App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.572 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.572/0.572/0.572/0.000 ms
Step 3: Ping IP address teldat.es from DUT0:
admin@DUT0$ ping teldat.es count 1 size 56 timeout 1Show output
PING teldat.es (82.223.148.162) 56(84) bytes of data. 64 bytes from blog.teldat.com (82.223.148.162): icmp_seq=1 ttl=43 time=15.0 ms --- teldat.es ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 14.992/14.992/14.992/0.000 ms
Step 4: Run command file copy https://teldat.es running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 243 100 243 0 0 1811 0 --:--:-- --:--:-- --:--:-- 1800
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:33 ssl-host:teldat.es\]Show output
Mar 21 19:20:54.472913 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free. Mar 21 19:20:54.476221 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 19:20:54.476361 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 19:20:54.492824 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal clear'. Mar 21 19:20:55.067752 osdx osdx-coredump[345738]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 19:20:55.083023 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 19:20:55.911291 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:20:56.095379 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 21 19:20:56.204483 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 21 19:20:56.364821 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 21 19:20:56.542835 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Mar 21 19:20:56.718810 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 21 19:20:56.898823 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Mar 21 19:20:57.086363 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 21 19:20:57.211774 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 19:20:57.345664 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 21 19:20:57.522929 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 19:20:57.709986 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 21 19:20:57.938982 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 19:20:58.219994 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show working'. Mar 21 19:20:58.486687 osdx ubnt-cfgd[345770]: inactive Mar 21 19:20:58.722778 osdx INFO[345796]: FRR daemons did not change Mar 21 19:20:59.032644 osdx kernel: app-detect: module init Mar 21 19:20:59.032709 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 19:20:59.032731 osdx kernel: app-detect: expression init Mar 21 19:20:59.032749 osdx kernel: app-detect: appid cache initialized Mar 21 19:20:59.032766 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 19:20:59.192219 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 19:20:59.797797 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:20:59.827148 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:20:59.866287 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:00.166779 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 19:21:00.496351 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping teldat.es count 1 size 56 timeout 1'. Mar 21 19:21:00.929271 osdx file_operation[346037]: using src url: https://teldat.es dst url: running://index.html Mar 21 19:21:00.993223 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=64718 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996222 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64719 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996292 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64720 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996315 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64721 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996335 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=164 TOS=0x00 PREC=0x00 TTL=43 ID=64722 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.000272 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64723 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.000332 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=188 TOS=0x00 PREC=0x00 TTL=43 ID=64724 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.016238 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=43 ID=64725 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.060664 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=599 TOS=0x00 PREC=0x00 TTL=43 ID=64726 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.084263 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=43 ID=64727 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.084352 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=64728 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.084392 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=64729 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.123210 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy https://teldat.es running://index.html force'.
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 67033 0 --:--:-- --:--:-- --:--:-- 68000
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:34 http-host:10.215.168.1\]Show output
Mar 21 19:20:54.472913 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free. Mar 21 19:20:54.476221 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 19:20:54.476361 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 19:20:54.492824 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal clear'. Mar 21 19:20:55.067752 osdx osdx-coredump[345738]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 19:20:55.083023 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 19:20:55.911291 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:20:56.095379 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 21 19:20:56.204483 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 21 19:20:56.364821 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 21 19:20:56.542835 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Mar 21 19:20:56.718810 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 21 19:20:56.898823 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Mar 21 19:20:57.086363 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 21 19:20:57.211774 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 19:20:57.345664 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 21 19:20:57.522929 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 19:20:57.709986 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 21 19:20:57.938982 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 19:20:58.219994 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show working'. Mar 21 19:20:58.486687 osdx ubnt-cfgd[345770]: inactive Mar 21 19:20:58.722778 osdx INFO[345796]: FRR daemons did not change Mar 21 19:20:59.032644 osdx kernel: app-detect: module init Mar 21 19:20:59.032709 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 19:20:59.032731 osdx kernel: app-detect: expression init Mar 21 19:20:59.032749 osdx kernel: app-detect: appid cache initialized Mar 21 19:20:59.032766 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 19:20:59.192219 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 19:20:59.797797 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:20:59.827148 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:20:59.866287 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:00.166779 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 19:21:00.496351 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping teldat.es count 1 size 56 timeout 1'. Mar 21 19:21:00.929271 osdx file_operation[346037]: using src url: https://teldat.es dst url: running://index.html Mar 21 19:21:00.993223 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=64718 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996222 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64719 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996292 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64720 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996315 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64721 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:00.996335 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=164 TOS=0x00 PREC=0x00 TTL=43 ID=64722 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.000272 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=43 ID=64723 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.000332 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=188 TOS=0x00 PREC=0x00 TTL=43 ID=64724 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.016238 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=43 ID=64725 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=235 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.060664 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=599 TOS=0x00 PREC=0x00 TTL=43 ID=64726 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.084263 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=43 ID=64727 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.084352 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=64728 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.084392 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=82.223.148.162 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=64729 DF PROTO=TCP SPT=443 DPT=46014 WINDOW=243 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:teldat.es] Mar 21 19:21:01.123210 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy https://teldat.es running://index.html force'. Mar 21 19:21:01.436235 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 19:21:02.136334 osdx file_operation[346062]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 21 19:21:02.186840 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15207 DF PROTO=TCP SPT=80 DPT=45990 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 21 19:21:02.226742 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=15208 DF PROTO=TCP SPT=80 DPT=45990 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 21 19:21:02.226814 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=15209 DF PROTO=TCP SPT=80 DPT=45990 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 21 19:21:02.226837 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=15210 DF PROTO=TCP SPT=80 DPT=45990 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 21 19:21:02.226856 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=228 TOS=0x00 PREC=0x00 TTL=64 ID=15211 DF PROTO=TCP SPT=80 DPT=45990 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 21 19:21:02.242748 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15212 DF PROTO=TCP SPT=80 DPT=45990 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 21 19:21:02.299040 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by an engine dictionary
