App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.259 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.259/0.259/0.259/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.36.36) 56(84) bytes of data. 64 bytes from ams17s12-in-f4.1e100.net (142.251.36.36): icmp_seq=1 ttl=106 time=36.9 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 36.885/36.885/36.885/0.000 ms
Step 4: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18173 0 18173 0 0 51641 0 --:--:-- --:--:-- --:--:-- 51774
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:33 ssl-host:www.google.com\]Show output
Oct 10 17:56:20.300271 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 17:56:20.301239 osdx systemd-journald[1670]: Received client request to rotate journal, rotating. Oct 10 17:56:20.301302 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 17:56:20.310977 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Oct 10 17:56:20.527310 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 17:56:20.781526 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:20.851281 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Oct 10 17:56:20.956307 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Oct 10 17:56:21.075846 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Oct 10 17:56:21.170556 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Oct 10 17:56:21.219611 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Oct 10 17:56:21.317376 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Oct 10 17:56:21.371080 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Oct 10 17:56:21.471056 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 10 17:56:21.564428 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Oct 10 17:56:21.619250 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 17:56:21.714582 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Oct 10 17:56:21.795838 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 17:56:21.893400 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show working'. Oct 10 17:56:21.963139 osdx ubnt-cfgd[26442]: inactive Oct 10 17:56:21.999046 osdx INFO[26462]: FRR daemons did not change Oct 10 17:56:22.169243 osdx kernel: app-detect: module init Oct 10 17:56:22.169290 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 10 17:56:22.169299 osdx kernel: app-detect: expression init Oct 10 17:56:22.169307 osdx kernel: app-detect: appid cache initialized Oct 10 17:56:22.169318 osdx kernel: app-detect: appid cache changes counter initialized Oct 10 17:56:22.217240 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 17:56:22.263816 osdx WARNING[26563]: No supported link modes on interface eth0 Oct 10 17:56:22.265126 osdx modulelauncher[26563]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 17:56:22.265139 osdx modulelauncher[26563]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 17:56:22.266234 osdx modulelauncher[26563]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 17:56:22.266242 osdx modulelauncher[26563]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 17:56:22.536291 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:23.447706 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:23.463095 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:23.607198 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 17:56:23.849660 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Oct 10 17:56:24.025584 osdx file_operation[26716]: using src url: https://www.google.com dst url: running://index.html Oct 10 17:56:24.124884 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63220 PROTO=TCP SPT=443 DPT=45136 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.129233 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=63221 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.129257 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=112 ID=63223 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.179943 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=63224 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.181230 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63225 PROTO=TCP SPT=443 DPT=45136 WINDOW=1049 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.185231 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=63226 PROTO=TCP SPT=443 DPT=45136 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.185246 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=63227 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.224696 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63228 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.368531 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1036 TOS=0x00 PREC=0x00 TTL=112 ID=63229 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.368638 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63230 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.368650 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63231 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.369236 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63232 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.369250 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63233 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373235 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63234 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373273 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=346 TOS=0x00 PREC=0x00 TTL=112 ID=63235 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373295 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63236 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373304 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63237 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377231 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63238 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377252 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63239 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377261 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63240 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377269 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63241 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377277 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63242 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63243 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.381231 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=149 TOS=0x00 PREC=0x00 TTL=112 ID=63244 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.405156 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Oct 10 17:56:24.421241 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63245 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.421288 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63246 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:33 ssl-host:www.google.com]
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 845 0 845 0 0 148k 0 --:--:-- --:--:-- --:--:-- 165k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:34 http-host:10.215.168.1\]Show output
Oct 10 17:56:20.300271 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 17:56:20.301239 osdx systemd-journald[1670]: Received client request to rotate journal, rotating. Oct 10 17:56:20.301302 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 17:56:20.310977 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Oct 10 17:56:20.527310 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 17:56:20.781526 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:20.851281 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Oct 10 17:56:20.956307 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Oct 10 17:56:21.075846 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Oct 10 17:56:21.170556 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Oct 10 17:56:21.219611 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Oct 10 17:56:21.317376 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Oct 10 17:56:21.371080 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Oct 10 17:56:21.471056 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 10 17:56:21.564428 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Oct 10 17:56:21.619250 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 17:56:21.714582 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Oct 10 17:56:21.795838 