App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.424 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.424/0.424/0.424/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.36.4) 56(84) bytes of data. 64 bytes from ams15s44-in-f4.1e100.net (142.251.36.4): icmp_seq=1 ttl=107 time=37.7 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 37.696/37.696/37.696/0.000 ms
Step 4: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18873 0 18873 0 0 102k 0 --:--:-- --:--:-- --:--:-- 102k
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:33 ssl-host:www.google.com\]Show output
Dec 17 18:19:27.352721 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 18:19:27.353370 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 18:19:27.353413 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 18:19:27.363679 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system journal clear'. Dec 17 18:19:27.731083 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 18:19:28.062731 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:19:28.146943 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Dec 17 18:19:28.251353 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Dec 17 18:19:28.366904 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Dec 17 18:19:28.439866 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Dec 17 18:19:28.589921 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Dec 17 18:19:28.728134 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Dec 17 18:19:28.811499 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Dec 17 18:19:28.951273 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 17 18:19:29.046509 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Dec 17 18:19:29.167306 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 18:19:29.279087 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Dec 17 18:19:29.427358 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 18:19:29.564276 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show working'. Dec 17 18:19:29.682342 osdx ubnt-cfgd[252368]: inactive Dec 17 18:19:29.751475 osdx INFO[252392]: FRR daemons did not change Dec 17 18:19:29.913154 osdx kernel: app-detect: module init Dec 17 18:19:29.913216 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 18:19:29.913231 osdx kernel: app-detect: expression init Dec 17 18:19:29.913243 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 18:19:29.913262 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 18:19:29.981125 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 18:19:30.042179 osdx WARNING[252493]: No supported link modes on interface eth0 Dec 17 18:19:30.043920 osdx modulelauncher[252493]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 18:19:30.043935 osdx modulelauncher[252493]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 18:19:30.045257 osdx modulelauncher[252493]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 18:19:30.045266 osdx modulelauncher[252493]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 18:19:30.337954 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:19:30.354509 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:19:30.378610 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:19:30.548266 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 18:19:30.798806 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Dec 17 18:19:30.977234 osdx file_operation[252643]: using src url: https://www.google.com dst url: running://index.html Dec 17 18:19:31.063865 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2937 PROTO=TCP SPT=443 DPT=44546 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.066100 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=2938 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.066161 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=2940 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.109924 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2941 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.110118 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=2942 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.110136 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=2943 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.116921 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2944 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.142820 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2945 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149017 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1122 TOS=0x00 PREC=0x00 TTL=113 ID=2946 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149171 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2947 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149240 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2948 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149361 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2949 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149482 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2950 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.150697 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2951 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.151018 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2952 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.152191 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2953 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.152283 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2954 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.153670 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2955 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.153780 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2956 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.155214 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2957 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.155301 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2958 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.156759 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2959 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.156796 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1121 TOS=0x00 PREC=0x00 TTL=113 ID=2960 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.181725 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Dec 17 18:19:31.193207 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2961 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:33 ssl-host:www.google.com]
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 130k 0 --:--:-- --:--:-- --:--:-- 135k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U6:34 http-host:10.215.168.1\]Show output
Dec 17 18:19:27.352721 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 18:19:27.353370 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 18:19:27.353413 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 18:19:27.363679 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system journal clear'. Dec 17 18:19:27.731083 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 18:19:28.062731 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:19:28.146943 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Dec 17 18:19:28.251353 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Dec 17 18:19:28.366904 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Dec 17 18:19:28.439866 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Dec 17 18:19:28.589921 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Dec 17 18:19:28.728134 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Dec 17 18:19:28.811499 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Dec 17 18:19:28.951273 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 17 18:19:29.046509 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Dec 17 18:19:29.167306 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 18:19:29.279087 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Dec 17 18:19:29.427358 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 18:19:29.564276 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show working'. Dec 17 18:19:29.682342 osdx ubnt-cfgd[252368]: inactive Dec 17 18:19:29.751475 osdx INFO[252392]: FRR daemons did not change Dec 17 18:19:29.913154 osdx kernel: app-detect: module init Dec 17 18:19:29.913216 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 18:19:29.913231 osdx kernel: app-detect: expression init Dec 17 18:19:29.913243 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 18:19:29.913262 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 18:19:29.981125 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 18:19:30.042179 osdx WARNING[252493]: No supported link modes on interface eth0 Dec 17 18:19:30.043920 osdx modulelauncher[252493]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 18:19:30.043935 osdx modulelauncher[252493]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 18:19:30.045257 osdx