Description
This example illustrates how to match all traffic in an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=2.77 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.766/2.766/2.766/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.250.185.4) 56(84) bytes of data. 64 bytes from mad41s11-in-f4.1e100.net (142.250.185.4): icmp_seq=1 ttl=109 time=5.67 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 5.667/5.667/5.667/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 1317k 0 --:--:-- --:--:-- --:--:-- 1331k
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 17929 0 17929 0 0 43339 0 --:--:-- --:--:-- --:--:-- 43306
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:6 ssl-host:www.google.com\]Show output
Mar 21 19:21:12.457568 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free. Mar 21 19:21:12.460589 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 19:21:12.460686 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 19:21:12.496570 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal clear'. Mar 21 19:21:13.296075 osdx osdx-coredump[346327]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 19:21:13.321156 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 19:21:14.243657 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:21:14.376276 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 21 19:21:14.530395 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 21 19:21:14.666766 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 21 19:21:14.836697 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Mar 21 19:21:15.081879 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 21 19:21:15.279497 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 19:21:15.440093 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 21 19:21:15.691840 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 19:21:15.981959 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show working'. Mar 21 19:21:16.259959 osdx ubnt-cfgd[346357]: inactive Mar 21 19:21:16.499960 osdx INFO[346383]: FRR daemons did not change Mar 21 19:21:16.594478 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 19:21:17.295732 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:21:17.322470 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:21:17.454321 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:17.965933 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 19:21:18.307665 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 21 19:21:18.727457 osdx file_operation[346593]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Mar 21 19:21:18.866424 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Mar 21 19:21:19.185701 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:21:19.422186 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Mar 21 19:21:19.559735 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 19:21:19.725835 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 21 19:21:19.906522 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show changes'. Mar 21 19:21:20.095847 osdx ubnt-cfgd[346610]: inactive Mar 21 19:21:20.287846 osdx INFO[346620]: FRR daemons did not change Mar 21 19:21:20.512767 osdx kernel: app-detect: module init Mar 21 19:21:20.512829 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 19:21:20.516578 osdx kernel: app-detect: expression init Mar 21 19:21:20.516644 osdx kernel: app-detect: appid cache initialized Mar 21 19:21:20.516667 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 19:21:21.002698 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:21:21.006799 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:21:21.076073 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:21.475169 osdx file_operation[346672]: using src url: https://www.google.com dst url: running://index.html Mar 21 19:21:21.514389 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46350 PROTO=TCP SPT=443 DPT=37964 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539025 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46351 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539095 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46352 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539113 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46353 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539135 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=183 TOS=0x00 PREC=0x00 TTL=112 ID=46354 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.544880 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46355 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.544955 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=46356 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.544979 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=46357 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.553528 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46358 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.882334 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1028 TOS=0x00 PREC=0x00 TTL=112 ID=46359 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884674 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46360 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884725 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46361 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884748 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46362 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884767 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46363 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884840 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46364 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884869 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46365 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884889 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46366 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884907 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46367 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884926 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46368 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884945 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=968 TOS=0x00 PREC=0x00 TTL=112 ID=46369 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.888646 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46370 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.888709 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46371 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.888740 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46372 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.892600 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46373 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.892665 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=149 TOS=0x00 PREC=0x00 TTL=112 ID=46374 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.892690 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=91 TOS=0x00 PREC=0x00 TTL=112 ID=46375 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.901886 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46376 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.901954 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46377 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.950216 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4469 0 4469 0 0 325k 0 --:--:-- --:--:-- --:--:-- 335k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:30 http-host:10.215.168.1\]Show output
Mar 21 19:21:12.457568 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free. Mar 21 19:21:12.460589 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 19:21:12.460686 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 19:21:12.496570 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal clear'. Mar 21 19:21:13.296075 osdx osdx-coredump[346327]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 19:21:13.321156 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 19:21:14.243657 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:21:14.376276 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 21 19:21:14.530395 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 21 19:21:14.666766 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 21 19:21:14.836697 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Mar 21 19:21:15.081879 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 21 19:21:15.279497 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 19:21:15.440093 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 21 19:21:15.691840 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 19:21:15.981959 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show working'. Mar 21 19:21:16.259959 osdx ubnt-cfgd[346357]: inactive Mar 21 19:21:16.499960 osdx INFO[346383]: FRR daemons did not change Mar 21 19:21:16.594478 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 19:21:17.295732 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:21:17.322470 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:21:17.454321 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:17.965933 