traceoptions of flow session
- Jean-luc KRIKER
Owned by Jean-luc KRIKER
| what to trace? | |
| configuration | config [edit security flow]
Netbox@SRX300-1-RL102# show
traceoptions {
file selfpolicy size 1m;
flag basic-datapath;
packet-filter term1 {
source-prefix 192.168.200.1/32;
destination-prefix 192.168.200.2/32;
}
packet-filter term2 {
source-prefix 192.168.200.2/32;
destination-prefix 192.168.200.1/32;
}
}
set security flow traceoptions file selfpolicy
set security flow traceoptions file size 1m
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter term1 source-prefix 192.168.200.1/32
set security flow traceoptions packet-filter term1 destination-prefix 192.168.200.2/32
set security flow traceoptions packet-filter term2 source-prefix 192.168.200.2/32
set security flow traceoptions packet-filter term2 destination-prefix 192.168.200.1/32
|
| flag options | flag option Netbox@SRX300-1-RL102# set traceoptions flag ? Possible completions: all All events basic-datapath Basic packet flow fragmentation Ip fragmentation and reassembly events high-availability Flow high-availability information host-traffic Flow host-traffic information multicast Multicast flow information route Route lookup information session Session creation and deletion events session-scan Session scan information tcp-basic TCP packet flow tunnel Tunnel information |
| show log | show log [edit security flow] Netbox@SRX300-1-RL102# run show log selfpolicy | last Jul 30 11:58:11 11:58:11.574302:CID-0:RT: flow got session. Jul 30 11:58:11 11:58:11.574302:CID-0:RT: flow session id 3655 Jul 30 11:58:11 11:58:11.574302:CID-0:RT: vector bits 0x8002 vector 0x68996258 Jul 30 11:58:11 11:58:11.574302:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0 Jul 30 11:58:11 11:58:11.574302:CID-0:RT:mbuf 0x611b2c80, exit nh 0x5c1302 Jul 30 11:58:11 11:58:11.574302:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x2088c48 associated with mbuf 0x611b2c80 Jul 30 11:58:11 11:58:11.574302:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0) Jul 30 11:58:11 11:58:11.671703:CID-0:RT:<192.168.200.1/65261->192.168.200.2/22;6,0x0> matched filter term1: Jul 30 11:58:11 11:58:11.671703:CID-0:RT:packet [52] ipid = 34264, @0x5ee6439c Jul 30 11:58:11 11:58:11.671703:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x5ee64180, rtbl_idx = 8 Jul 30 11:58:11 11:58:11.671703:CID-0:RT: flow process pak fast ifl 78 in_ifp ae0.0 Jul 30 11:58:11 11:58:11.671703:CID-0:RT: ae0.0:192.168.200.1/65261->192.168.200.2/22, tcp, flag 10 Jul 30 11:58:11 11:58:11.671703:CID-0:RT: find flow: table 0x6531298, hash 7389(0xffff), sa 192.168.200.1, da 192.168.200.2, sp 65261, dp 22, proto 6, tok 32777, conn-tag 0x00000000, vrf-grp-id 0 Jul 30 11:58:11 11:58:11.671703:CID-0:RT:Found: session id 0x156d. sess tok 32777 Jul 30 11:58:11 11:58:11.671703:CID-0:RT: flow got session. Jul 30 11:58:11 11:58:11.671703:CID-0:RT: flow session id 5485 Jul 30 11:58:11 11:58:11.671703:CID-0:RT: refreshing session Jul 30 11:58:11 11:58:11.671703:CID-0:RT: vector bits 0x8002 vector 0x68996258 Jul 30 11:58:11 11:58:11.671703:CID-0:RT:pre-frag not needed: ipsize: 52, mtu: 9188, nsp2->pmtu: 9188 Jul 30 11:58:11 11:58:11.671703:CID-0:RT:insert usp tag for apps Jul 30 11:58:11 11:58:11.671703:CID-0:RT:mbuf 0x5ee64180, exit nh 0xfffb0006 Jul 30 11:58:11 11:58:11.671703:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0) |