App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.205 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.205/0.205/0.205/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.39.132) 56(84) bytes of data. 64 bytes from tzamsa-af-in-f4.1e100.net (142.251.39.132): icmp_seq=1 ttl=107 time=64.2 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 64.229/64.229/64.229/0.000 ms
Step 4: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 77360 0 77360 0 0 204k 0 --:--:-- --:--:-- --:--:-- 204k
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:33 ssl-host:www.google.com\]Show output
Nov 12 10:49:08.366162 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free. Nov 12 10:49:08.368094 osdx systemd-journald[1959]: Received client request to rotate journal, rotating. Nov 12 10:49:08.368144 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c. Nov 12 10:49:08.375644 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal clear'. Nov 12 10:49:08.604405 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 10:49:08.844923 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:08.953728 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Nov 12 10:49:09.071208 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Nov 12 10:49:09.183262 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Nov 12 10:49:09.305033 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Nov 12 10:49:09.458401 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Nov 12 10:49:09.562416 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Nov 12 10:49:09.679427 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Nov 12 10:49:09.730114 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Nov 12 10:49:09.826428 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Nov 12 10:49:09.889104 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 10:49:09.989090 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Nov 12 10:49:10.065903 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 10:49:10.161630 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show working'. Nov 12 10:49:10.230862 osdx ubnt-cfgd[27328]: inactive Nov 12 10:49:10.279701 osdx INFO[27352]: FRR daemons did not change Nov 12 10:49:10.476088 osdx kernel: app-detect: module init Nov 12 10:49:10.476144 osdx kernel: app-detect: registered: sysctl net.appdetect Nov 12 10:49:10.476158 osdx kernel: app-detect: expression init Nov 12 10:49:10.476170 osdx kernel: app-detect: appid cache initialized Nov 12 10:49:10.476187 osdx kernel: app-detect: appid cache changes counter initialized Nov 12 10:49:10.528095 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 10:49:10.572227 osdx WARNING[27454]: No supported link modes on interface eth0 Nov 12 10:49:10.573670 osdx modulelauncher[27454]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 10:49:10.573685 osdx modulelauncher[27454]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 10:49:10.575226 osdx modulelauncher[27454]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 10:49:10.575236 osdx modulelauncher[27454]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 10:49:10.819306 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:10.834453 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:10.850499 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:11.031246 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 10:49:11.171081 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Nov 12 10:49:11.341920 osdx file_operation[27607]: using src url: https://www.google.com dst url: running://index.html Nov 12 10:49:11.525651 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=53913 PROTO=TCP SPT=443 DPT=41828 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.528452 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53914 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.528567 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53915 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.528611 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1366 TOS=0x00 PREC=0x00 TTL=113 ID=53916 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.574331 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=53917 PROTO=TCP SPT=443 DPT=41828 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.577501 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=53918 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.616835 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=53919 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.620923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1031 TOS=0x00 PREC=0x00 TTL=113 ID=53920 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621062 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53921 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621180 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53922 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621309 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53923 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621449 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53924 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.624336 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=53926 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.624381 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53925 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.625932 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53927 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.627947 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53928 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.628001 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53929 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.632523 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53930 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.632595 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53931 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.636109 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=53932 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.638538 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53934 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.638560 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53935 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.640736 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53936 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.640813 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53937 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.644314 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53938 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.644390 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53939 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.657859 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53940 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.657923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53941 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.659517 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53942 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.659573 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53943 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.669280 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=53944 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.669824 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53947 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.670237 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53949 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.670250 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53948 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.672083 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53946 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.673642 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53950 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.673720 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53951 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.676739 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53952 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.680086 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53953 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.680120 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53954 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.680134 