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 19:21:18.307665 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 21 19:21:18.727457 osdx file_operation[346593]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Mar 21 19:21:18.866424 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Mar 21 19:21:19.185701 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:21:19.422186 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Mar 21 19:21:19.559735 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 19:21:19.725835 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 21 19:21:19.906522 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show changes'. Mar 21 19:21:20.095847 osdx ubnt-cfgd[346610]: inactive Mar 21 19:21:20.287846 osdx INFO[346620]: FRR daemons did not change Mar 21 19:21:20.512767 osdx kernel: app-detect: module init Mar 21 19:21:20.512829 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 19:21:20.516578 osdx kernel: app-detect: expression init Mar 21 19:21:20.516644 osdx kernel: app-detect: appid cache initialized Mar 21 19:21:20.516667 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 19:21:21.002698 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:21:21.006799 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:21:21.076073 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:21.475169 osdx file_operation[346672]: using src url: https://www.google.com dst url: running://index.html Mar 21 19:21:21.514389 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46350 PROTO=TCP SPT=443 DPT=37964 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539025 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46351 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539095 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46352 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539113 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46353 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.539135 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=183 TOS=0x00 PREC=0x00 TTL=112 ID=46354 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.544880 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46355 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.544955 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=46356 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.544979 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=46357 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.553528 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46358 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.882334 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1028 TOS=0x00 PREC=0x00 TTL=112 ID=46359 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884674 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46360 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884725 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46361 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884748 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46362 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884767 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46363 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884840 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46364 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884869 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46365 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884889 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46366 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884907 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46367 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884926 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46368 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.884945 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=968 TOS=0x00 PREC=0x00 TTL=112 ID=46369 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.888646 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46370 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.888709 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46371 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.888740 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46372 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.892600 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=46373 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.892665 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=149 TOS=0x00 PREC=0x00 TTL=112 ID=46374 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.892690 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=91 TOS=0x00 PREC=0x00 TTL=112 ID=46375 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.901886 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46376 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.901954 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=46377 PROTO=TCP SPT=443 DPT=37964 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 21 19:21:21.950216 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Mar 21 19:21:22.234618 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 19:21:22.758701 osdx file_operation[346694]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 21 19:21:22.772391 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=31635 DF PROTO=TCP SPT=80 DPT=50218 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 21 19:21:22.772576 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=31636 DF PROTO=TCP SPT=80 DPT=50218 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 21 19:21:22.772680 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=31637 DF PROTO=TCP SPT=80 DPT=50218 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 21 19:21:22.773906 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=31638 DF PROTO=TCP SPT=80 DPT=50218 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 21 19:21:22.776151 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=345 TOS=0x00 PREC=0x00 TTL=64 ID=31639 DF PROTO=TCP SPT=80 DPT=50218 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 21 19:21:22.776186 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=31640 DF PROTO=TCP SPT=80 DPT=50218 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 21 19:21:22.815092 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a custom dictionary
Description
This example illustrates how to drop all traffic that does not belong to a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id custom -1
Step 2: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (151.101.133.50) 56(84) bytes of data. 64 bytes from 151.101.133.50 (151.101.133.50): icmp_seq=1 ttl=49 time=3.59 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.593/3.593/3.593/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.250.185.4) 56(84) bytes of data. 64 bytes from mad41s11-in-f4.1e100.net (142.250.185.4): icmp_seq=1 ttl=109 time=4.77 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.766/4.766/4.766/0.000 ms
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Mar 21 19:21:33.657375 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 19:21:33.658229 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 19:21:33.658349 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 19:21:33.682225 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal clear'. Mar 21 19:21:34.425989 osdx osdx-coredump[346961]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 19:21:34.441888 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 19:21:35.585349 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:21:35.776490 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 21 19:21:35.977579 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 21 19:21:36.139981 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 21 19:21:36.302990 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 21 19:21:36.498015 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Mar 21 19:21:36.604585 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 21 19:21:36.758174 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Mar 21 19:21:36.897047 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 21 19:21:37.022264 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 19:21:37.195188 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 21 19:21:37.337933 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 19:21:37.505059 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 21 19:21:37.736734 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 19:21:38.059769 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show working'. Mar 21 19:21:38.337142 osdx ubnt-cfgd[346994]: inactive Mar 21 19:21:38.627582 osdx INFO[347020]: FRR daemons did not change Mar 21 19:21:38.851300 osdx kernel: app-detect: module init Mar 21 19:21:38.851400 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 19:21:38.854067 osdx kernel: app-detect: expression init Mar 21 19:21:38.854104 osdx kernel: app-detect: appid cache initialized Mar 21 19:21:38.854131 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 19:21:38.998032 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 19:21:39.674017 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:21:39.697046 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:21:39.792520 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:40.592861 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Mar 21 19:21:40.768617 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 21 19:21:41.019040 osdx file_operation[347261]: using src url: https://www.marca.com dst url: running://index.html Mar 21 19:21:41.056190 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=58407 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058027 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58408 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058065 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58409 