:11.628368 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Feb 19 18:48:11.745467 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 18:48:11.870007 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Feb 19 18:48:12.014957 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 18:48:12.129300 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Feb 19 18:48:12.282149 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 18:48:12.452553 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 18:48:12.690772 osdx INFO[52602]: FRR daemons did not change Feb 19 18:48:12.930361 osdx kernel: app-detect: module init Feb 19 18:48:12.930411 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 18:48:12.930446 osdx kernel: app-detect: expression init Feb 19 18:48:12.930472 osdx kernel: app-detect: appid cache initialized Feb 19 18:48:12.930499 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 18:48:13.021902 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 18:48:13.535868 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:48:13.581167 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:48:13.639164 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:48:14.066149 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Feb 19 18:48:14.266721 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Feb 19 18:48:14.527638 osdx file_operation[52801]: using src url: https://www.marca.com dst url: running://index.html Feb 19 18:48:14.568224 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=40879 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.570756 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40880 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.570818 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40881 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.570844 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40882 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.577803 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=40883 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.612966 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=40884 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.770570 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40885 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.841390 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40886 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.986077 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40887 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:15.289529 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40888 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:15.442202 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40889 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.216394 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40890 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.309813 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40891 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.495707 osdx file_operation.py[52801]: Operation aborted by user. Feb 19 18:48:16.525912 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=40892 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.525982 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=40893 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.535444 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'.
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:80 http-host:www.google.com\]Show output
Feb 19 18:48:08.459083 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.2M free. Feb 19 18:48:08.462154 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 18:48:08.463144 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 18:48:08.478939 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 18:48:09.177447 osdx osdx-coredump[52553]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 18:48:09.190820 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 18:48:10.494891 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:48:10.684265 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Feb 19 18:48:10.818564 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Feb 19 18:48:10.955305 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Feb 19 18:48:11.099045 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Feb 19 18:48:11.229928 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Feb 19 18:48:11.360327 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Feb 19 18:48:11.482828 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Feb 19 18:48:11.628368 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Feb 19 18:48:11.745467 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 18:48:11.870007 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Feb 19 18:48:12.014957 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 18:48:12.129300 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Feb 19 18:48:12.282149 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 18:48:12.452553 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 18:48:12.690772 osdx INFO[52602]: FRR daemons did not change Feb 19 18:48:12.930361 osdx kernel: app-detect: module init Feb 19 18:48:12.930411 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 18:48:12.930446 osdx kernel: app-detect: expression init Feb 19 18:48:12.930472 osdx kernel: app-detect: appid cache initialized Feb 19 18:48:12.930499 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 18:48:13.021902 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 18:48:13.535868 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:48:13.581167 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:48:13.639164 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:48:14.066149 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Feb 19 18:48:14.266721 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Feb 19 18:48:14.527638 osdx file_operation[52801]: using src url: https://www.marca.com dst url: running://index.html Feb 19 18:48:14.568224 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=40879 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.570756 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40880 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.570818 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40881 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.570844 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40882 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.577803 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=40883 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.612966 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=40884 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.770570 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40885 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.841390 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40886 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:14.986077 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40887 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:15.289529 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40888 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:15.442202 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40889 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.216394 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=40890 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.309813 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=40891 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.495707 osdx file_operation.py[52801]: Operation aborted by user. Feb 19 18:48:16.525912 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=40892 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.525982 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=40893 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:16.535444 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Feb 19 18:48:16.916356 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 18:48:17.329780 osdx file_operation[52821]: using src url: http://www.google.com dst url: running://index.html Feb 19 18:48:17.369355 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=16498 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.582355 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=16499 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.704945 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16500 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.705027 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16501 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.705905 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16502 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.705957 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16503 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.706061 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16504 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.706085 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16505 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.709902 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16506 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.709960 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16507 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.709982 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16508 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.710010 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16509 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.717907 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16510 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.802403 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=16511 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:17.921633 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16512 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:18.024918 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=48 ID=40894 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:18.039200 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=40895 DF PROTO=TCP SPT=443 DPT=51890 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:18.258469 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=16513 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:18.338557 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16514 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:19.154399 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=16515 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:19.177913 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=16516 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:19.241368 osdx file_operation.py[52821]: Operation aborted by user. Feb 19 18:48:19.274716 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=216.58.209.68 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=16517 PROTO=TCP SPT=80 DPT=44830 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Feb 19 18:48:19.280612 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy http://www.google.com running://index.html force'.
Drop Traffic not in an engine dictionary
Description
This example illustrates how to drop all traffic that does not belong to an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=2.79 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.790/2.790/2.790/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (151.101.133.50) 56(84) bytes of data. 64 bytes from 151.101.133.50 (151.101.133.50): icmp_seq=1 ttl=49 time=3.51 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.509/3.509/3.509/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 14.2M 0 --:--:-- --:--:-- --:--:-- 16.2M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Feb 19 18:48:30.517943 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.2M free. Feb 19 18:48:30.519210 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 18:48:30.519283 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 18:48:30.535783 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 18:48:31.406241 osdx osdx-coredump[53028]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 18:48:31.440912 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 18:48:32.486048 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:48:32.648496 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 18:48:32.831278 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Feb 19 18:48:33.015231 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 18:48:33.178826 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 18:48:33.399458 osdx INFO[53053]: FRR daemons did not change Feb 19 18:48:33.467992 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 18:48:33.881385 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:48:33.936237 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:48:33.999083 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:48:34.308840 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 18:48:34.502012 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Feb 19 18:48:34.818262 osdx file_operation[53199]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Feb 19 18:48:34.857522 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Feb 19 18:48:35.127850 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 18:48:35.255965 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Feb 19 18:48:35.461826 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Feb 19 18:48:35.587878 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Feb 19 18:48:35.712699 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Feb 19 18:48:35.944833 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Feb 19 18:48:36.164436 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Feb 19 18:48:36.324826 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Feb 19 18:48:36.476434 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Feb 19 18:48:36.661087 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 18:48:36.795893 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Feb 19 18:48:37.003312 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show changes'. Feb 19 18:48:37.194658 osdx INFO[53240]: FRR daemons did not change Feb 19 18:48:37.371442 osdx kernel: app-detect: module init Feb 19 18:48:37.371659 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 18:48:37.375202 osdx kernel: app-detect: expression init Feb 19 18:48:37.375264 osdx kernel: app-detect: appid cache initialized Feb 19 18:48:37.375286 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 18:48:38.061694 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 18:48:38.068125 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 18:48:38.113160 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 18:48:38.500137 osdx file_operation[53313]: using src url: https://www.marca.com dst url: running://index.html Feb 19 18:48:38.544203 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=28923 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.549578 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=28924 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.549672 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=28925 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.549703 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=28926 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.549758 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=28927 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.583222 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=28928 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.731789 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=28929 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.809044 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=28930 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:38.949622 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=28931 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:39.257053 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=28932 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:39.376238 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=28933 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:40.201745 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=28934 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:40.247654 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=28935 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:40.432817 osdx file_operation.py[53313]: Operation aborted by user. Feb 19 18:48:40.459203 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=28936 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:40.459298 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:f5:1b:83:77:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=28937 DF PROTO=TCP SPT=443 DPT=46928 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Feb 19 18:48:40.462564 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'.