Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.354 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.354/0.354/0.354/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.279 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.279/0.279/0.279/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Dec 11 15:44:08.305031 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:08.308999 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:08.309063 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:08.314822 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:08.539184 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:08.829135 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:08.937994 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:09.045740 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Dec 11 15:44:09.114424 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:09.270994 osdx ubnt-cfgd[188670]: inactive Dec 11 15:44:09.295837 osdx INFO[188676]: FRR daemons did not change Dec 11 15:44:09.337000 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:09.386864 osdx WARNING[188748]: No supported link modes on interface eth0 Dec 11 15:44:09.388611 osdx modulelauncher[188748]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:09.388626 osdx modulelauncher[188748]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:09.390045 osdx modulelauncher[188748]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:09.390055 osdx modulelauncher[188748]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:09.445451 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:09.449245 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 11 15:44:09.450184 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:09.451922 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:09.454479 osdx ulogd[188773]: registering plugin `NFCT' Dec 11 15:44:09.455641 osdx ulogd[188773]: registering plugin `IP2STR' Dec 11 15:44:09.455736 osdx ulogd[188773]: registering plugin `PRINTFLOW' Dec 11 15:44:09.457115 osdx ulogd[188773]: registering plugin `SYSLOG' Dec 11 15:44:09.457125 osdx ulogd[188773]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:09.457192 osdx ulogd[188773]: NFCT plugin working in event mode Dec 11 15:44:09.457201 osdx ulogd[188773]: Changing UID / GID Dec 11 15:44:09.457307 osdx ulogd[188773]: initialization finished, entering main loop Dec 11 15:44:09.469305 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:09.498023 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:10.536252 osdx ulogd[188773]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:10.629917 osdx ulogd[188773]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.407 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.407/0.407/0.407/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.282 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.282/0.282/0.282/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Dec 11 15:44:15.296861 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:15.298216 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:15.298270 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:15.305983 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:15.511872 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:15.750083 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:15.878743 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:15.952906 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Dec 11 15:44:16.028845 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:16.128221 osdx ubnt-cfgd[188969]: inactive Dec 11 15:44:16.146932 osdx INFO[188975]: FRR daemons did not change Dec 11 15:44:16.182224 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:16.226973 osdx WARNING[189047]: No supported link modes on interface eth0 Dec 11 15:44:16.228351 osdx modulelauncher[189047]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:16.228365 osdx modulelauncher[189047]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:16.229472 osdx modulelauncher[189047]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:16.229481 osdx modulelauncher[189047]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:16.274562 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:16.275338 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:16.275479 osdx ulogd[189072]: registering plugin `NFCT' Dec 11 15:44:16.275649 osdx ulogd[189072]: registering plugin `IP2STR' Dec 11 15:44:16.275717 osdx ulogd[189072]: registering plugin `PRINTFLOW' Dec 11 15:44:16.275761 osdx ulogd[189072]: registering plugin `SYSLOG' Dec 11 15:44:16.275764 osdx ulogd[189072]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:16.275803 osdx ulogd[189072]: NFCT plugin working in event mode Dec 11 15:44:16.275813 osdx ulogd[189072]: Changing UID / GID Dec 11 15:44:16.275875 osdx ulogd[189072]: initialization finished, entering main loop Dec 11 15:44:16.276452 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:16.287638 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:16.302643 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:17.195089 osdx ulogd[189072]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:17.327049 osdx ulogd[189072]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.589 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.589/0.589/0.589/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.227 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.245 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.251 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2034ms rtt min/avg/max/mdev = 0.227/0.241/0.251/0.010 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Dec 11 15:44:22.303119 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:22.305981 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:22.306081 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:22.316993 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:22.549462 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:22.770856 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:22.865651 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:22.955172 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Dec 11 15:44:23.062329 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 11 15:44:23.155676 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set service ssh'. Dec 11 15:44:23.267686 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:23.338131 osdx ubnt-cfgd[189270]: inactive Dec 11 15:44:23.442823 osdx INFO[189289]: FRR daemons did not change Dec 11 15:44:23.489834 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:23.542981 osdx WARNING[189363]: No supported link modes on interface eth0 Dec 11 15:44:23.544406 osdx modulelauncher[189363]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:23.544421 osdx modulelauncher[189363]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:23.545569 osdx modulelauncher[189363]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:23.545578 osdx modulelauncher[189363]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:23.586164 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:23.586904 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:23.587090 osdx ulogd[189388]: registering plugin `NFCT' Dec 11 15:44:23.587316 osdx ulogd[189388]: registering plugin `IP2STR' Dec 11 15:44:23.587400 osdx ulogd[189388]: registering plugin `PRINTFLOW' Dec 11 15:44:23.587489 osdx ulogd[189388]: registering plugin `SYSLOG' Dec 11 15:44:23.587521 osdx ulogd[189388]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:23.587610 osdx ulogd[189388]: NFCT plugin working in event mode Dec 11 15:44:23.587649 osdx ulogd[189388]: Changing UID / GID Dec 11 15:44:23.587754 osdx ulogd[189388]: initialization finished, entering main loop Dec 11 15:44:23.650166 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 11 15:44:23.661778 osdx sshd[189403]: Server listening on 0.0.0.0 port 22. Dec 11 15:44:23.661803 osdx sshd[189403]: Server listening on :: port 22. Dec 11 15:44:23.661907 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 11 15:44:23.662845 