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53955 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.684079 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53956 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.684106 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53957 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688077 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53958 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688093 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53959 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688102 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53960 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688110 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53961 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.692080 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53962 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.692096 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53963 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.696080 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53964 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.696095 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53965 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.700079 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53967 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.700093 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53966 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.704080 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53969 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.704097 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53968 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.708089 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53970 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.708125 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53971 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712083 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53972 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712108 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53973 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712117 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53974 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712125 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53975 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712138 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53976 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712147 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53977 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712155 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=350 TOS=0x00 PREC=0x00 TTL=113 ID=53978 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.734579 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 845 0 845 0 0 139k 0 --:--:-- --:--:-- --:--:-- 165k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:34 http-host:10.215.168.1\]Show output
Nov 12 10:49:08.366162 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free. Nov 12 10:49:08.368094 osdx systemd-journald[1959]: Received client request to rotate journal, rotating. Nov 12 10:49:08.368144 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c. Nov 12 10:49:08.375644 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal clear'. Nov 12 10:49:08.604405 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 10:49:08.844923 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:08.953728 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Nov 12 10:49:09.071208 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Nov 12 10:49:09.183262 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Nov 12 10:49:09.305033 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Nov 12 10:49:09.458401 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Nov 12 10:49:09.562416 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Nov 12 10:49:09.679427 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Nov 12 10:49:09.730114 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Nov 12 10:49:09.826428 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Nov 12 10:49:09.889104 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 10:49:09.989090 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Nov 12 10:49:10.065903 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 10:49:10.161630 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show working'. Nov 12 10:49:10.230862 osdx ubnt-cfgd[27328]: inactive Nov 12 10:49:10.279701 osdx INFO[27352]: FRR daemons did not change Nov 12 10:49:10.476088 osdx kernel: app-detect: module init Nov 12 10:49:10.476144 osdx kernel: app-detect: registered: sysctl net.appdetect Nov 12 10:49:10.476158 osdx kernel: app-detect: expression init Nov 12 10:49:10.476170 osdx kernel: app-detect: appid cache initialized Nov 12 10:49:10.476187 osdx kernel: app-detect: appid cache changes counter initialized Nov 12 10:49:10.528095 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 10:49:10.572227 osdx WARNING[27454]: No supported link modes on interface eth0 Nov 12 10:49:10.573670 osdx modulelauncher[27454]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 10:49:10.573685 osdx modulelauncher[27454]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 10:49:10.575226 osdx modulelauncher[27454]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 10:49:10.575236 osdx modulelauncher[27454]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 10:49:10.819306 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:10.834453 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:10.850499 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:11.031246 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 10:49:11.171081 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Nov 12 10:49:11.341920 osdx file_operation[27607]: using src url: https://www.google.com dst url: running://index.html Nov 12 10:49:11.525651 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=53913 PROTO=TCP SPT=443 DPT=41828 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.528452 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53914 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.528567 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53915 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.528611 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1366 TOS=0x00 PREC=0x00 TTL=113 ID=53916 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.574331 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=53917 PROTO=TCP SPT=443 DPT=41828 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.577501 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=53918 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.616835 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=53919 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.620923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1031 TOS=0x00 PREC=0x00 TTL=113 ID=53920 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621062 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53921 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621180 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53922 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621309 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53923 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.621449 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53924 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.624336 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=53926 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.624381 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53925 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.625932 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53927 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.627947 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53928 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.628001 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53929 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.632523 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53930 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.632595 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53931 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.636109 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=53932 