modulelauncher[252493]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 18:19:30.045266 osdx modulelauncher[252493]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 18:19:30.337954 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:19:30.354509 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:19:30.378610 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:19:30.548266 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 18:19:30.798806 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Dec 17 18:19:30.977234 osdx file_operation[252643]: using src url: https://www.google.com dst url: running://index.html Dec 17 18:19:31.063865 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2937 PROTO=TCP SPT=443 DPT=44546 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.066100 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=2938 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.066161 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=2940 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.109924 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=2941 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.110118 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=2942 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.110136 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=2943 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.116921 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2944 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.142820 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2945 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149017 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1122 TOS=0x00 PREC=0x00 TTL=113 ID=2946 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149171 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2947 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149240 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2948 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149361 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2949 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.149482 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2950 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.150697 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2951 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.151018 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2952 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.152191 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2953 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.152283 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2954 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.153670 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2955 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.153780 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2956 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.155214 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2957 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.155301 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2958 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.156759 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=2959 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.156796 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1121 TOS=0x00 PREC=0x00 TTL=113 ID=2960 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.181725 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Dec 17 18:19:31.193207 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2961 PROTO=TCP SPT=443 DPT=44546 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:33 ssl-host:www.google.com] Dec 17 18:19:31.316856 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 18:19:31.645579 osdx file_operation[252665]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 17 18:19:31.653082 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45771 DF PROTO=TCP SPT=80 DPT=40660 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Dec 17 18:19:31.653163 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1191 TOS=0x00 PREC=0x00 TTL=64 ID=45772 DF PROTO=TCP SPT=80 DPT=40660 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Dec 17 18:19:31.669385 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45773 DF PROTO=TCP SPT=80 DPT=40660 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:34 http-host:10.215.168.1] Dec 17 18:19:31.687994 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by a provider dictionary
Description
This example illustrates how to match all traffic in a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.426 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.426/0.426/0.426/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.36.4) 56(84) bytes of data. 64 bytes from ams15s44-in-f4.1e100.net (142.251.36.4): icmp_seq=1 ttl=107 time=39.9 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 39.897/39.897/39.897/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 9772k 0 --:--:-- --:--:-- --:--:-- 10.8M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18741 0 18741 0 0 108k 0 --:--:-- --:--:-- --:--:-- 108k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:6 ssl-host:www.google.com\]Show output
Dec 17 18:19:37.343475 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 18:19:37.345787 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 18:19:37.345854 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 18:19:37.353910 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system journal clear'. Dec 17 18:19:37.593470 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 18:19:37.852263 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:19:37.924102 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Dec 17 18:19:38.024263 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Dec 17 18:19:38.077985 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Dec 17 18:19:38.193546 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Dec 17 18:19:38.250562 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Dec 17 18:19:38.352544 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 18:19:38.432159 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Dec 17 18:19:38.580078 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 18:19:38.679465 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show working'. Dec 17 18:19:38.769980 osdx ubnt-cfgd[252942]: inactive Dec 17 18:19:38.822171 osdx INFO[252966]: FRR daemons did not change Dec 17 18:19:38.849792 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 18:19:38.899330 osdx WARNING[253034]: No supported link modes on interface eth0 Dec 17 18:19:38.901357 osdx modulelauncher[253034]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 18:19:38.901376 osdx modulelauncher[253034]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 18:19:38.903133 osdx modulelauncher[253034]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 18:19:38.903145 osdx modulelauncher[253034]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 18:19:39.032185 osdx bash[253130]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Dec 17 18:19:39.032361 osdx modulelauncher[253128]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Dec 17 18:19:39.032365 osdx modulelauncher[253128]: Dec 17 18:19:39.149433 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:19:39.162386 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:19:39.190972 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:19:39.350742 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 18:19:39.482579 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Dec 17 18:19:39.654772 osdx file_operation[253184]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Dec 17 18:19:39.686714 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Dec 17 18:19:39.818420 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:19:39.894090 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Dec 17 18:19:39.987255 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 17 18:19:40.051444 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Dec 17 18:19:40.172769 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show changes'. Dec 17 18:19:40.252751 osdx ubnt-cfgd[253201]: inactive Dec 17 18:19:40.277017 osdx INFO[253207]: FRR daemons did not change Dec 17 18:19:40.469828 osdx kernel: app-detect: module init Dec 17 18:19:40.469893 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 18:19:40.469907 osdx kernel: app-detect: expression init Dec 17 18:19:40.469919 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 18:19:40.469932 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 18:19:40.674116 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:19:40.676396 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:19:40.704030 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:19:40.967125 osdx file_operation[253262]: using src url: https://www.google.com dst url: running://index.html