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:23.677470 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:23.706578 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:25.701741 osdx ulogd[189388]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 11 15:44:26.725717 osdx ulogd[189388]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.766 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.766/0.766/0.766/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.329 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.329/0.329/0.329/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 11 15:44:34.291915 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:34.295156 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:34.295241 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:34.302057 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:34.533625 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:34.765668 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:34.910552 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:34.996672 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:44:35.086667 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:35.167423 osdx ubnt-cfgd[189616]: inactive Dec 11 15:44:35.186229 osdx INFO[189622]: FRR daemons did not change Dec 11 15:44:35.227157 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:35.281151 osdx WARNING[189694]: No supported link modes on interface eth0 Dec 11 15:44:35.282623 osdx modulelauncher[189694]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:35.282637 osdx modulelauncher[189694]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:35.284181 osdx modulelauncher[189694]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:35.284194 osdx modulelauncher[189694]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:35.327445 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:35.328187 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:35.328368 osdx ulogd[189719]: registering plugin `NFCT' Dec 11 15:44:35.328570 osdx ulogd[189719]: registering plugin `IP2STR' Dec 11 15:44:35.328660 osdx ulogd[189719]: registering plugin `PRINTFLOW' Dec 11 15:44:35.328712 osdx ulogd[189719]: registering plugin `SYSLOG' Dec 11 15:44:35.328757 osdx ulogd[189719]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:35.328809 osdx ulogd[189719]: NFCT plugin working in event mode Dec 11 15:44:35.328819 osdx ulogd[189719]: Changing UID / GID Dec 11 15:44:35.328910 osdx ulogd[189719]: initialization finished, entering main loop Dec 11 15:44:35.329566 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:35.344539 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:35.376545 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:36.423175 osdx ulogd[189719]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:36.423199 osdx ulogd[189719]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:36.520342 osdx ulogd[189719]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:36.520367 osdx ulogd[189719]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.415 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.415/0.415/0.415/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.273 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.273/0.273/0.273/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 11 15:44:41.362286 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:41.363333 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:41.363413 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:41.373041 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:41.600054 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:41.848267 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:41.978981 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:42.031037 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:44:42.141489 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Dec 11 15:44:42.227359 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:42.324364 osdx ubnt-cfgd[189918]: inactive Dec 11 15:44:42.345087 osdx INFO[189924]: FRR daemons did not change Dec 11 15:44:42.383330 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:42.427301 osdx WARNING[189996]: No supported link modes on interface eth0 Dec 11 15:44:42.428958 osdx modulelauncher[189996]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:42.428973 osdx modulelauncher[189996]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:42.430388 osdx modulelauncher[189996]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:42.430397 osdx modulelauncher[189996]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:42.483758 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:42.484452 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:42.484577 osdx ulogd[190021]: registering plugin `NFCT' Dec 11 15:44:42.484756 osdx ulogd[190021]: registering plugin `IP2STR' Dec 11 15:44:42.484796 osdx ulogd[190021]: registering plugin `PRINTFLOW' Dec 11 15:44:42.484837 osdx ulogd[190021]: registering plugin `SYSLOG' Dec 11 15:44:42.484843 osdx ulogd[190021]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:42.484888 osdx ulogd[190021]: NFCT plugin working in event mode Dec 11 15:44:42.484897 osdx OSDx_DUT0[190021]: Changing UID / GID Dec 11 15:44:42.484965 osdx OSDx_DUT0[190021]: initialization finished, entering main loop Dec 11 15:44:42.485513 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:42.496851 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:42.512074 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:43.372463 osdx OSDx_DUT0[190021]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:43.372487 osdx OSDx_DUT0[190021]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:43.448254 osdx OSDx_DUT0[190021]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:43.448273 osdx OSDx_DUT0[190021]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.421 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.421/0.421/0.421/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 11 15:44:41.362286 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:41.363333 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:41.363413 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:41.373041 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:41.600054 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:41.848267 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:41.978981 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:42.031037 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:44:42.141489 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Dec 11 15:44:42.227359 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:42.324364 osdx ubnt-cfgd[189918]: inactive Dec 11 15:44:42.345087 osdx INFO[189924]: FRR daemons did not change Dec 11 15:44:42.383330 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:42.427301 osdx WARNING[189996]: No supported link modes on interface eth0 Dec 11 15:44:42.428958 osdx modulelauncher[189996]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:42.428973 osdx modulelauncher[189996]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:42.430388 osdx modulelauncher[189996]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:42.430397 osdx modulelauncher[189996]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:42.483758 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:42.484452 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:42.484577 osdx ulogd[190021]: registering plugin `NFCT' Dec 11 15:44:42.484756 osdx ulogd[190021]: registering plugin `IP2STR' Dec 11 15:44:42.484796 osdx ulogd[190021]: registering plugin `PRINTFLOW' Dec 11 15:44:42.484837 osdx ulogd[190021]: registering plugin `SYSLOG' Dec 11 15:44:42.484843 osdx ulogd[190021]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:42.484888 osdx ulogd[190021]: NFCT plugin working in event mode Dec 11 15:44:42.484897 osdx OSDx_DUT0[190021]: Changing UID / GID Dec 11 15:44:42.484965 osdx OSDx_DUT0[190021]: initialization finished, entering main loop Dec 11 15:44:42.485513 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:42.496851 