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058087 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58410 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058116 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=58411 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.110040 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=58412 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.244812 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58413 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.336316 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58414 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.453000 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58415 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.792491 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58416 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.890498 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58417 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:42.721932 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58418 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:42.732461 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58419 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:44.386044 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58420 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:44.584319 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58421 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:46.011429 osdx file_operation.py[347261]: Operation aborted by user. Mar 21 19:21:46.040382 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=58422 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:46.040440 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=58423 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:46.043950 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'.
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:80 http-host:www.google.com\]Show output
Mar 21 19:21:33.657375 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 19:21:33.658229 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 19:21:33.658349 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 19:21:33.682225 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal clear'. Mar 21 19:21:34.425989 osdx osdx-coredump[346961]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 19:21:34.441888 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 19:21:35.585349 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:21:35.776490 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 21 19:21:35.977579 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 21 19:21:36.139981 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 21 19:21:36.302990 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 21 19:21:36.498015 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Mar 21 19:21:36.604585 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 21 19:21:36.758174 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn teldat'. Mar 21 19:21:36.897047 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 21 19:21:37.022264 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 19:21:37.195188 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 21 19:21:37.337933 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 19:21:37.505059 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 21 19:21:37.736734 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 19:21:38.059769 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show working'. Mar 21 19:21:38.337142 osdx ubnt-cfgd[346994]: inactive Mar 21 19:21:38.627582 osdx INFO[347020]: FRR daemons did not change Mar 21 19:21:38.851300 osdx kernel: app-detect: module init Mar 21 19:21:38.851400 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 19:21:38.854067 osdx kernel: app-detect: expression init Mar 21 19:21:38.854104 osdx kernel: app-detect: appid cache initialized Mar 21 19:21:38.854131 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 19:21:38.998032 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 19:21:39.674017 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:21:39.697046 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:21:39.792520 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:21:40.592861 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Mar 21 19:21:40.768617 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 21 19:21:41.019040 osdx file_operation[347261]: using src url: https://www.marca.com dst url: running://index.html Mar 21 19:21:41.056190 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=58407 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058027 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58408 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058065 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58409 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058087 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58410 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.058116 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=58411 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.110040 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=58412 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.244812 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58413 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.336316 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58414 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.453000 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58415 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.792491 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58416 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:41.890498 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58417 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:42.721932 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58418 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:42.732461 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58419 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:44.386044 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=58420 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:44.584319 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=58421 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:46.011429 osdx file_operation.py[347261]: Operation aborted by user. Mar 21 19:21:46.040382 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=58422 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:46.040440 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=58423 DF PROTO=TCP SPT=443 DPT=52720 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:21:46.043950 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Mar 21 19:21:46.431142 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 19:21:46.806403 osdx file_operation[347282]: using src url: http://www.google.com dst url: running://index.html Mar 21 19:21:46.839866 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=64207 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.035111 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=64208 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220341 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64209 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220429 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64210 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220455 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64211 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220477 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64212 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220503 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64213 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220551 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64214 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220585 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64215 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220621 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64216 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220660 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64217 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.220694 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64218 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.230336 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64219 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.242869 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=64220 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.440470 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64221 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.679440 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=64222 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:47.856441 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64223 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:48.511861 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=64224 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:48.716501 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64225 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:50.175009 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=64226 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:50.377460 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=1380 TOS=0x00 PREC=0x00 TTL=112 ID=64227 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:51.783325 osdx file_operation.py[347282]: Operation aborted by user. Mar 21 19:21:51.816808 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=142.250.185.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=64228 PROTO=TCP SPT=80 DPT=52750 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.google.com] Mar 21 19:21:51.843294 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy http://www.google.com running://index.html force'.