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 17:56:21.893400 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show working'. Oct 10 17:56:21.963139 osdx ubnt-cfgd[26442]: inactive Oct 10 17:56:21.999046 osdx INFO[26462]: FRR daemons did not change Oct 10 17:56:22.169243 osdx kernel: app-detect: module init Oct 10 17:56:22.169290 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 10 17:56:22.169299 osdx kernel: app-detect: expression init Oct 10 17:56:22.169307 osdx kernel: app-detect: appid cache initialized Oct 10 17:56:22.169318 osdx kernel: app-detect: appid cache changes counter initialized Oct 10 17:56:22.217240 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 17:56:22.263816 osdx WARNING[26563]: No supported link modes on interface eth0 Oct 10 17:56:22.265126 osdx modulelauncher[26563]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 17:56:22.265139 osdx modulelauncher[26563]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 17:56:22.266234 osdx modulelauncher[26563]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 17:56:22.266242 osdx modulelauncher[26563]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 17:56:22.536291 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:23.447706 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:23.463095 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:23.607198 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 17:56:23.849660 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Oct 10 17:56:24.025584 osdx file_operation[26716]: using src url: https://www.google.com dst url: running://index.html Oct 10 17:56:24.124884 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63220 PROTO=TCP SPT=443 DPT=45136 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.129233 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=63221 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.129257 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=112 ID=63223 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.179943 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=63224 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.181230 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63225 PROTO=TCP SPT=443 DPT=45136 WINDOW=1049 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.185231 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=63226 PROTO=TCP SPT=443 DPT=45136 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.185246 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=63227 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.224696 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63228 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.368531 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1036 TOS=0x00 PREC=0x00 TTL=112 ID=63229 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.368638 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63230 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.368650 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63231 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.369236 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63232 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.369250 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63233 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373235 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63234 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373273 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=346 TOS=0x00 PREC=0x00 TTL=112 ID=63235 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373295 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63236 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.373304 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63237 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377231 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63238 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377252 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63239 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377261 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63240 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377269 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63241 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377277 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63242 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.377290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=63243 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.381231 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=149 TOS=0x00 PREC=0x00 TTL=112 ID=63244 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.405156 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Oct 10 17:56:24.421241 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63245 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.421288 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63246 PROTO=TCP SPT=443 DPT=45136 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Oct 10 17:56:24.512360 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 17:56:24.719320 osdx file_operation[26738]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Oct 10 17:56:24.725251 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37117 DF PROTO=TCP SPT=80 DPT=34158 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Oct 10 17:56:24.725294 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1064 TOS=0x00 PREC=0x00 TTL=64 ID=37118 DF PROTO=TCP SPT=80 DPT=34158 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Oct 10 17:56:24.729233 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37119 DF PROTO=TCP SPT=80 DPT=34158 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Oct 10 17:56:24.744887 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by a provider dictionary
Description
This example illustrates how to match all traffic in a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.165 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.165/0.165/0.165/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.36.36) 56(84) bytes of data. 64 bytes from ams17s12-in-f4.1e100.net (142.251.36.36): icmp_seq=1 ttl=106 time=33.6 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 33.557/33.557/33.557/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 10.9M 0 --:--:-- --:--:-- --:--:-- 13.0M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18219 0 18219 0 0 49767 0 --:--:-- --:--:-- --:--:-- 49778
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:6 ssl-host:www.google.com\]Show output
Oct 10 17:56:29.285812 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 17:56:29.289597 osdx systemd-journald[1670]: Received client request to rotate journal, rotating. Oct 10 17:56:29.289654 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 17:56:29.297114 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Oct 10 17:56:29.508529 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 17:56:29.720204 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:29.781760 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Oct 10 17:56:29.885389 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Oct 10 17:56:29.980986 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Oct 10 17:56:30.036516 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Oct 10 17:56:30.125252 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Oct 10 17:56:30.182565 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 17:56:30.274240 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Oct 10 17:56:30.340059 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 17:56:30.432259 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show working'. Oct 10 17:56:30.495789 osdx ubnt-cfgd[27017]: inactive Oct 10 17:56:30.527017 osdx INFO[27037]: FRR daemons did not change Oct 10 17:56:30.549553 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 17:56:30.589826 osdx WARNING[27105]: No supported link modes on interface eth0 Oct 10 17:56:30.591125 osdx modulelauncher[27105]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 17:56:30.591139 osdx modulelauncher[27105]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 17:56:30.592220 osdx modulelauncher[27105]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 17:56:30.592228 osdx modulelauncher[27105]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 