.. _example_system_conntrack_app-detect_app-detect:

##########
App-Detect
##########


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

These scenarios check the basic functions in app-detect feature.

*************************
Test App-Detect HTTP-Host
*************************

Description
===========

DUT0 configures the HTTP application detector.
DUT1 acts as a client behind DUT0 and downloads
a file via HTTP. The connection in DUT0 is then
monitored to verify that it is identified as HTTP
and the destination hostname appears in the
appdetect annotation.

Scenario
========

.. include:: app-detect/testapp-detecthttp-host

.. raw:: html

  <hr>

****************************************
Test App-Detect HTTP-Host Chained App-ID
****************************************

Description
===========

DUT0 configures the HTTP application detector
together with app-detect chained storage mode.
DUT1 acts as a client behind DUT0 and downloads
a file via HTTP. The connection in DUT0 is then
monitored to verify that all detected App-ID
results are stored together in the appdetect
annotation.

Scenario
========

.. include:: app-detect/testapp-detecthttp-hostchainedapp-id

.. raw:: html

  <hr>

************************
Test App-Detect DNS-Host
************************

Description
===========

DUT0 configures the DNS application detector.
DUT1 acts as a client that performs a DNS lookup
through DUT0 to DUT2, which runs a DNS server.
The connection in DUT0 is then monitored to verify
that the queried hostname appears in the appdetect
annotation.

Scenario
========

.. include:: app-detect/testapp-detectdns-host

.. raw:: html

  <hr>

************************
Test App-Detect IP-Cache
************************

Description
===========

DUT0 configures DNS detection with a custom
dictionary and together with app-detect chained
storage mode. DUT1 pings a hostname resolved by
DUT2 through DUT0. The IP-cache in DUT0 is
monitored to verify that it contains the resolved
address and its matching App-ID. The test also
verifies that IP-cache entries expire after the
configured timeout.

Scenario
========

.. include:: app-detect/testapp-detectip-cache

.. raw:: html

  <hr>

**********************************
Test App-Detect IP-Cache Blacklist
**********************************

Description
===========

DUT0 configures DNS detection and a custom
dictionary with two entries that map different
App-IDs to the same IP address, causing App-ID
flapping. The test first verifies that flapping
is detected without blacklisting. Then the
IP-cache blacklist option is enabled and the test
verifies that the flapping address is blacklisted.

Scenario
========

.. include:: app-detect/testapp-detectip-cacheblacklist

.. raw:: html

  <hr>

***************************************
Test App-Detect IP-Cache Chained App-ID
***************************************

Description
===========

DUT0 configures HTTP detection, DNS detection and
a custom dictionary, together with app-detect
chained storage mode and refresh-flow-appid option.
DUT1 downloads a file via HTTP through DUT0,
resolved by DUT2. On the first request the appdetect
annotation shows the App-ID chain in real-time
detection order. After clearing conntrack, a second
request verifies that the IP-cache match appears
first in the App-ID chain of the connection.

Scenario
========

.. include:: app-detect/testapp-detectip-cachechainedapp-id

.. raw:: html

  <hr>