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:42.512074 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:43.372463 osdx OSDx_DUT0[190021]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:43.372487 osdx OSDx_DUT0[190021]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:43.448254 osdx OSDx_DUT0[190021]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:43.448273 osdx OSDx_DUT0[190021]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:43.581378 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal show | cat'. Dec 11 15:44:43.724824 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:43.780647 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Dec 11 15:44:43.880457 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show changes'. Dec 11 15:44:43.937655 osdx ubnt-cfgd[190057]: inactive Dec 11 15:44:43.955171 osdx INFO[190063]: FRR daemons did not change Dec 11 15:44:43.965629 osdx OSDx_DUT0[190021]: Terminal signal received, exiting Dec 11 15:44:43.965752 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:43.966115 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 11 15:44:43.966226 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:43.983684 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:43.984559 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:43.984715 osdx ulogd[190071]: registering plugin `NFCT' Dec 11 15:44:43.984996 osdx ulogd[190071]: registering plugin `IP2STR' Dec 11 15:44:43.985058 osdx ulogd[190071]: registering plugin `PRINTFLOW' Dec 11 15:44:43.985133 osdx ulogd[190071]: registering plugin `SYSLOG' Dec 11 15:44:43.985192 osdx ulogd[190071]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:43.985255 osdx ulogd[190071]: NFCT plugin working in event mode Dec 11 15:44:43.985302 osdx ulogd[190071]: Changing UID / GID Dec 11 15:44:43.985404 osdx ulogd[190071]: initialization finished, entering main loop Dec 11 15:44:43.985992 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:43.987931 osdx ulogd[190071]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 11 15:44:43.987956 osdx ulogd[190071]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 11 15:44:43.988653 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:44.005927 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:44.146757 osdx ulogd[190071]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:44.146776 osdx ulogd[190071]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.531 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.531/0.531/0.531/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.465 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.319 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.319/0.392/0.465/0.073 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Dec 11 15:44:48.343208 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:48.343980 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:48.344035 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:48.355046 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:48.585311 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:48.838012 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:48.943015 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Dec 11 15:44:49.041653 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic label TEST'. Dec 11 15:44:49.169388 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Dec 11 15:44:49.236928 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Dec 11 15:44:49.349992 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:49.421755 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:44:49.562504 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:49.644153 osdx ubnt-cfgd[190247]: inactive Dec 11 15:44:49.679376 osdx INFO[190261]: FRR daemons did not change Dec 11 15:44:49.711972 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:49.755194 osdx WARNING[190333]: No supported link modes on interface eth0 Dec 11 15:44:49.756537 osdx modulelauncher[190333]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:49.756550 osdx modulelauncher[190333]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:49.757758 osdx modulelauncher[190333]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:49.757768 osdx modulelauncher[190333]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:49.796276 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:49.797125 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:49.797237 osdx ulogd[190358]: registering plugin `NFCT' Dec 11 15:44:49.797422 osdx ulogd[190358]: registering plugin `IP2STR' Dec 11 15:44:49.797464 osdx ulogd[190358]: registering plugin `PRINTFLOW' Dec 11 15:44:49.797504 osdx ulogd[190358]: registering plugin `SYSLOG' Dec 11 15:44:49.797538 osdx ulogd[190358]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:49.797581 osdx ulogd[190358]: NFCT plugin working in event mode Dec 11 15:44:49.797613 osdx ulogd[190358]: Changing UID / GID Dec 11 15:44:49.797696 osdx ulogd[190358]: initialization finished, entering main loop Dec 11 15:44:49.809985 osdx ulogd[190358]: Terminal signal received, exiting Dec 11 15:44:49.810108 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:49.810390 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 11 15:44:49.810510 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:49.811711 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:49.812476 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:49.812597 osdx ulogd[190364]: registering plugin `NFCT' Dec 11 15:44:49.812637 osdx ulogd[190364]: registering plugin `IP2STR' Dec 11 15:44:49.812843 osdx ulogd[190364]: registering plugin `PRINTFLOW' Dec 11 15:44:49.812892 osdx ulogd[190364]: registering plugin `SYSLOG' Dec 11 15:44:49.812921 osdx ulogd[190364]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:49.812969 osdx ulogd[190364]: NFCT plugin working in event mode Dec 11 15:44:49.812977 osdx ulogd[190364]: Changing UID / GID Dec 11 15:44:49.813040 osdx ulogd[190364]: initialization finished, entering main loop Dec 11 15:44:50.010900 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:50.022539 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:50.039336 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:50.947677 osdx ulogd[190364]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Dec 11 15:44:50.947699 osdx ulogd[190364]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Dec 11 15:44:51.030770 osdx ulogd[190364]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Dec 11 15:44:51.030790 osdx ulogd[190364]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.368 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.368/0.368/0.368/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.256 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.256/0.256/0.256/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Dec 11 15:44:56.375024 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:44:56.377202 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:44:56.377262 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:44:56.386548 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:44:56.592478 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:44:56.903554 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:44:57.004147 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Dec 11 15:44:57.087392 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Dec 11 15:44:57.175582 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system vrf RED'. Dec 11 15:44:57.230800 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:44:57.323436 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:44:57.386164 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:44:57.482235 osdx ubnt-cfgd[190609]: inactive Dec 11 15:44:57.501285 osdx INFO[190615]: FRR daemons did not change Dec 11 15:44:57.511642 osdx (udev-worker)[190626]: RED: Could not disable auto negotiation, ignoring: Operation not supported Dec 11 15:44:57.511667 osdx (udev-worker)[190626]: Network interface NamePolicy= disabled on kernel command line. Dec 11 15:44:57.545204 