17:56:30.717561 osdx bash[27201]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Oct 10 17:56:30.717662 osdx modulelauncher[27199]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Oct 10 17:56:30.717666 osdx modulelauncher[27199]: Oct 10 17:56:30.851983 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:30.881800 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:30.902183 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:31.043152 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 17:56:31.150790 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Oct 10 17:56:31.288595 osdx file_operation[27255]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Oct 10 17:56:31.313833 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Oct 10 17:56:31.451093 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:31.509924 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Oct 10 17:56:31.599282 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 10 17:56:31.652055 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Oct 10 17:56:31.754814 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show changes'. Oct 10 17:56:31.817873 osdx ubnt-cfgd[27272]: inactive Oct 10 17:56:31.835472 osdx INFO[27278]: FRR daemons did not change Oct 10 17:56:32.033550 osdx kernel: app-detect: module init Oct 10 17:56:32.033618 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 10 17:56:32.033634 osdx kernel: app-detect: expression init Oct 10 17:56:32.033647 osdx kernel: app-detect: appid cache initialized Oct 10 17:56:32.033658 osdx kernel: app-detect: appid cache changes counter initialized Oct 10 17:56:32.211684 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:32.213329 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:32.241470 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:32.438370 osdx file_operation[27333]: using src url: https://www.google.com dst url: running://index.html Oct 10 17:56:32.535094 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56122 PROTO=TCP SPT=443 DPT=39100 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.536904 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=56123 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.536937 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=56125 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.590829 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56126 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.591118 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=56127 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.591132 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=56128 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.597344 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56129 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.631609 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56130 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789022 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1042 TOS=0x00 PREC=0x00 TTL=112 ID=56131 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789107 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56132 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56133 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789552 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56134 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789562 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56135 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.790988 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1172 TOS=0x00 PREC=0x00 TTL=112 ID=56136 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.796156 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56137 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.797535 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56138 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.804356 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=56139 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.804503 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56142 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.804518 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56141 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.805537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56143 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.805551 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56144 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.805561 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=747 TOS=0x00 PREC=0x00 TTL=112 ID=56145 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.823491 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Oct 10 17:56:32.849546 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56146 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.853535 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56147 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.853556 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56148 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com]
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 962 0 962 0 0 220k 0 --:--:-- --:--:-- --:--:-- 234k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:30 http-host:10.215.168.1\]Show output
Oct 10 17:56:29.285812 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 17:56:29.289597 osdx systemd-journald[1670]: Received client request to rotate journal, rotating. Oct 10 17:56:29.289654 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 17:56:29.297114 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Oct 10 17:56:29.508529 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 17:56:29.720204 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:29.781760 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Oct 10 17:56:29.885389 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Oct 10 17:56:29.980986 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Oct 10 17:56:30.036516 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Oct 10 17:56:30.125252 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Oct 10 17:56:30.182565 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 17:56:30.274240 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Oct 10 17:56:30.340059 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 17:56:30.432259 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show working'. Oct 10 17:56:30.495789 osdx ubnt-cfgd[27017]: inactive Oct 10 17:56:30.527017 osdx INFO[27037]: FRR daemons did not change Oct 10 17:56:30.549553 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 17:56:30.589826 osdx WARNING[27105]: No supported link modes on interface eth0 Oct 10 17:56:30.591125 osdx modulelauncher[27105]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 17:56:30.591139 osdx modulelauncher[27105]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 17:56:30.592220 osdx modulelauncher[27105]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 17:56:30.592228 osdx modulelauncher[27105]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 17:56:30.717561 osdx bash[27201]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Oct 10 17:56:30.717662 osdx modulelauncher[27199]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Oct 10 17:56:30.717666 osdx modulelauncher[27199]: Oct 10 17:56:30.851983 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:30.881800 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:30.902183 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:31.043152 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 17:56:31.150790 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Oct 10 17:56:31.288595 osdx file_operation[27255]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Oct 10 17:56:31.313833 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Oct 10 17:56:31.451093 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:31.509924 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Oct 10 17:56:31.599282 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 10 17:56:31.652055 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Oct 10 17:56:31.754814 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show changes'. Oct 10 17:56:31.817873 osdx ubnt-cfgd[27272]: inactive Oct 10 17:56:31.835472 osdx INFO[27278]: FRR daemons did not change Oct 10 17:56:32.033550 osdx kernel: app-detect: module init Oct 10 17:56:32.033618 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 10 17:56:32.033634 osdx kernel: app-detect: expression init Oct 10 17:56:32.033647 osdx kernel: app-detect: appid cache initialized Oct 10 17:56:32.033658 osdx kernel: app-detect: appid cache changes counter initialized Oct 10 17:56:32.211684 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:32.213329 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:32.241470 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:32.438370 osdx file_operation[27333]: using src url: https://www.google.com dst url: running://index.html Oct 10 17:56:32.535094 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56122 PROTO=TCP SPT=443 DPT=39100 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.536904 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=56123 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.536937 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=56125 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.590829 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56126 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.591118 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=56127 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.591132 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=56128 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.597344 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56129 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.631609 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56130 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789022 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1042 TOS=0x00 PREC=0x00 TTL=112 ID=56131 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789107 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56132 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56133 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789552 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56134 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.789562 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56135 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.790988 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1172 TOS=0x00 PREC=0x00 TTL=112 ID=56136 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.796156 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56137 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.797535 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56138 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.804356 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=56139 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.804503 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56142 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.804518 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56141 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.805537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56143 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.805551 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=56144 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.805561 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=747 TOS=0x00 PREC=0x00 TTL=112 ID=56145 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.823491 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Oct 10 17:56:32.849546 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56146 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.853535 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56147 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.853556 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=142.251.36.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=56148 PROTO=TCP SPT=443 DPT=39100 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Oct 10 17:56:32.954931 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 17:56:33.151062 osdx file_operation[27355]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Oct 10 17:56:33.157539 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=22336 DF PROTO=TCP SPT=80 DPT=43482 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Oct 10 17:56:33.157578 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1181 TOS=0x00 PREC=0x00 TTL=64 ID=22337 DF PROTO=TCP SPT=80 DPT=43482 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Oct 10 17:56:33.157597 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=22338 DF PROTO=TCP SPT=80 DPT=43482 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Oct 10 17:56:33.173691 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a custom dictionary
Description
This example illustrates how to drop all traffic that does not belong to a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id custom -1
Step 2: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.197.50) 56(84) bytes of data. 64 bytes from 199.232.197.50 (199.232.197.50): icmp_seq=1 ttl=52 time=3.42 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.417/3.417/3.417/0.000 ms
Step 3: Ping IP address www.facebook.es from DUT0:
admin@DUT0$ ping www.facebook.es count 1 size 56 timeout 1Show output
PING star-mini.c10r.facebook.com (57.144.222.1) 56(84) bytes of data. 64 bytes from edge-star-mini-shv-01-ams2.facebook.com (57.144.222.1): icmp_seq=1 ttl=45 time=41.3 ms --- star-mini.c10r.facebook.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 41.255/41.255/41.255/0.000 ms
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Oct 10 17:56:38.289165 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 17:56:38.291778 osdx systemd-journald[1670]: Received client request to rotate journal, rotating. Oct 10 17:56:38.291840 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 17:56:38.298822 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Oct 10 17:56:38.503576 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 17:56:38.725172 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:38.781884 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Oct 10 17:56:38.898720 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Oct 10 17:56:39.003371 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Oct 10 17:56:39.059445 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Oct 10 17:56:39.164885 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Oct 10 17:56:39.215223 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Oct 10 17:56:39.311799 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Oct 10 17:56:39.366643 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Oct 10 17:56:39.457534 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 10 17:56:39.514055 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Oct 10 17:56:39.620886 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 17:56:39.673016 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Oct 10 17:56:39.823586 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 17:56:39.905575 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show working'. Oct 10 17:56:40.017011 osdx ubnt-cfgd[27639]: inactive Oct 10 17:56:40.052884 osdx INFO[27659]: FRR daemons did not change Oct 10 17:56:40.231803 osdx kernel: app-detect: module init Oct 10 17:56:40.231862 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 10 17:56:40.231877 osdx kernel: app-detect: expression init Oct 10 17:56:40.231885 osdx kernel: app-detect: appid cache initialized Oct 10 17:56:40.231893 osdx kernel: app-detect: appid cache changes counter initialized Oct 10 17:56:40.275779 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 17:56:40.318272 osdx WARNING[27760]: No supported link modes on interface eth0 Oct 10 17:56:40.319964 osdx modulelauncher[27760]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 17:56:40.319981 osdx modulelauncher[27760]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 17:56:40.321799 osdx modulelauncher[27760]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 17:56:40.321814 osdx modulelauncher[27760]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 17:56:40.574356 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:40.585540 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:40.613959 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:40.854716 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Oct 10 17:56:41.126819 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Oct 