Dec 17 18:19:41.051936 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=12839 PROTO=TCP SPT=443 DPT=36378 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.057783 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=12840 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.057812 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=12841 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.057841 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=12842 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.088951 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=12843 PROTO=TCP SPT=443 DPT=36378 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.093781 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=12844 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.125794 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=12845 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129784 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1125 TOS=0x00 PREC=0x00 TTL=113 ID=12846 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129825 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12847 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129841 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12848 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129858 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12849 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129869 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12850 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129878 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12851 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129886 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12852 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133780 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12853 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133798 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12854 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133806 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12855 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133819 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12856 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.137791 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12857 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.137836 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12858 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.137849 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=2389 TOS=0x00 PREC=0x00 TTL=113 ID=12859 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.160537 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Dec 17 18:19:41.173784 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=12861 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.173830 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=12862 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com]
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1089 0 1089 0 0 171k 0 --:--:-- --:--:-- --:--:-- 177k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U128:30 http-host:10.215.168.1\]Show output
Dec 17 18:19:37.343475 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 18:19:37.345787 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 18:19:37.345854 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 18:19:37.353910 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system journal clear'. Dec 17 18:19:37.593470 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 18:19:37.852263 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:19:37.924102 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Dec 17 18:19:38.024263 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Dec 17 18:19:38.077985 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Dec 17 18:19:38.193546 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Dec 17 18:19:38.250562 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Dec 17 18:19:38.352544 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 18:19:38.432159 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Dec 17 18:19:38.580078 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 18:19:38.679465 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show working'. Dec 17 18:19:38.769980 osdx ubnt-cfgd[252942]: inactive Dec 17 18:19:38.822171 osdx INFO[252966]: FRR daemons did not change Dec 17 18:19:38.849792 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 18:19:38.899330 osdx WARNING[253034]: No supported link modes on interface eth0 Dec 17 18:19:38.901357 osdx modulelauncher[253034]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 18:19:38.901376 osdx modulelauncher[253034]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 18:19:38.903133 osdx modulelauncher[253034]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 18:19:38.903145 osdx modulelauncher[253034]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 18:19:39.032185 osdx bash[253130]: sysctl: cannot stat /proc/sys/net/appdetect/appid_storage_mode: No such file or directory Dec 17 18:19:39.032361 osdx modulelauncher[253128]: osdx.utils.xos cmd error: sysctl net.appdetect.appid_storage_mode Dec 17 18:19:39.032365 osdx modulelauncher[253128]: Dec 17 18:19:39.149433 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:19:39.162386 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:19:39.190972 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:19:39.350742 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 18:19:39.482579 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Dec 17 18:19:39.654772 osdx file_operation[253184]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Dec 17 18:19:39.686714 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Dec 17 18:19:39.818420 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:19:39.894090 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Dec 17 18:19:39.987255 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 17 18:19:40.051444 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Dec 17 18:19:40.172769 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show changes'. Dec 17 18:19:40.252751 osdx ubnt-cfgd[253201]: inactive Dec 17 18:19:40.277017 osdx INFO[253207]: FRR daemons did not change Dec 17 18:19:40.469828 osdx kernel: app-detect: module init Dec 17 18:19:40.469893 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 18:19:40.469907 osdx kernel: app-detect: expression init Dec 17 18:19:40.469919 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 18:19:40.469932 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 18:19:40.674116 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:19:40.676396 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:19:40.704030 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:19:40.967125 osdx file_operation[253262]: using src url: https://www.google.com dst url: running://index.html Dec 17 18:19:41.051936 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=12839 PROTO=TCP SPT=443 DPT=36378 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.057783 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=12840 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.057812 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=12841 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.057841 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=112 ID=12842 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.088951 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=12843 PROTO=TCP SPT=443 DPT=36378 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.093781 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=12844 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.125794 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=12845 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129784 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1125 TOS=0x00 PREC=0x00 TTL=113 ID=12846 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129825 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12847 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129841 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12848 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129858 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12849 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129869 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12850 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129878 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12851 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.129886 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12852 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133780 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12853 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133798 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12854 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133806 