App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.193 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.193/0.193/0.193/0.000 ms
Step 3: Ping IP address teldat.es from DUT0:
admin@DUT0$ ping teldat.es count 1 size 56 timeout 1Show output
PING teldat.es (82.223.148.162) 56(84) bytes of data. 64 bytes from 82.223.148.162: icmp_seq=1 ttl=43 time=16.1 ms --- teldat.es ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 16.057/16.057/16.057/0.000 ms
Step 4: Run command file copy https://teldat.es running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 243 100 243 0 0 2701 0 --:--:-- --:--:-- --:--:-- 2730
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:33 ssl-host:teldat.es\]Show output
Jun 23 10:47:58.291038 osdx systemd-journald[391062]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 10:47:58.292723 osdx systemd-journald[391062]: Received client request to rotate journal, rotating. Jun 23 10:47:58.292773 osdx systemd-journald[391062]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:47:58.302203 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:47:58.509673 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:47:58.741741 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:47:58.803605 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 23 10:47:58.902568 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 23 10:47:58.958750 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 23 10:47:59.062332 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Jun 23 10:47:59.116115 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 23 10:47:59.210263 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Jun 23 10:47:59.269639 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Jun 23 10:47:59.362661 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:47:59.419794 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 23 10:47:59.545781 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 10:47:59.662216 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 23 10:47:59.749388 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 10:47:59.865583 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:47:59.971405 osdx INFO[432708]: FRR daemons did not change Jun 23 10:48:00.128726 osdx kernel: app-detect: module init Jun 23 10:48:00.128769 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:48:00.128779 osdx kernel: app-detect: expression init Jun 23 10:48:00.128790 osdx kernel: app-detect: appid cache initialized Jun 23 10:48:00.128798 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:48:00.172729 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:48:00.541617 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:00.568093 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:00.595146 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:00.741423 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:48:01.866888 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping teldat.es count 1 size 56 timeout 1'. Jun 23 10:48:02.029588 osdx file_operation[432909]: using src url: https://teldat.es dst url: running://index.html Jun 23 10:48:02.078229 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=11091 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.079131 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11092 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.079273 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11093 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.079291 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=164 TOS=0x00 PREC=0x00 TTL=43 ID=11095 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.080720 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11094 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.083069 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11096 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.083086 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=188 TOS=0x00 PREC=0x00 TTL=43 ID=11097 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.095318 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=43 ID=11098 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.119902 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=599 TOS=0x00 PREC=0x00 TTL=43 ID=11099 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.138884 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy https://teldat.es running://index.html force'. Jun 23 10:48:02.152738 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=11101 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=243 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.152820 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=43 ID=11100 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es]
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 1703k 0 --:--:-- --:--:-- --:--:-- 2125k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:34 http-host:10.215.168.1\]Show output
Jun 23 10:47:58.291038 osdx systemd-journald[391062]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 10:47:58.292723 osdx systemd-journald[391062]: Received client request to rotate journal, rotating. Jun 23 10:47:58.292773 osdx systemd-journald[391062]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:47:58.302203 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:47:58.509673 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:47:58.741741 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:47:58.803605 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 23 10:47:58.902568 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 23 10:47:58.958750 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 23 10:47:59.062332 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Jun 23 10:47:59.116115 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 23 10:47:59.210263 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Jun 23 10:47:59.269639 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Jun 23 10:47:59.362661 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:47:59.419794 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 23 10:47:59.545781 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 10:47:59.662216 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 23 10:47:59.749388 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 10:47:59.865583 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:47:59.971405 osdx INFO[432708]: FRR daemons did not change Jun 23 10:48:00.128726 osdx kernel: app-detect: module init Jun 23 10:48:00.128769 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:48:00.128779 osdx kernel: app-detect: expression init Jun 23 10:48:00.128790 osdx kernel: app-detect: appid cache initialized Jun 23 10:48:00.128798 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:48:00.172729 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:48:00.541617 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:00.568093 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:00.595146 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:00.741423 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:48:01.866888 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping teldat.es count 1 size 56 timeout 1'. Jun 23 10:48:02.029588 osdx file_operation[432909]: using src url: https://teldat.es dst url: running://index.html Jun 23 10:48:02.078229 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=11091 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.079131 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11092 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.079273 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11093 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.079291 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=164 TOS=0x00 PREC=0x00 TTL=43 ID=11095 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.080720 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11094 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.083069 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=11096 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.083086 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=188 TOS=0x00 PREC=0x00 TTL=43 ID=11097 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.095318 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=43 ID=11098 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.119902 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=599 TOS=0x00 PREC=0x00 TTL=43 ID=11099 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.138884 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy https://teldat.es running://index.html force'. Jun 23 10:48:02.152738 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=11101 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=243 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.152820 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=43 ID=11100 DF PROTO=TCP SPT=443 DPT=46566 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Jun 23 10:48:02.270532 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:48:02.416533 osdx file_operation[432931]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 23 10:48:02.420721 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37974 DF PROTO=TCP SPT=80 DPT=34760 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 23 10:48:02.420757 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=37975 DF PROTO=TCP SPT=80 DPT=34760 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 23 10:48:02.420769 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=37976 DF PROTO=TCP SPT=80 DPT=34760 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 23 10:48:02.420778 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=37977 DF PROTO=TCP SPT=80 DPT=34760 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 23 10:48:02.420786 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=228 TOS=0x00 PREC=0x00 TTL=64 ID=37978 DF PROTO=TCP SPT=80 DPT=34760 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 23 10:48:02.420794 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37979 DF PROTO=TCP SPT=80 DPT=34760 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Jun 23 10:48:02.437048 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by an engine dictionary