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.638538 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53934 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.638560 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53935 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.640736 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53936 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.640813 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53937 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.644314 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53938 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.644390 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53939 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.657859 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53940 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.657923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53941 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.659517 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53942 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.659573 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53943 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.669280 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=53944 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.669824 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53947 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.670237 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53949 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.670250 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53948 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.672083 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53946 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.673642 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53950 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.673720 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53951 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.676739 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53952 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.680086 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53953 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.680120 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53954 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.680134 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53955 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.684079 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53956 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.684106 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53957 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688077 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53958 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688093 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53959 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688102 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53960 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.688110 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53961 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.692080 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53962 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.692096 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53963 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.696080 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53964 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.696095 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53965 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.700079 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53967 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.700093 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53966 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.704080 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53969 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.704097 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53968 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.708089 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53970 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.708125 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53971 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712083 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53972 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712108 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53973 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712117 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53974 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712125 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53975 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712138 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53976 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712147 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=53977 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.712155 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=350 TOS=0x00 PREC=0x00 TTL=113 ID=53978 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.734579 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Nov 12 10:49:11.816097 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=53979 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.844085 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=53980 PROTO=TCP SPT=443 DPT=41828 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Nov 12 10:49:11.933119 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 10:49:12.276854 osdx file_operation[27629]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Nov 12 10:49:12.284545 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33295 DF PROTO=TCP SPT=80 DPT=53302 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Nov 12 10:49:12.284682 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1064 TOS=0x00 PREC=0x00 TTL=64 ID=33296 DF PROTO=TCP SPT=80 DPT=53302 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Nov 12 10:49:12.284698 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33297 DF PROTO=TCP SPT=80 DPT=53302 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Nov 12 10:49:12.301889 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by a provider dictionary
Description
This example illustrates how to match all traffic in a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.144 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.144/0.144/0.144/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.39.132) 56(84) bytes of data. 64 bytes from tzamsa-af-in-f4.1e100.net (142.251.39.132): icmp_seq=1 ttl=107 time=32.5 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 32.467/32.467/32.467/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 11.0M 0 --:--:-- --:--:-- --:--:-- 13.0M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18713 0 18713 0 0 85231 0 --:--:-- --:--:-- --:--:-- 85447
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:6 ssl-host:www.google.com\]Show output