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:57.588802 osdx WARNING[190706]: No supported link modes on interface eth0 Dec 11 15:44:57.590133 osdx modulelauncher[190706]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:44:57.590145 osdx modulelauncher[190706]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:44:57.591272 osdx modulelauncher[190706]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:44:57.591281 osdx modulelauncher[190706]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:44:57.605226 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:44:57.697484 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:44:57.698295 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:44:57.698430 osdx ulogd[190792]: registering plugin `NFCT' Dec 11 15:44:57.698652 osdx ulogd[190792]: registering plugin `IP2STR' Dec 11 15:44:57.698704 osdx ulogd[190792]: registering plugin `PRINTFLOW' Dec 11 15:44:57.698759 osdx ulogd[190792]: registering plugin `SYSLOG' Dec 11 15:44:57.698765 osdx ulogd[190792]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:44:57.698815 osdx ulogd[190792]: NFCT plugin working in event mode Dec 11 15:44:57.698866 osdx ulogd[190792]: Changing UID / GID Dec 11 15:44:57.698949 osdx ulogd[190792]: initialization finished, entering main loop Dec 11 15:44:57.699521 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:44:57.712950 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:44:57.756404 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:44:58.631324 osdx ulogd[190792]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:58.631345 osdx ulogd[190792]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:58.718373 osdx ulogd[190792]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:44:58.718399 osdx ulogd[190792]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.183 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.183/0.183/0.183/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 28159 0 --:--:-- --:--:-- --:--:-- 32250
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.447 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.447/0.447/0.447/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.347 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.347/0.347/0.347/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Dec 11 15:45:03.308417 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:03.311303 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:03.311391 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:03.318849 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:03.535429 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:03.781322 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:03.869783 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 11 15:45:03.956614 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:04.048119 osdx ubnt-cfgd[191075]: inactive Dec 11 15:45:04.069037 osdx INFO[191081]: FRR daemons did not change Dec 11 15:45:04.099328 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 11 15:45:04.144415 osdx WARNING[191150]: No supported link modes on interface eth1 Dec 11 15:45:04.146162 osdx modulelauncher[191150]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 11 15:45:04.146176 osdx modulelauncher[191150]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 11 15:45:04.147772 osdx modulelauncher[191150]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:04.147781 osdx modulelauncher[191150]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:04.160775 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:04.175640 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:04.192115 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:04.394724 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 11 15:45:04.540644 osdx file_operation[191206]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Dec 11 15:45:04.565129 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Dec 11 15:45:04.705773 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:04.772415 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Dec 11 15:45:04.871499 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Dec 11 15:45:04.925641 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Dec 11 15:45:05.025070 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Dec 11 15:45:05.116245 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Dec 11 15:45:05.176611 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Dec 11 15:45:05.270488 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Dec 11 15:45:05.339610 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Dec 11 15:45:05.458574 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Dec 11 15:45:05.573141 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:45:05.637213 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:45:05.746675 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:05.840714 osdx ubnt-cfgd[191241]: inactive Dec 11 15:45:05.883423 osdx INFO[191258]: FRR daemons did not change Dec 11 15:45:05.923300 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:45:05.972924 osdx WARNING[191330]: No supported link modes on interface eth0 Dec 11 15:45:05.974315 osdx modulelauncher[191330]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:45:05.974335 osdx modulelauncher[191330]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:45:05.975493 osdx modulelauncher[191330]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:05.975502 osdx modulelauncher[191330]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:06.039619 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:06.040546 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:06.040741 osdx ulogd[191355]: registering plugin `NFCT' Dec 11 15:45:06.040971 osdx ulogd[191355]: registering plugin `IP2STR' Dec 11 15:45:06.041023 osdx ulogd[191355]: registering plugin `PRINTFLOW' Dec 11 15:45:06.041079 osdx ulogd[191355]: registering plugin `SYSLOG' Dec 11 15:45:06.041086 osdx ulogd[191355]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:06.041137 osdx ulogd[191355]: NFCT plugin working in event mode Dec 11 15:45:06.041189 osdx ulogd[191355]: Changing UID / GID Dec 11 15:45:06.041278 osdx ulogd[191355]: initialization finished, entering main loop Dec 11 15:45:06.330579 osdx ulogd[191355]: Terminal signal received, exiting Dec 11 15:45:06.330656 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:06.330887 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 11 15:45:06.330979 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:06.347604 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:06.348364 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:06.348590 osdx ulogd[191383]: registering plugin `NFCT' Dec 11 15:45:06.348839 osdx ulogd[191383]: registering plugin `IP2STR' Dec 11 15:45:06.348925 osdx ulogd[191383]: registering plugin `PRINTFLOW' Dec 11 15:45:06.349014 osdx ulogd[191383]: registering plugin `SYSLOG' Dec 11 15:45:06.349050 osdx ulogd[191383]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:06.349139 osdx ulogd[191383]: NFCT plugin working in event mode Dec 11 15:45:06.349176 osdx ulogd[191383]: Changing UID / GID Dec 11 15:45:06.349285 osdx ulogd[191383]: initialization finished, entering main loop Dec 11 15:45:06.390163 osdx systemd[1]: Reloading. Dec 11 15:45:06.443306 osdx systemd-sysv-generator[191405]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Dec 11 15:45:06.575637 osdx systemd[1]: Starting logrotate.service - Rotate log files... Dec 11 15:45:06.580184 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Dec 11 15:45:06.581075 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Dec 11 15:45:06.607499 osdx systemd[1]: logrotate.service: Deactivated successfully. Dec 11 15:45:06.607646 osdx systemd[1]: Finished logrotate.service - Rotate log files. Dec 11 15:45:06.848291 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Dec 11 15:45:07.320093 osdx INFO[191385]: Rules successfully loaded Dec 11 15:45:07.321208 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:07.352635 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:07.374863 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:08.194011 osdx ulogd[191383]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 11 15:45:08.194037 osdx ulogd[191383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 11 15:45:08.289590 osdx ulogd[191383]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 11 15:45:08.289609 osdx ulogd[191383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.344 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.344/0.344/0.344/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.370 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.370/0.370/0.370/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.8.