Description
This example illustrates how to match all traffic in an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.206 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.206/0.206/0.206/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (108.177.96.147) 56(84) bytes of data. 64 bytes from eh-in-f147.1e100.net (108.177.96.147): icmp_seq=1 ttl=95 time=35.7 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 35.730/35.730/35.730/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 22.5M 0 --:--:-- --:--:-- --:--:-- 32.5M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18753 0 18753 0 0 75517 0 --:--:-- --:--:-- --:--:-- 75616
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:6 ssl-host:www.google.com\]Show output
Jun 23 10:48:07.306129 osdx systemd-journald[391062]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 10:48:07.309865 osdx systemd-journald[391062]: Received client request to rotate journal, rotating. Jun 23 10:48:07.309931 osdx systemd-journald[391062]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:48:07.317199 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:48:07.536898 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:48:07.754509 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:07.814341 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 23 10:48:07.934929 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 23 10:48:08.040669 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 23 10:48:08.114093 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Jun 23 10:48:08.221494 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 23 10:48:08.303789 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 10:48:08.411484 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 23 10:48:08.488567 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 10:48:08.583281 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:48:08.675086 osdx INFO[433167]: FRR daemons did not change Jun 23 10:48:08.693834 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:48:08.975098 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:09.011950 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:09.033295 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:09.198660 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:48:09.378524 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 23 10:48:09.517424 osdx file_operation[433333]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Jun 23 10:48:09.540745 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Jun 23 10:48:09.681482 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:09.744621 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Jun 23 10:48:09.840175 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:48:09.896618 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 23 10:48:10.004874 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show changes'. Jun 23 10:48:10.079452 osdx INFO[433350]: FRR daemons did not change Jun 23 10:48:10.225844 osdx kernel: app-detect: module init Jun 23 10:48:10.225898 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:48:10.225912 osdx kernel: app-detect: expression init Jun 23 10:48:10.225924 osdx kernel: app-detect: appid cache initialized Jun 23 10:48:10.225940 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:48:10.399627 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:10.401414 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:10.426679 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:10.635597 osdx file_operation[433403]: using src url: https://www.google.com dst url: running://index.html Jun 23 10:48:10.767448 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=36095 PROTO=TCP SPT=443 DPT=47770 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767638 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=111 ID=36096 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767676 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=111 ID=36097 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767704 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=184 TOS=0x00 PREC=0x00 TTL=111 ID=36099 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767825 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=111 ID=36098 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.834129 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=36100 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.834197 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=111 ID=36102 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.834270 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=111 ID=36101 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.849481 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=36103 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875167 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1037 TOS=0x00 PREC=0x00 TTL=110 ID=36104 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875253 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36105 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875364 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36106 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875566 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36107 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875685 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36108 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875816 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36109 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875942 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36110 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.876206 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36111 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.876602 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36113 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.877012 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36114 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.877372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36112 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.878823 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36115 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.878902 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36116 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.881844 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=36117 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.881876 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36119 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.885826 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36118 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.885849 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=631 TOS=0x00 PREC=0x00 TTL=110 ID=36120 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.905074 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Jun 23 10:48:10.949837 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=36121 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com]
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4469 0 4469 0 0 1370k 0 --:--:-- --:--:-- --:--:-- 1454k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:30 http-host:10.215.168.1\]Show output