Drop Traffic not in an engine dictionary
Description
This example illustrates how to drop all traffic that does not belong to an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.419 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.419/0.419/0.419/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (151.101.133.50) 56(84) bytes of data. 64 bytes from 151.101.133.50 (151.101.133.50): icmp_seq=1 ttl=49 time=10.3 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 10.264/10.264/10.264/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 7606k 0 --:--:-- --:--:-- --:--:-- 8322k
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Mar 21 19:22:02.740138 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 3.8M, max 15.3M, 11.5M free. Mar 21 19:22:02.744082 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 19:22:02.744174 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 19:22:02.772107 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system journal clear'. Mar 21 19:22:03.502801 osdx osdx-coredump[347544]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 19:22:03.520132 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 19:22:04.578948 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:22:04.757115 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 19:22:04.959891 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 21 19:22:05.175428 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 19:22:05.458121 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show working'. Mar 21 19:22:05.660461 osdx ubnt-cfgd[347567]: inactive Mar 21 19:22:05.899968 osdx INFO[347579]: FRR daemons did not change Mar 21 19:22:05.960274 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 19:22:06.350891 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:22:06.374649 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:22:06.417653 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:22:06.713873 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 19:22:06.993929 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Mar 21 19:22:07.391538 osdx file_operation[347769]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Mar 21 19:22:07.445886 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Mar 21 19:22:07.659211 osdx OSDxCLI[255637]: User 'admin' entered the configuration menu. Mar 21 19:22:07.804178 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 21 19:22:07.975872 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 21 19:22:08.105320 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 21 19:22:08.341234 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 21 19:22:08.495240 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 21 19:22:08.691380 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Mar 21 19:22:08.879535 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 21 19:22:09.033807 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Mar 21 19:22:09.204233 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 19:22:09.325585 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 21 19:22:09.628352 osdx OSDxCLI[255637]: User 'admin' added a new cfg line: 'show changes'. Mar 21 19:22:09.864977 osdx ubnt-cfgd[347796]: inactive Mar 21 19:22:10.147563 osdx INFO[347820]: FRR daemons did not change Mar 21 19:22:10.399916 osdx kernel: app-detect: module init Mar 21 19:22:10.400109 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 19:22:10.400136 osdx kernel: app-detect: expression init Mar 21 19:22:10.400155 osdx kernel: app-detect: appid cache initialized Mar 21 19:22:10.400181 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 19:22:11.200384 osdx cfgd[1672]: [255637]Completed change to active configuration Mar 21 19:22:11.207206 osdx OSDxCLI[255637]: User 'admin' committed the configuration. Mar 21 19:22:11.257253 osdx OSDxCLI[255637]: User 'admin' left the configuration menu. Mar 21 19:22:11.822893 osdx file_operation[347894]: using src url: https://www.marca.com dst url: running://index.html Mar 21 19:22:11.947665 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=38661 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:11.951895 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=38662 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:11.951981 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=38663 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:11.952100 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=38664 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:11.952138 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=38665 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:12.062596 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=756 TOS=0x00 PREC=0x00 TTL=49 ID=38666 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:12.171881 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=38667 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:12.318950 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=38668 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:12.380287 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=38669 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:12.831932 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=38670 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:12.873133 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=38671 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:13.803070 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=38672 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:13.870930 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=38673 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:15.712378 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=38674 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:15.920397 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=49 ID=38675 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:16.607037 osdx file_operation.py[347894]: Operation aborted by user. Mar 21 19:22:16.646923 osdx OSDxCLI[255637]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Mar 21 19:22:16.662217 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=38676 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 21 19:22:16.662293 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:39:6a:a2:f8:34:08:00 SRC=151.101.133.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=38677 DF PROTO=TCP SPT=443 DPT=57928 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]