Nov 12 10:49:18.279850 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free. Nov 12 10:49:18.282261 osdx systemd-journald[1959]: Received client request to rotate journal, rotating. Nov 12 10:49:18.282319 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c. Nov 12 10:49:18.289590 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal clear'. Nov 12 10:49:18.497662 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 10:49:18.751246 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:18.809775 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Nov 12 10:49:18.911377 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Nov 12 10:49:19.006341 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Nov 12 10:49:19.113778 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Nov 12 10:49:19.165228 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Nov 12 10:49:19.260904 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 10:49:19.319031 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Nov 12 10:49:19.427738 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 10:49:19.489633 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show working'. Nov 12 10:49:19.578470 osdx ubnt-cfgd[27906]: inactive Nov 12 10:49:19.616789 osdx INFO[27930]: FRR daemons did not change Nov 12 10:49:19.638254 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 10:49:19.678364 osdx WARNING[27998]: No supported link modes on interface eth0 Nov 12 10:49:19.679673 osdx modulelauncher[27998]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 10:49:19.679686 osdx modulelauncher[27998]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 10:49:19.680762 osdx modulelauncher[27998]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 10:49:19.680770 osdx modulelauncher[27998]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 10:49:19.811698 osdx bash[28094]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Nov 12 10:49:19.812042 osdx modulelauncher[28092]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Nov 12 10:49:19.812058 osdx modulelauncher[28092]: Nov 12 10:49:19.957664 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:19.986177 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:20.009374 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:20.151407 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 10:49:20.275290 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Nov 12 10:49:20.406826 osdx file_operation[28148]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Nov 12 10:49:20.432703 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Nov 12 10:49:20.565293 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:20.627116 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Nov 12 10:49:20.729878 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Nov 12 10:49:20.825526 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Nov 12 10:49:20.901644 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show changes'. Nov 12 10:49:20.994520 osdx ubnt-cfgd[28165]: inactive Nov 12 10:49:21.016204 osdx INFO[28171]: FRR daemons did not change Nov 12 10:49:21.186337 osdx kernel: app-detect: module init Nov 12 10:49:21.186460 osdx kernel: app-detect: registered: sysctl net.appdetect Nov 12 10:49:21.186509 osdx kernel: app-detect: expression init Nov 12 10:49:21.186545 osdx kernel: app-detect: appid cache initialized Nov 12 10:49:21.186576 osdx kernel: app-detect: appid cache changes counter initialized Nov 12 10:49:21.379328 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:21.381092 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:21.396223 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:21.603580 osdx file_operation[28226]: using src url: https://www.google.com dst url: running://index.html Nov 12 10:49:21.704539 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19571 PROTO=TCP SPT=443 DPT=59870 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.708169 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=19572 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.708207 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=113 ID=19574 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.759230 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19575 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.759321 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=19577 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.759342 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=19576 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.773401 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19578 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.796737 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19579 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.817972 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1196 TOS=0x00 PREC=0x00 TTL=113 ID=19580 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818005 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19581 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818242 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19582 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818256 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19583 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19584 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19587 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819636 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19586 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819656 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19585 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819673 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19588 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.820133 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19589 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.820243 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19590 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.821260 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19591 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.821419 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19592 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.823258 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=961 TOS=0x00 PREC=0x00 TTL=113 ID=19594 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.823275 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19593 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.843992 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Nov 12 10:49:21.866258 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19595 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com]
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 962 0 962 0 0 148k 0 --:--:-- --:--:-- --:--:-- 156k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:30 http-host:10.215.168.1\]Show output
Nov 12 10:49:18.279850 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free. Nov 12 10:49:18.282261 osdx systemd-journald[1959]: Received client request to rotate journal, rotating. Nov 12 10:49:18.282319 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c. Nov 12 10:49:18.289590 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal clear'. Nov 12 10:49:18.497662 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 10:49:18.751246 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:18.809775 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Nov 12 10:49:18.911377 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Nov 12 10:49:19.006341 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Nov 12 10:49:19.113778 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Nov 12 10:49:19.165228 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Nov 12 10:49:19.260904 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 10:49:19.319031 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Nov 12 10:49:19.427738 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 10:49:19.489633 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show working'. Nov 12 10:49:19.578470 osdx ubnt-cfgd[27906]: inactive Nov 12 10:49:19.616789 osdx INFO[27930]: FRR daemons did not change Nov 12 10:49:19.638254 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 10:49:19.678364 osdx WARNING[27998]: No supported link modes on interface eth0 Nov 12 10:49:19.679673 osdx modulelauncher[27998]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 10:49:19.679686 osdx modulelauncher[27998]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 10:49:19.680762 osdx modulelauncher[27998]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 10:49:19.680770 osdx modulelauncher[27998]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 10:49:19.811698 osdx bash[28094]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Nov 12 10:49:19.812042 osdx modulelauncher[28092]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Nov 12 10:49:19.812058 osdx modulelauncher[28092]: Nov 12 10:49:19.957664 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:19.986177 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:20.009374 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:20.151407 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 10:49:20.275290 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Nov 12 10:49:20.406826 osdx file_operation[28148]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Nov 12 10:49:20.432703 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Nov 12 10:49:20.565293 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:20.627116 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Nov 12 10:49:20.729878 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Nov 12 10:49:20.825526 