Jun 23 10:48:07.306129 osdx systemd-journald[391062]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 10:48:07.309865 osdx systemd-journald[391062]: Received client request to rotate journal, rotating. Jun 23 10:48:07.309931 osdx systemd-journald[391062]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:48:07.317199 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:48:07.536898 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:48:07.754509 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:07.814341 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 23 10:48:07.934929 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 23 10:48:08.040669 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 23 10:48:08.114093 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Jun 23 10:48:08.221494 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 23 10:48:08.303789 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 10:48:08.411484 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 23 10:48:08.488567 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 10:48:08.583281 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:48:08.675086 osdx INFO[433167]: FRR daemons did not change Jun 23 10:48:08.693834 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:48:08.975098 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:09.011950 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:09.033295 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:09.198660 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:48:09.378524 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 23 10:48:09.517424 osdx file_operation[433333]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Jun 23 10:48:09.540745 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Jun 23 10:48:09.681482 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:09.744621 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Jun 23 10:48:09.840175 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:48:09.896618 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 23 10:48:10.004874 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show changes'. Jun 23 10:48:10.079452 osdx INFO[433350]: FRR daemons did not change Jun 23 10:48:10.225844 osdx kernel: app-detect: module init Jun 23 10:48:10.225898 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:48:10.225912 osdx kernel: app-detect: expression init Jun 23 10:48:10.225924 osdx kernel: app-detect: appid cache initialized Jun 23 10:48:10.225940 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:48:10.399627 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:10.401414 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:10.426679 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:10.635597 osdx file_operation[433403]: using src url: https://www.google.com dst url: running://index.html Jun 23 10:48:10.767448 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=36095 PROTO=TCP SPT=443 DPT=47770 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767638 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=111 ID=36096 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767676 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=111 ID=36097 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767704 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=184 TOS=0x00 PREC=0x00 TTL=111 ID=36099 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.767825 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=111 ID=36098 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.834129 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=36100 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.834197 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=111 ID=36102 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.834270 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=111 ID=36101 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.849481 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=36103 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875167 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1037 TOS=0x00 PREC=0x00 TTL=110 ID=36104 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875253 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36105 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875364 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36106 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875566 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36107 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875685 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36108 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875816 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36109 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.875942 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36110 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.876206 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36111 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.876602 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36113 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.877012 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36114 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.877372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36112 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.878823 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36115 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.878902 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36116 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.881844 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=36117 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.881876 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36119 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.885826 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=36118 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.885849 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=631 TOS=0x00 PREC=0x00 TTL=110 ID=36120 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:10.905074 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Jun 23 10:48:10.949837 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.99 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=36121 PROTO=TCP SPT=443 DPT=47770 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Jun 23 10:48:11.015471 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:48:11.232954 osdx file_operation[433425]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 23 10:48:11.237877 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10497 DF PROTO=TCP SPT=80 DPT=45056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 23 10:48:11.237908 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10498 DF PROTO=TCP SPT=80 DPT=45056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 23 10:48:11.237917 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10499 DF PROTO=TCP SPT=80 DPT=45056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 23 10:48:11.237925 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10500 DF PROTO=TCP SPT=80 DPT=45056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 23 10:48:11.237938 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=345 TOS=0x00 PREC=0x00 TTL=64 ID=10501 DF PROTO=TCP SPT=80 DPT=45056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 23 10:48:11.237947 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10502 DF PROTO=TCP SPT=80 DPT=45056 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Jun 23 10:48:11.253720 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a custom dictionary
Description
This example illustrates how to drop all traffic that does not belong to a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id custom -1
Step 2: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.197.50) 56(84) bytes of data. 64 bytes from 199.232.197.50 (199.232.197.50): icmp_seq=1 ttl=50 time=3.67 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.667/3.667/3.667/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (108.177.96.106) 56(84) bytes of data. 64 bytes from eh-in-f106.1e100.net (108.177.96.106): icmp_seq=1 ttl=95 time=36.3 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 36.275/36.275/36.275/0.000 ms