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Dec 11 15:43:42 2025 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Dec 11 15:45:15.285466 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:15.286370 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:15.286419 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:15.298755 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:15.528736 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:15.802149 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:15.894664 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Dec 11 15:45:15.979584 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:45:16.101464 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:45:16.176302 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:16.260753 osdx ubnt-cfgd[191721]: inactive Dec 11 15:45:16.285570 osdx INFO[191727]: FRR daemons did not change Dec 11 15:45:16.326359 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 11 15:45:16.370159 osdx WARNING[191799]: No supported link modes on interface eth1 Dec 11 15:45:16.371614 osdx modulelauncher[191799]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 11 15:45:16.371631 osdx modulelauncher[191799]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 11 15:45:16.373218 osdx modulelauncher[191799]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:16.373228 osdx modulelauncher[191799]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:16.410425 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:45:16.460632 osdx WARNING[191879]: No supported link modes on interface eth0 Dec 11 15:45:16.462751 osdx modulelauncher[191879]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:45:16.462775 osdx modulelauncher[191879]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:45:16.464703 osdx modulelauncher[191879]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:16.464714 osdx modulelauncher[191879]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:16.526729 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:16.527454 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:16.527652 osdx ulogd[191905]: registering plugin `NFCT' Dec 11 15:45:16.527713 osdx ulogd[191905]: registering plugin `IP2STR' Dec 11 15:45:16.527764 osdx ulogd[191905]: registering plugin `PRINTFLOW' Dec 11 15:45:16.528297 osdx ulogd[191905]: registering plugin `SYSLOG' Dec 11 15:45:16.528304 osdx ulogd[191905]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:16.528357 osdx ulogd[191905]: NFCT plugin working in event mode Dec 11 15:45:16.528366 osdx ulogd[191905]: Changing UID / GID Dec 11 15:45:16.528452 osdx ulogd[191905]: initialization finished, entering main loop Dec 11 15:45:16.528755 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:16.540598 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:16.587166 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:18.552559 osdx ulogd[191905]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:45:18.552578 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:45:18.629068 osdx ulogd[191905]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:45:18.629090 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:45:18.707264 osdx ulogd[191905]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38380 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38380 PKTS=0 BYTES=0 Dec 11 15:45:18.707438 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38380 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38380 PKTS=0 BYTES=0 Dec 11 15:45:18.707602 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38380 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38380 PKTS=0 BYTES=0 [OFFLOAD] Dec 11 15:45:19.005632 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38380 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38380 PKTS=0 BYTES=0 Dec 11 15:45:19.005656 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38380 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38380 PKTS=0 BYTES=0 [OFFLOAD] Dec 11 15:45:19.007661 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38380 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38380 PKTS=0 BYTES=0 Dec 11 15:45:19.007793 osdx ulogd[191905]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38380 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38380 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.405 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.405/0.405/0.405/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.339 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.310 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.279 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2036ms rtt min/avg/max/mdev = 0.279/0.309/0.339/0.024 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Dec 11 15:45:24.338560 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:24.341497 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:24.341566 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:24.349668 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:24.574244 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:24.852580 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:24.920564 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 11 15:45:25.016084 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 11 15:45:25.093460 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:45:25.161944 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:45:25.276548 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:25.335942 osdx ubnt-cfgd[192136]: inactive Dec 11 15:45:25.353673 osdx INFO[192142]: FRR daemons did not change Dec 11 15:45:25.561470 osdx kernel: nfUDPlink: module init Dec 11 15:45:25.561528 osdx kernel: app-detect: module init Dec 11 15:45:25.561545 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 11 15:45:25.561561 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Dec 11 15:45:25.561572 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Dec 11 15:45:25.561580 osdx kernel: app-detect: expression init Dec 11 15:45:25.561594 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 11 15:45:25.561604 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 11 15:45:25.567422 osdx modulelauncher[192145]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 11 15:45:25.569846 osdx INFO[192170]: Stopping Traffic Categorization (TCATD) service ... Dec 11 15:45:25.613472 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:45:25.655924 osdx WARNING[192245]: No supported link modes on interface eth0 Dec 11 15:45:25.657475 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:45:25.657493 osdx modulelauncher[192245]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:45:25.658737 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:25.658750 osdx modulelauncher[192245]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:25.713758 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:25.714500 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:25.714696 osdx ulogd[192270]: registering plugin `NFCT' Dec 11 15:45:25.714923 osdx ulogd[192270]: registering plugin `IP2STR' Dec 11 15:45:25.714976 osdx ulogd[192270]: registering plugin `PRINTFLOW' Dec 11 15:45:25.715030 osdx ulogd[192270]: registering plugin `SYSLOG' Dec 11 15:45:25.715036 osdx ulogd[192270]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:25.715091 osdx ulogd[192270]: NFCT plugin working in event mode Dec 