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Nov 12 10:49:20.901644 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show changes'. Nov 12 10:49:20.994520 osdx ubnt-cfgd[28165]: inactive Nov 12 10:49:21.016204 osdx INFO[28171]: FRR daemons did not change Nov 12 10:49:21.186337 osdx kernel: app-detect: module init Nov 12 10:49:21.186460 osdx kernel: app-detect: registered: sysctl net.appdetect Nov 12 10:49:21.186509 osdx kernel: app-detect: expression init Nov 12 10:49:21.186545 osdx kernel: app-detect: appid cache initialized Nov 12 10:49:21.186576 osdx kernel: app-detect: appid cache changes counter initialized Nov 12 10:49:21.379328 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:21.381092 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:21.396223 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:21.603580 osdx file_operation[28226]: using src url: https://www.google.com dst url: running://index.html Nov 12 10:49:21.704539 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19571 PROTO=TCP SPT=443 DPT=59870 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.708169 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=19572 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.708207 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=113 ID=19574 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.759230 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19575 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.759321 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=19577 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.759342 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=19576 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.773401 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19578 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.796737 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19579 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.817972 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1196 TOS=0x00 PREC=0x00 TTL=113 ID=19580 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818005 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19581 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818242 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19582 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818256 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19583 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.818372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19584 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19587 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819636 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19586 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819656 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19585 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.819673 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19588 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.820133 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19589 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.820243 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19590 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.821260 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19591 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.821419 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19592 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.823258 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=961 TOS=0x00 PREC=0x00 TTL=113 ID=19594 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.823275 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=19593 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.843992 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Nov 12 10:49:21.866258 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=142.251.39.132 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=19595 PROTO=TCP SPT=443 DPT=59870 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Nov 12 10:49:21.955247 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 10:49:22.215684 osdx file_operation[28248]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Nov 12 10:49:22.222254 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=23922 DF PROTO=TCP SPT=80 DPT=42776 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Nov 12 10:49:22.222317 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1181 TOS=0x00 PREC=0x00 TTL=64 ID=23923 DF PROTO=TCP SPT=80 DPT=42776 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Nov 12 10:49:22.226256 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=23924 DF PROTO=TCP SPT=80 DPT=42776 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Nov 12 10:49:22.245371 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a custom dictionary
Description
This example illustrates how to drop all traffic that does not belong to a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id custom -1
Step 2: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.193.50) 56(84) bytes of data. 64 bytes from 199.232.193.50 (199.232.193.50): icmp_seq=1 ttl=50 time=18.4 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 18.375/18.375/18.375/0.000 ms
Step 3: Ping IP address www.facebook.es from DUT0:
admin@DUT0$ ping www.facebook.es count 1 size 56 timeout 1Show output
PING star-mini.c10r.facebook.com (57.144.222.1) 56(84) bytes of data. 64 bytes from edge-star-mini-shv-01-ams2.facebook.com (57.144.222.1): icmp_seq=1 ttl=45 time=37.6 ms --- star-mini.c10r.facebook.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 37.552/37.552/37.552/0.000 ms
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Nov 12 10:49:27.342658 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free. Nov 12 10:49:27.344675 osdx systemd-journald[1959]: Received client request to rotate journal, rotating. Nov 12 10:49:27.344726 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c. Nov 12 10:49:27.353541 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal clear'. Nov 12 10:49:27.639988 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 10:49:27.868621 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:27.935349 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Nov 12 10:49:28.030654 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Nov 12 10:49:28.084006 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Nov 12 10:49:28.239594 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Nov 12 10:49:28.337771 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Nov 12 10:49:28.434985 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Nov 12 10:49:28.494161 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Nov 12 10:49:28.591039 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Nov 12 10:49:28.653832 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Nov 12 10:49:28.750307 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Nov 12 10:49:28.820612 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 10:49:28.912000 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Nov 12 10:49:28.999615 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 10:49:29.111174 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show working'. Nov 12 10:49:29.182819 osdx ubnt-cfgd[28532]: inactive Nov 12 10:49:29.223749 osdx INFO[28556]: FRR daemons did not change Nov 12 10:49:29.388686 osdx kernel: app-detect: module init Nov 12 10:49:29.388750 osdx kernel: app-detect: registered: sysctl net.appdetect Nov 12 10:49:29.388772 osdx kernel: app-detect: expression init Nov 12 10:49:29.388781 osdx kernel: app-detect: appid cache initialized Nov 12 10:49:29.388789 osdx kernel: app-detect: appid cache changes counter initialized Nov 12 10:49:29.432684 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 10:49:29.477382 osdx WARNING[28657]: No supported link modes on interface eth0 Nov 12 10:49:29.478852 osdx modulelauncher[28657]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 10:49:29.478870 osdx modulelauncher[28657]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 10:49:29.480041 osdx modulelauncher[28657]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 10:49:29.480051 osdx modulelauncher[28657]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 10:49:29.703702 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:29.755827 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:29.771697 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:35.002313 