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Jun 23 10:48:16.297609 osdx systemd-journald[391062]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:48:16.300303 osdx systemd-journald[391062]: Received client request to rotate journal, rotating. Jun 23 10:48:16.300357 osdx systemd-journald[391062]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:48:16.307282 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:48:16.517582 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:48:16.750251 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:16.812856 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 23 10:48:16.914445 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 23 10:48:16.969852 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 23 10:48:17.078622 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Jun 23 10:48:17.144619 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Jun 23 10:48:17.239909 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 23 10:48:17.300273 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Jun 23 10:48:17.416562 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Jun 23 10:48:17.491732 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:48:17.592888 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 23 10:48:17.665719 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 10:48:17.775105 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 23 10:48:17.844126 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 10:48:17.947565 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:48:18.044260 osdx INFO[433668]: FRR daemons did not change Jun 23 10:48:18.172302 osdx kernel: app-detect: module init Jun 23 10:48:18.172357 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:48:18.172371 osdx kernel: app-detect: expression init Jun 23 10:48:18.172382 osdx kernel: app-detect: appid cache initialized Jun 23 10:48:18.172393 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:48:18.212305 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:48:18.533348 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:18.559804 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:18.577035 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:18.871566 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Jun 23 10:48:19.043646 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 23 10:48:19.186769 osdx file_operation[433865]: using src url: https://www.marca.com dst url: running://index.html Jun 23 10:48:19.214353 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=23711 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.214442 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23712 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.216301 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23713 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.216316 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23714 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.216325 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=23715 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.254250 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=23716 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.436639 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23717 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.505294 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23718 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.632864 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23719 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.944394 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23720 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:20.063483 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23721 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:20.838158 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23722 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:20.925481 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23723 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:22.622516 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23724 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:22.632169 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=48 ID=23725 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:24.195605 osdx file_operation.py[433865]: Operation aborted by user. Jun 23 10:48:24.211131 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Jun 23 10:48:24.212298 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=23726 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:24.220294 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=23727 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:80 http-host:www.google.com\]Show output
Jun 23 10:48:16.297609 osdx systemd-journald[391062]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:48:16.300303 osdx systemd-journald[391062]: Received client request to rotate journal, rotating. Jun 23 10:48:16.300357 osdx systemd-journald[391062]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:48:16.307282 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:48:16.517582 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:48:16.750251 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:16.812856 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 23 10:48:16.914445 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 23 10:48:16.969852 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 23 10:48:17.078622 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Jun 23 10:48:17.144619 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Jun 23 10:48:17.239909 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 23 10:48:17.300273 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Jun 23 10:48:17.416562 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Jun 23 10:48:17.491732 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:48:17.592888 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 23 10:48:17.665719 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 10:48:17.775105 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 23 10:48:17.844126 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 10:48:17.947565 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:48:18.044260 osdx INFO[433668]: FRR daemons did not change Jun 23 10:48:18.172302 osdx kernel: app-detect: module init Jun 23 10:48:18.172357 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:48:18.172371 osdx kernel: app-detect: expression init Jun 23 10:48:18.172382 osdx kernel: app-detect: appid cache initialized Jun 23 10:48:18.172393 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:48:18.212305 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:48:18.533348 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:18.559804 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:18.577035 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:18.871566 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Jun 23 10:48:19.043646 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Jun 23 10:48:19.186769 osdx file_operation[433865]: using src url: https://www.marca.com dst url: running://index.html Jun 23 10:48:19.214353 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=23711 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.214442 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23712 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.216301 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23713 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.216316 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23714 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.216325 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=23715 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.254250 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=23716 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.436639 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23717 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.505294 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23718 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.632864 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23719 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:19.944394 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23720 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:20.063483 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23721 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:20.838158 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=23722 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:20.925481 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23723 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:22.622516 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=23724 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:22.632169 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=48 ID=23725 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:24.195605 osdx file_operation.py[433865]: Operation aborted by user. Jun 23 10:48:24.211131 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Jun 23 10:48:24.212298 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=23726 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:24.220294 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=23727 DF PROTO=TCP SPT=443 DPT=55050 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:24.411267 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:48:24.598052 osdx file_operation[433887]: using src url: http://www.google.com dst url: running://index.html Jun 23 10:48:24.680456 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=43848 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714235 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43849 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714309 