10 17:56:41.295498 osdx file_operation[27910]: using src url: https://www.marca.com dst url: running://index.html Oct 10 17:56:41.324919 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=15138 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327036 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15139 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327151 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15140 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327184 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15141 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327489 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=51 ID=15142 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.366312 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=51 ID=15143 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.524825 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15144 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.592469 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15145 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.736873 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15146 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:42.031428 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15147 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:42.160600 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15148 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:42.967412 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15149 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:43.024596 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15150 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:44.724489 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15151 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:44.760406 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=15152 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:46.277956 osdx file_operation.py[27910]: Operation aborted by user. Oct 10 17:56:46.294007 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Oct 10 17:56:46.295775 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=15153 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:46.295809 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=15154 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:80 http-host:www.facebook.es\]Show output
Oct 10 17:56:38.289165 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 17:56:38.291778 osdx systemd-journald[1670]: Received client request to rotate journal, rotating. Oct 10 17:56:38.291840 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 17:56:38.298822 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Oct 10 17:56:38.503576 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 17:56:38.725172 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:38.781884 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Oct 10 17:56:38.898720 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Oct 10 17:56:39.003371 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Oct 10 17:56:39.059445 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Oct 10 17:56:39.164885 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Oct 10 17:56:39.215223 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Oct 10 17:56:39.311799 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Oct 10 17:56:39.366643 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Oct 10 17:56:39.457534 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 10 17:56:39.514055 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Oct 10 17:56:39.620886 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 17:56:39.673016 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Oct 10 17:56:39.823586 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 17:56:39.905575 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show working'. Oct 10 17:56:40.017011 osdx ubnt-cfgd[27639]: inactive Oct 10 17:56:40.052884 osdx INFO[27659]: FRR daemons did not change Oct 10 17:56:40.231803 osdx kernel: app-detect: module init Oct 10 17:56:40.231862 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 10 17:56:40.231877 osdx kernel: app-detect: expression init Oct 10 17:56:40.231885 osdx kernel: app-detect: appid cache initialized Oct 10 17:56:40.231893 osdx kernel: app-detect: appid cache changes counter initialized Oct 10 17:56:40.275779 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 17:56:40.318272 osdx WARNING[27760]: No supported link modes on interface eth0 Oct 10 17:56:40.319964 osdx modulelauncher[27760]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 17:56:40.319981 osdx modulelauncher[27760]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 17:56:40.321799 osdx modulelauncher[27760]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 17:56:40.321814 osdx modulelauncher[27760]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 17:56:40.574356 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:40.585540 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:40.613959 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:40.854716 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Oct 10 17:56:41.126819 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Oct 10 17:56:41.295498 osdx file_operation[27910]: using src url: https://www.marca.com dst url: running://index.html Oct 10 17:56:41.324919 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=15138 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327036 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15139 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327151 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15140 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327184 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15141 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.327489 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=51 ID=15142 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.366312 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=51 ID=15143 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.524825 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15144 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.592469 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15145 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:41.736873 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15146 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:42.031428 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15147 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:42.160600 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15148 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:42.967412 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=15149 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:43.024596 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15150 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:44.724489 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=15151 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:44.760406 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=15152 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:46.277956 osdx file_operation.py[27910]: Operation aborted by user. Oct 10 17:56:46.294007 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Oct 10 17:56:46.295775 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=15153 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:46.295809 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=15154 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:46.502266 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 17:56:46.728126 osdx file_operation[27930]: using src url: http://www.facebook.es dst url: running://index.html Oct 10 17:56:46.814866 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=45269 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:46.920578 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=45270 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:47.053083 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=45271 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:47.161733 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=45272 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:47.297322 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=45273 