11 15:45:25.715140 osdx ulogd[192270]: Changing UID / GID Dec 11 15:45:25.715229 osdx ulogd[192270]: initialization finished, entering main loop Dec 11 15:45:25.715701 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:25.728160 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:25.784976 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:26.682315 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.682339 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765408 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765429 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777363 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:27.777391 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777403 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801323 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:28.801346 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801357 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Dec 11 15:45:24.338560 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:24.341497 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:24.341566 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:24.349668 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:24.574244 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:24.852580 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:24.920564 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 11 15:45:25.016084 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 11 15:45:25.093460 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:45:25.161944 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:45:25.276548 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:25.335942 osdx ubnt-cfgd[192136]: inactive Dec 11 15:45:25.353673 osdx INFO[192142]: FRR daemons did not change Dec 11 15:45:25.561470 osdx kernel: nfUDPlink: module init Dec 11 15:45:25.561528 osdx kernel: app-detect: module init Dec 11 15:45:25.561545 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 11 15:45:25.561561 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Dec 11 15:45:25.561572 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Dec 11 15:45:25.561580 osdx kernel: app-detect: expression init Dec 11 15:45:25.561594 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 11 15:45:25.561604 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 11 15:45:25.567422 osdx modulelauncher[192145]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 11 15:45:25.569846 osdx INFO[192170]: Stopping Traffic Categorization (TCATD) service ... Dec 11 15:45:25.613472 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:45:25.655924 osdx WARNING[192245]: No supported link modes on interface eth0 Dec 11 15:45:25.657475 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:45:25.657493 osdx modulelauncher[192245]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:45:25.658737 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:25.658750 osdx modulelauncher[192245]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:25.713758 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:25.714500 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:25.714696 osdx ulogd[192270]: registering plugin `NFCT' Dec 11 15:45:25.714923 osdx ulogd[192270]: registering plugin `IP2STR' Dec 11 15:45:25.714976 osdx ulogd[192270]: registering plugin `PRINTFLOW' Dec 11 15:45:25.715030 osdx ulogd[192270]: registering plugin `SYSLOG' Dec 11 15:45:25.715036 osdx ulogd[192270]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:25.715091 osdx ulogd[192270]: NFCT plugin working in event mode Dec 11 15:45:25.715140 osdx ulogd[192270]: Changing UID / GID Dec 11 15:45:25.715229 osdx ulogd[192270]: initialization finished, entering main loop Dec 11 15:45:25.715701 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:25.728160 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:25.784976 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:26.682315 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.682339 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765408 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765429 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777363 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:27.777391 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777403 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801323 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:28.801346 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801357 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.919289 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Dec 11 15:45:24.338560 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:24.341497 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:24.341566 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:24.349668 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:24.574244 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:24.852580 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:24.920564 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 11 15:45:25.016084 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 11 15:45:25.093460 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:45:25.161944 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:45:25.276548 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:25.335942 osdx ubnt-cfgd[192136]: inactive Dec 11 15:45:25.353673 osdx INFO[192142]: FRR daemons did not change Dec 11 15:45:25.561470 osdx kernel: nfUDPlink: module init Dec 11 15:45:25.561528 osdx kernel: app-detect: module init Dec 11 15:45:25.561545 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 11 15:45:25.561561 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Dec 11 15:45:25.561572 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Dec 11 15:45:25.561580 osdx kernel: app-detect: expression init Dec 11 15:45:25.561594 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 11 15:45:25.561604 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 11 15:45:25.567422 osdx modulelauncher[192145]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 11 15:45:25.569846 osdx INFO[192170]: Stopping Traffic Categorization (TCATD) service ... Dec 11 15:45:25.613472 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:45:25.655924 osdx WARNING[192245]: No supported link modes on interface eth0 Dec 11 15:45:25.657475 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:45:25.657493 osdx modulelauncher[192245]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:45:25.658737 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:25.658750 osdx modulelauncher[192245]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:25.713758 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:25.714500 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:25.714696 osdx ulogd[192270]: registering plugin `NFCT' Dec 11 15:45:25.714923 osdx ulogd[192270]: registering plugin `IP2STR' Dec 11 15:45:25.714976 osdx ulogd[192270]: registering plugin `PRINTFLOW' Dec 11 15:45:25.715030 osdx ulogd[192270]: registering plugin `SYSLOG' Dec 11 15:45:25.715036 osdx ulogd[192270]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:25.715091 osdx ulogd[192270]: NFCT plugin working in event mode Dec 11 15:45:25.715140 osdx ulogd[192270]: Changing UID / GID Dec 11 15:45:25.715229 osdx ulogd[192270]: initialization finished, entering main loop Dec 11 15:45:25.715701 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:25.728160 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:25.784976 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:26.682315 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.682339 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765408 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765429 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777363 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:27.777391 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777403 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801323 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:28.801346 