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12855 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.133819 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12856 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.137791 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12857 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.137836 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=12858 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.137849 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=2389 TOS=0x00 PREC=0x00 TTL=113 ID=12859 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.160537 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Dec 17 18:19:41.173784 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=12861 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.173830 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=142.251.36.4 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=12862 PROTO=TCP SPT=443 DPT=36378 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:6 ssl-host:www.google.com] Dec 17 18:19:41.288643 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 18:19:41.507479 osdx file_operation[253284]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 17 18:19:41.517802 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37787 DF PROTO=TCP SPT=80 DPT=39804 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Dec 17 18:19:41.517855 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1308 TOS=0x00 PREC=0x00 TTL=64 ID=37788 DF PROTO=TCP SPT=80 DPT=39804 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Dec 17 18:19:41.517866 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37789 DF PROTO=TCP SPT=80 DPT=39804 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:30 http-host:10.215.168.1] Dec 17 18:19:41.537651 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a provider dictionary
Description
This example illustrates how to drop all traffic that does not belong to a provider dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.203 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.203/0.203/0.203/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.193.50) 56(84) bytes of data. 64 bytes from 199.232.193.50 (199.232.193.50): icmp_seq=1 ttl=51 time=4.47 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.465/4.465/4.465/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 9.7M 0 --:--:-- --:--:-- --:--:-- 10.8M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Dec 17 18:20:34.000569 osdx systemd-timedated[254085]: Changed local time to Wed 2025-12-17 18:20:34 UTC Dec 17 18:20:34.002679 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'set date 2025-12-17 18:20:34'. Dec 17 18:20:34.003990 osdx systemd-journald[123332]: Time jumped backwards, rotating. Dec 17 18:20:34.337062 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 18:20:34.339871 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 18:20:34.339972 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 18:20:34.355947 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system journal clear'. Dec 17 18:20:34.669660 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 18:20:34.986612 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:20:35.074478 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 18:20:35.164020 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Dec 17 18:20:35.270773 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 18:20:35.354607 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show working'. Dec 17 18:20:35.478597 osdx ubnt-cfgd[254114]: inactive Dec 17 18:20:35.500650 osdx INFO[254120]: FRR daemons did not change Dec 17 18:20:35.527836 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 18:20:35.579587 osdx WARNING[254188]: No supported link modes on interface eth0 Dec 17 18:20:35.581324 osdx modulelauncher[254188]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 18:20:35.581341 osdx modulelauncher[254188]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 18:20:35.582760 osdx modulelauncher[254188]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 18:20:35.582771 osdx modulelauncher[254188]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 18:20:35.666698 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:20:35.679268 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:20:35.695654 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:20:35.856977 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 18:20:36.033236 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Dec 17 18:20:36.199149 osdx file_operation[254315]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Dec 17 18:20:36.230893 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Dec 17 18:20:36.384173 osdx OSDxCLI[142114]: User 'admin' entered the configuration menu. Dec 17 18:20:36.471416 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Dec 17 18:20:36.582722 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Dec 17 18:20:36.675886 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Dec 17 18:20:36.734145 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Dec 17 18:20:36.849042 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Dec 17 18:20:36.916534 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Dec 17 18:20:37.009856 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Dec 17 18:20:37.076481 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Dec 17 18:20:37.171335 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 17 18:20:37.235398 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Dec 17 18:20:37.349162 osdx OSDxCLI[142114]: User 'admin' added a new cfg line: 'show changes'. Dec 17 18:20:37.414509 osdx ubnt-cfgd[254339]: inactive Dec 17 18:20:37.462871 osdx INFO[254363]: FRR daemons did not change Dec 17 18:20:37.611841 osdx kernel: app-detect: module init Dec 17 18:20:37.611918 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 18:20:37.611929 osdx kernel: app-detect: expression init Dec 17 18:20:37.611937 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 18:20:37.611946 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 18:20:38.007164 osdx cfgd[1460]: [142114]Completed change to active configuration Dec 17 18:20:38.009574 osdx OSDxCLI[142114]: User 'admin' committed the configuration. Dec 17 18:20:38.037178 osdx OSDxCLI[142114]: User 'admin' left the configuration menu. Dec 17 18:20:38.246584 osdx file_operation[254441]: using src url: https://www.marca.com dst url: running://index.html Dec 17 18:20:38.283832 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=36640 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.287833 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=36641 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.287860 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=36642 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.287879 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=36643 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.287893 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=51 ID=36644 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.322022 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1105 TOS=0x00 PREC=0x00 TTL=51 ID=36645 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.491177 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=36646 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.548599 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=36647 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.711212 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=36648 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:38.988193 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=36649 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:39.163351 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=36650 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:39.868152 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=51 ID=36651 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:40.059216 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=36652 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:41.658906 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=1368 TOS=0x00 PREC=0x00 TTL=50 ID=36653 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:41.818908 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=36654 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:43.225336 osdx file_operation.py[254441]: Operation aborted by user. Dec 17 18:20:43.243819 osdx OSDxCLI[142114]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Dec 17 18:20:43.247831 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=36655 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Dec 17 18:20:43.247883 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:0f:f7:ef:3d:38:08:00 SRC=199.232.193.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=36656 DF PROTO=TCP SPT=443 DPT=59238 WINDOW=260 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]