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Nov 12 10:49:35.194287 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Nov 12 10:49:35.333857 osdx file_operation[28807]: using src url: https://www.marca.com dst url: running://index.html Nov 12 10:49:35.380683 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=55755 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.380747 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55756 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.380758 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55757 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.380773 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55758 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.384684 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=50 ID=55759 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.439688 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=50 ID=55760 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.601857 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55761 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.691932 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55762 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.817510 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55763 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:36.153559 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55764 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:36.261508 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55765 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:37.082853 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55766 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:37.161042 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55767 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:38.938254 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55768 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:38.950284 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55769 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:40.311937 osdx file_operation.py[28807]: Operation aborted by user. Nov 12 10:49:40.330558 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Nov 12 10:49:40.356678 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=55770 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:40.356721 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=55771 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:80 http-host:www.facebook.es\]Show output
Nov 12 10:49:27.342658 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free. Nov 12 10:49:27.344675 osdx systemd-journald[1959]: Received client request to rotate journal, rotating. Nov 12 10:49:27.344726 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c. Nov 12 10:49:27.353541 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal clear'. Nov 12 10:49:27.639988 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 10:49:27.868621 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:27.935349 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Nov 12 10:49:28.030654 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Nov 12 10:49:28.084006 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Nov 12 10:49:28.239594 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Nov 12 10:49:28.337771 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Nov 12 10:49:28.434985 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Nov 12 10:49:28.494161 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Nov 12 10:49:28.591039 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Nov 12 10:49:28.653832 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Nov 12 10:49:28.750307 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Nov 12 10:49:28.820612 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 10:49:28.912000 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Nov 12 10:49:28.999615 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 10:49:29.111174 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show working'. Nov 12 10:49:29.182819 osdx ubnt-cfgd[28532]: inactive Nov 12 10:49:29.223749 osdx INFO[28556]: FRR daemons did not change Nov 12 10:49:29.388686 osdx kernel: app-detect: module init Nov 12 10:49:29.388750 osdx kernel: app-detect: registered: sysctl net.appdetect Nov 12 10:49:29.388772 osdx kernel: app-detect: expression init Nov 12 10:49:29.388781 osdx kernel: app-detect: appid cache initialized Nov 12 10:49:29.388789 osdx kernel: app-detect: appid cache changes counter initialized Nov 12 10:49:29.432684 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 10:49:29.477382 osdx WARNING[28657]: No supported link modes on interface eth0 Nov 12 10:49:29.478852 osdx modulelauncher[28657]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 10:49:29.478870 osdx modulelauncher[28657]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 10:49:29.480041 osdx modulelauncher[28657]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 10:49:29.480051 osdx modulelauncher[28657]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 10:49:29.703702 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:29.755827 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:29.771697 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:35.002313 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Nov 12 10:49:35.194287 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Nov 12 10:49:35.333857 osdx file_operation[28807]: using src url: https://www.marca.com dst url: running://index.html Nov 12 10:49:35.380683 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=55755 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.380747 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55756 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.380758 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55757 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.380773 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55758 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.384684 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=50 ID=55759 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.439688 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=50 ID=55760 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.601857 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55761 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.691932 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55762 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:35.817510 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55763 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:36.153559 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55764 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:36.261508 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55765 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:37.082853 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55766 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:37.161042 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55767 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:38.938254 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55768 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:38.950284 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55769 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:40.311937 osdx file_operation.py[28807]: Operation aborted by user. Nov 12 10:49:40.330558 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Nov 12 10:49:40.356678 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=55770 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:40.356721 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=55771 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:40.542642 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 10:49:40.706290 osdx file_operation[28829]: using src url: http://www.facebook.es dst url: running://index.html Nov 12 10:49:40.803686 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=18174 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:40.914683 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=18175 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:41.050454 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=18176 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:41.163136 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=18177 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:41.302631 