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801357 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.919289 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal show | cat'. Dec 11 15:45:29.049798 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.238 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 185k 0 --:--:-- --:--:-- --:--:-- 189k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Dec 11 15:45:24.338560 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:24.341497 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:24.341566 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:24.349668 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:24.574244 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:24.852580 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:24.920564 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 11 15:45:25.016084 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 11 15:45:25.093460 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:45:25.161944 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:45:25.276548 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:25.335942 osdx ubnt-cfgd[192136]: inactive Dec 11 15:45:25.353673 osdx INFO[192142]: FRR daemons did not change Dec 11 15:45:25.561470 osdx kernel: nfUDPlink: module init Dec 11 15:45:25.561528 osdx kernel: app-detect: module init Dec 11 15:45:25.561545 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 11 15:45:25.561561 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Dec 11 15:45:25.561572 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Dec 11 15:45:25.561580 osdx kernel: app-detect: expression init Dec 11 15:45:25.561594 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 11 15:45:25.561604 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 11 15:45:25.567422 osdx modulelauncher[192145]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 11 15:45:25.569846 osdx INFO[192170]: Stopping Traffic Categorization (TCATD) service ... Dec 11 15:45:25.613472 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:45:25.655924 osdx WARNING[192245]: No supported link modes on interface eth0 Dec 11 15:45:25.657475 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:45:25.657493 osdx modulelauncher[192245]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:45:25.658737 osdx modulelauncher[192245]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:25.658750 osdx modulelauncher[192245]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:25.713758 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:25.714500 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:25.714696 osdx ulogd[192270]: registering plugin `NFCT' Dec 11 15:45:25.714923 osdx ulogd[192270]: registering plugin `IP2STR' Dec 11 15:45:25.714976 osdx ulogd[192270]: registering plugin `PRINTFLOW' Dec 11 15:45:25.715030 osdx ulogd[192270]: registering plugin `SYSLOG' Dec 11 15:45:25.715036 osdx ulogd[192270]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:25.715091 osdx ulogd[192270]: NFCT plugin working in event mode Dec 11 15:45:25.715140 osdx ulogd[192270]: Changing UID / GID Dec 11 15:45:25.715229 osdx ulogd[192270]: initialization finished, entering main loop Dec 11 15:45:25.715701 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:25.728160 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:25.784976 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:26.682315 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.682339 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765408 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:26.765429 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777363 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:27.777391 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:27.777403 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801323 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:28.801346 osdx ulogd[192270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.801357 osdx ulogd[192270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:28.919289 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal show | cat'. Dec 11 15:45:29.049798 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal show | cat'. Dec 11 15:45:29.158626 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal show | cat'. Dec 11 15:45:29.318166 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:29.418031 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 11 15:45:29.498952 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 11 15:45:29.610766 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show changes'. Dec 11 15:45:29.685920 osdx ubnt-cfgd[192322]: inactive Dec 11 15:45:29.711074 osdx INFO[192328]: FRR daemons did not change Dec 11 15:45:29.753491 osdx kernel: app-detect: expression destroy Dec 11 15:45:29.761514 osdx kernel: app-detect: expression init Dec 11 15:45:29.761578 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 11 15:45:29.761594 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 11 15:45:29.770524 osdx modulelauncher[192331]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 11 15:45:29.773202 osdx INFO[192347]: Stopping Traffic Categorization (TCATD) service ... Dec 11 15:45:29.813482 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 11 15:45:29.855804 osdx WARNING[192417]: No supported link modes on interface eth1 Dec 11 15:45:29.857092 osdx modulelauncher[192417]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 11 15:45:29.857104 osdx modulelauncher[192417]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 11 15:45:29.858234 osdx modulelauncher[192417]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:29.858241 osdx modulelauncher[192417]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:29.869663 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:29.880998 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:29.881021 osdx ulogd[192270]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 11 15:45:29.881719 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:29.898025 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:30.042136 osdx ulogd[192270]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:30.042339 osdx ulogd[192270]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 11 15:45:30.044686 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 11 15:45:30.172755 osdx file_operation[192473]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 11 15:45:30.177787 osdx ulogd[192270]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=34500 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=34500 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 11 15:45:30.177888 osdx ulogd[192270]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=34500 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=34500 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 11 15:45:30.177905 osdx ulogd[192270]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=34500 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=34500 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 11 15:45:30.179770 osdx ulogd[192270]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=34500 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=34500 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 11 15:45:30.179828 osdx ulogd[192270]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=34500 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=34500 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 11 15:45:30.179843 osdx ulogd[192270]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=34500 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=34500 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 11 15:45:30.198679 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.224 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.224/0.224/0.224/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Dec 11 15:45:35.305100 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:35.306584 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:35.306648 