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43850 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714319 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43851 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714368 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43852 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714511 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43853 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714589 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43854 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714702 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43855 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714851 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43856 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.714903 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43857 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.715046 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43858 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.799041 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43859 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:24.920196 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=110 ID=43860 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:25.048853 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43861 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:25.189389 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=110 ID=43862 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:25.517305 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43863 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:25.653750 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=110 ID=43864 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:26.485306 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43865 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:26.642662 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=110 ID=43866 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:28.419514 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=110 ID=43867 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:28.606996 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=110 ID=43868 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Jun 23 10:48:29.578667 osdx file_operation.py[433887]: Operation aborted by user. Jun 23 10:48:29.593192 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy http://www.google.com running://index.html force'. Jun 23 10:48:29.648790 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=108.177.96.104 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=43869 PROTO=TCP SPT=80 DPT=42650 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com]
Drop Traffic not in an engine dictionary
Description
This example illustrates how to drop all traffic that does not belong to an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.205 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.205/0.205/0.205/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.197.50) 56(84) bytes of data. 64 bytes from 199.232.197.50 (199.232.197.50): icmp_seq=1 ttl=50 time=5.65 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 5.645/5.645/5.645/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 24.0M 0 --:--:-- --:--:-- --:--:-- 32.5M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Jun 23 10:48:34.370195 osdx systemd-journald[391062]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 10:48:34.370973 osdx systemd-journald[391062]: Received client request to rotate journal, rotating. Jun 23 10:48:34.371008 osdx systemd-journald[391062]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:48:34.380739 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:48:34.605088 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:48:34.841391 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:34.903565 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 10:48:35.001189 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Jun 23 10:48:35.082394 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 10:48:35.178603 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:48:35.256547 osdx INFO[434098]: FRR daemons did not change Jun 23 10:48:35.274984 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:48:35.412768 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:35.443821 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:35.460272 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:35.626413 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:48:35.798887 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Jun 23 10:48:35.933602 osdx file_operation[434244]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Jun 23 10:48:35.953833 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Jun 23 10:48:36.092548 osdx OSDxCLI[421688]: User 'admin' entered the configuration menu. Jun 23 10:48:36.156199 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Jun 23 10:48:36.257249 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Jun 23 10:48:36.313191 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Jun 23 10:48:36.411559 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Jun 23 10:48:36.468392 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Jun 23 10:48:36.574626 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Jun 23 10:48:36.627807 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Jun 23 10:48:36.726081 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Jun 23 10:48:36.782229 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:48:36.879517 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Jun 23 10:48:36.945588 osdx OSDxCLI[421688]: User 'admin' added a new cfg line: 'show changes'. Jun 23 10:48:37.078369 osdx INFO[434285]: FRR daemons did not change Jun 23 10:48:37.234980 osdx kernel: app-detect: module init Jun 23 10:48:37.235035 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:48:37.235059 osdx kernel: app-detect: expression init Jun 23 10:48:37.235069 osdx kernel: app-detect: appid cache initialized Jun 23 10:48:37.235077 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:48:37.636014 osdx cfgd[1453]: [421688]Completed change to active configuration Jun 23 10:48:37.637869 osdx OSDxCLI[421688]: User 'admin' committed the configuration. Jun 23 10:48:37.659807 osdx OSDxCLI[421688]: User 'admin' left the configuration menu. Jun 23 10:48:37.866101 osdx file_operation[434359]: using src url: https://www.marca.com dst url: running://index.html Jun 23 10:48:37.898151 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=28434 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:37.898207 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=50 ID=28436 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:37.906975 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=28432 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:37.910976 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=28435 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:37.914973 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=28433 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:37.958668 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=50 ID=28437 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:38.099158 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=28438 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:38.167139 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=28439 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:38.330737 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=28440 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:38.627082 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=28441 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:38.762231 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=28442 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:39.522990 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=28443 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:39.610331 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=28444 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:41.312028 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=48 ID=28445 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:41.338517 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=28446 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:42.831518 osdx file_operation.py[434359]: Operation aborted by user. Jun 23 10:48:42.845892 osdx OSDxCLI[421688]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Jun 23 10:48:42.846978 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28448 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Jun 23 10:48:42.850971 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:07:ac:a1:79:db:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28447 DF PROTO=TCP SPT=443 DPT=49324 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]