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=18178 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:41.408752 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=18179 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:41.817741 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=18180 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:41.904748 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=18181 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:42.557392 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=55772 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:42.642396 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=55773 DF PROTO=TCP SPT=443 DPT=53216 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:42.857822 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=18182 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:42.921820 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=18183 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:44.861864 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=18184 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:44.907595 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=484 TOS=0x00 PREC=0x00 TTL=43 ID=18185 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Nov 12 10:49:45.669614 osdx file_operation.py[28829]: Operation aborted by user. Nov 12 10:49:45.688024 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy http://www.facebook.es running://index.html force'. Nov 12 10:49:45.798291 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=57.144.222.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=18186 DF PROTO=TCP SPT=80 DPT=37816 WINDOW=261 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:www.facebook.es]
Drop Traffic not in a provider dictionary
Description
This example illustrates how to drop all traffic that does not belong to a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.163 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.163/0.163/0.163/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.193.50) 56(84) bytes of data. 64 bytes from 199.232.193.50 (199.232.193.50): icmp_seq=1 ttl=50 time=3.71 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.712/3.712/3.712/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 2049k 0 --:--:-- --:--:-- --:--:-- 2080k
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Nov 12 10:49:50.299529 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free. Nov 12 10:49:50.300094 osdx systemd-journald[1959]: Received client request to rotate journal, rotating. Nov 12 10:49:50.300140 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c. Nov 12 10:49:50.308792 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system journal clear'. Nov 12 10:49:50.527395 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 10:49:50.784985 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:50.852908 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 10:49:50.944213 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Nov 12 10:49:51.018578 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 10:49:51.096211 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show working'. Nov 12 10:49:51.187121 osdx ubnt-cfgd[29095]: inactive Nov 12 10:49:51.204513 osdx INFO[29101]: FRR daemons did not change Nov 12 10:49:51.228100 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 10:49:51.267549 osdx WARNING[29169]: No supported link modes on interface eth0 Nov 12 10:49:51.268850 osdx modulelauncher[29169]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 10:49:51.268865 osdx modulelauncher[29169]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 10:49:51.269912 osdx modulelauncher[29169]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 10:49:51.269921 osdx modulelauncher[29169]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 10:49:51.333054 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:51.345899 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:51.368068 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:51.510411 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 10:49:51.591019 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Nov 12 10:49:51.761206 osdx file_operation[29296]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Nov 12 10:49:51.835199 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Nov 12 10:49:51.983472 osdx OSDxCLI[2267]: User 'admin' entered the configuration menu. Nov 12 10:49:52.041867 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Nov 12 10:49:52.136347 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Nov 12 10:49:52.189486 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Nov 12 10:49:52.273152 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Nov 12 10:49:52.328723 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Nov 12 10:49:52.452065 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Nov 12 10:49:52.520962 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Nov 12 10:49:52.656836 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Nov 12 10:49:52.708430 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Nov 12 10:49:52.801705 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Nov 12 10:49:52.866437 osdx OSDxCLI[2267]: User 'admin' added a new cfg line: 'show changes'. Nov 12 10:49:52.958819 osdx ubnt-cfgd[29323]: inactive Nov 12 10:49:53.001313 osdx INFO[29347]: FRR daemons did not change Nov 12 10:49:53.148096 osdx kernel: app-detect: module init Nov 12 10:49:53.148155 osdx kernel: app-detect: registered: sysctl net.appdetect Nov 12 10:49:53.148165 osdx kernel: app-detect: expression init Nov 12 10:49:53.148173 osdx kernel: app-detect: appid cache initialized Nov 12 10:49:53.148184 osdx kernel: app-detect: appid cache changes counter initialized Nov 12 10:49:53.511584 osdx cfgd[1656]: [2267]Completed change to active configuration Nov 12 10:49:53.513814 osdx OSDxCLI[2267]: User 'admin' committed the configuration. Nov 12 10:49:53.534000 osdx OSDxCLI[2267]: User 'admin' left the configuration menu. Nov 12 10:49:53.757856 osdx file_operation[29426]: using src url: https://www.marca.com dst url: running://index.html Nov 12 10:49:53.809921 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=53947 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:53.811819 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=53948 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:53.811843 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=53949 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:53.812087 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=2421 TOS=0x00 PREC=0x00 TTL=50 ID=53950 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:53.906921 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=50 ID=53952 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:54.028822 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=53953 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:54.154466 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=53954 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:54.259160 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=53955 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:54.641405 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=53956 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:54.723876 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=53957 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:55.642453 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=53958 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:55.651702 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=53959 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:57.507462 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=53960 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:57.625334 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=53961 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:58.729324 osdx file_operation.py[29426]: Operation aborted by user. Nov 12 10:49:58.743724 osdx OSDxCLI[2267]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Nov 12 10:49:58.744087 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=53962 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Nov 12 10:49:58.744103 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:03:32:97:84:04:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=53963 DF PROTO=TCP SPT=443 DPT=58944 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]