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:35.318609 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:35.578185 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:35.849125 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:35.937221 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Dec 11 15:45:36.039756 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Dec 11 15:45:36.146406 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Dec 11 15:45:36.227490 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Dec 11 15:45:36.333620 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Dec 11 15:45:36.400902 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Dec 11 15:45:36.502686 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Dec 11 15:45:36.612087 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Dec 11 15:45:36.693265 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 11 15:45:36.780270 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 11 15:45:36.895304 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:36.967435 osdx ubnt-cfgd[192713]: inactive Dec 11 15:45:37.016581 osdx INFO[192737]: FRR daemons did not change Dec 11 15:45:37.178569 osdx kernel: nfUDPlink: module init Dec 11 15:45:37.178616 osdx kernel: app-detect: module init Dec 11 15:45:37.178626 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 11 15:45:37.178634 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Dec 11 15:45:37.178642 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Dec 11 15:45:37.178653 osdx kernel: app-detect: expression init Dec 11 15:45:37.178661 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 11 15:45:37.178674 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 11 15:45:37.199700 osdx INFO[192772]: Updated /etc/default/osdx_tcatd.conf Dec 11 15:45:37.199738 osdx INFO[192772]: Restarting Traffic Categorization (TCATD) service ... Dec 11 15:45:37.239029 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Dec 11 15:45:37.245504 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Dec 11 15:45:37.282570 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 11 15:45:37.329008 osdx WARNING[192846]: No supported link modes on interface eth1 Dec 11 15:45:37.330330 osdx modulelauncher[192846]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 11 15:45:37.330342 osdx modulelauncher[192846]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 11 15:45:37.331704 osdx modulelauncher[192846]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:37.331712 osdx modulelauncher[192846]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:37.546870 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:37.562286 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:37.578683 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:37.727805 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 11 15:45:37.871392 osdx file_operation[192925]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 11 15:45:37.878573 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=48859 DF PROTO=TCP SPT=49928 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 11 15:45:38.082579 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=48860 DF PROTO=TCP SPT=49928 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 11 15:45:38.498628 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=48861 DF PROTO=TCP SPT=49928 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 11 15:45:39.330629 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=48862 DF PROTO=TCP SPT=49928 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 11 15:45:40.874297 osdx file_operation.py[192925]: Operation aborted by user. Dec 11 15:45:40.886572 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=48863 DF PROTO=TCP SPT=49928 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 11 15:45:40.891914 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'. Dec 11 15:45:40.970570 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=48864 DF PROTO=TCP SPT=49928 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Show output
admin@osdx#
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.320 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.320/0.320/0.320/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.505 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.505/0.505/0.505/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 11 15:45:46.302788 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free. Dec 11 15:45:46.306438 osdx systemd-journald[1970]: Received client request to rotate journal, rotating. Dec 11 15:45:46.306510 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9. Dec 11 15:45:46.315147 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system journal clear'. Dec 11 15:45:46.536335 osdx OSDxCLI[182218]: User 'admin' executed a new command: 'system coredump delete all'. Dec 11 15:45:46.801363 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:46.869871 osdx cfgd[1647]: [182218]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Dec 11 15:45:46.870308 osdx OSDxCLI[182218]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Dec 11 15:45:46.987865 osdx cfgd[1647]: [182218]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Dec 11 15:45:46.989450 osdx OSDxCLI[182218]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Dec 11 15:45:47.019766 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:47.218256 osdx OSDxCLI[182218]: User 'admin' entered the configuration menu. Dec 11 15:45:47.335302 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 11 15:45:47.403249 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 11 15:45:47.515713 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Dec 11 15:45:47.617095 osdx OSDxCLI[182218]: User 'admin' added a new cfg line: 'show working'. Dec 11 15:45:47.702746 osdx ubnt-cfgd[193136]: inactive Dec 11 15:45:47.722041 osdx INFO[193142]: FRR daemons did not change Dec 11 15:45:47.754401 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 11 15:45:47.800523 osdx WARNING[193214]: No supported link modes on interface eth0 Dec 11 15:45:47.801957 osdx modulelauncher[193214]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 11 15:45:47.801972 osdx modulelauncher[193214]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 11 15:45:47.803119 osdx modulelauncher[193214]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 11 15:45:47.803128 osdx modulelauncher[193214]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 11 15:45:47.854768 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 11 15:45:47.855614 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 11 15:45:47.855751 osdx ulogd[193239]: registering plugin `NFCT' Dec 11 15:45:47.855924 osdx ulogd[193239]: registering plugin `IP2STR' Dec 11 15:45:47.855967 osdx ulogd[193239]: registering plugin `PRINTFLOW' Dec 11 15:45:47.856007 osdx ulogd[193239]: registering plugin `SYSLOG' Dec 11 15:45:47.856046 osdx ulogd[193239]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 11 15:45:47.856088 osdx ulogd[193239]: NFCT plugin working in event mode Dec 11 15:45:47.856097 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[193239]: Changing UID / GID Dec 11 15:45:47.856168 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[193239]: initialization finished, entering main loop Dec 11 15:45:47.856826 osdx cfgd[1647]: [182218]Completed change to active configuration Dec 11 15:45:47.871332 osdx OSDxCLI[182218]: User 'admin' committed the configuration. Dec 11 15:45:47.895332 osdx OSDxCLI[182218]: User 'admin' left the configuration menu. Dec 11 15:45:48.805699 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[193239]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:45:48.805722 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[193239]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:45:48.902036 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[193239]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 11 15:45:48.902056 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[193239]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0