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:47.401775 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=45274 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:47.793305 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=45275 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:47.881696 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=45276 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:48.241030 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=15155 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:48.279347 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=15156 DF PROTO=TCP SPT=443 DPT=56010 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:48.785125 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=45277 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:48.841690 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=45278 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:50.737346 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=45279 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:50.761595 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=45280 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Oct 10 17:56:51.659896 osdx file_operation.py[27930]: Operation aborted by user. Oct 10 17:56:51.676542 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy http://www.facebook.es running://index.html force'. Oct 10 17:56:51.711775 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=45281 DF PROTO=TCP SPT=80 DPT=57986 WINDOW=261 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:www.facebook.es]
Drop Traffic not in a provider dictionary
Description
This example illustrates how to drop all traffic that does not belong to a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.162 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.162/0.162/0.162/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.197.50) 56(84) bytes of data. 64 bytes from 199.232.197.50 (199.232.197.50): icmp_seq=1 ttl=52 time=3.42 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.419/3.419/3.419/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 10.5M 0 --:--:-- --:--:-- --:--:-- 10.8M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Oct 10 17:56:56.301777 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 17:56:56.302847 osdx systemd-journald[1670]: Received client request to rotate journal, rotating. Oct 10 17:56:56.302913 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 17:56:56.311564 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Oct 10 17:56:56.517036 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 17:56:56.726177 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:56.818333 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 17:56:56.869473 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Oct 10 17:56:56.984445 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 17:56:57.045605 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show working'. Oct 10 17:56:57.138738 osdx ubnt-cfgd[28196]: inactive Oct 10 17:56:57.156399 osdx INFO[28202]: FRR daemons did not change Oct 10 17:56:57.178818 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 17:56:57.222224 osdx WARNING[28270]: No supported link modes on interface eth0 Oct 10 17:56:57.223527 osdx modulelauncher[28270]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 17:56:57.223539 osdx modulelauncher[28270]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 17:56:57.224653 osdx modulelauncher[28270]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 17:56:57.224660 osdx modulelauncher[28270]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 17:56:57.289141 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:57.302706 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:57.318472 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:57.457114 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 17:56:57.581456 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Oct 10 17:56:57.736189 osdx file_operation[28397]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Oct 10 17:56:57.762768 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Oct 10 17:56:57.911317 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Oct 10 17:56:57.974414 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Oct 10 17:56:58.069352 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Oct 10 17:56:58.120126 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Oct 10 17:56:58.214340 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Oct 10 17:56:58.275255 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Oct 10 17:56:58.371366 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Oct 10 17:56:58.422784 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Oct 10 17:56:58.518686 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Oct 10 17:56:58.570605 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 10 17:56:58.662181 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Oct 10 17:56:58.724595 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'show changes'. Oct 10 17:56:58.831171 osdx ubnt-cfgd[28425]: inactive Oct 10 17:56:58.862371 osdx INFO[28445]: FRR daemons did not change Oct 10 17:56:59.006823 osdx kernel: app-detect: module init Oct 10 17:56:59.006874 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 10 17:56:59.006883 osdx kernel: app-detect: expression init Oct 10 17:56:59.006891 osdx kernel: app-detect: appid cache initialized Oct 10 17:56:59.006899 osdx kernel: app-detect: appid cache changes counter initialized Oct 10 17:56:59.341933 osdx cfgd[1464]: [2572]Completed change to active configuration Oct 10 17:56:59.367429 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Oct 10 17:56:59.382986 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Oct 10 17:56:59.586334 osdx file_operation[28523]: using src url: https://www.marca.com dst url: running://index.html Oct 10 17:56:59.618826 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=45714 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:59.618894 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=52 ID=45715 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:59.618903 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=52 ID=45716 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:59.618912 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=52 ID=45717 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:59.618920 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=52 ID=45718 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:59.657828 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=52 ID=45719 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:59.806315 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=45720 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:56:59.883861 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=52 ID=45721 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:00.014459 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=45722 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:00.323896 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=52 ID=45723 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:00.430316 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=45724 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:01.211900 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=52 ID=45725 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:01.262435 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=45726 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:02.926339 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=45727 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:03.003807 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=45728 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:04.556730 osdx file_operation.py[28523]: Operation aborted by user. Oct 10 17:57:04.573901 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Oct 10 17:57:04.574823 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=45729 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Oct 10 17:57:04.574856 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:19:68:51:b7:f4:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=45730 DF PROTO=TCP SPT=443 DPT=38100 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]