Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:opt_filtration:filtration_info:start [2022/04/04 06:34] – kuligina
+++ en:dpi:dpi_options:opt_filtration:filtration_info:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== 5 Diagnostics ======
-{{indexmenu_n>5}}
-VAS Experts DPI logs are placed to ///var/log/dpi//
-The file fastdpi_alert.log contains the information on errors and informative events. The first field denotes the message class. The diagnostic information and the message text or error text are placed next.
-The information on successful renewal of black lists from cloud service:
-<code>
-[INFO    ] bl_updater_thread : URL black list download with result, rc=1001 : Success.
-[INFO    ] bl_updater_thread : IP black list download with result, rc=1001 : Success.
-</code>
-The file fastdpi_stat.log contains statistical information.
-The number of verified and blocked URL (for HTTP protocol):
-<code>
-url/lock=881557942/644
-</code>
-The number of verified and blocked sessions by certificate (for HTTPS protocol):
-<code>
-ssl/lock=1656734322/58
-</code>
-The number of verified and blocked packets by IP (for HTTPS protocol):
-<code>
-https/lock=3021320891/3
-</code>
-Check that the lists are up to date, the date is usually not far in the past (a few hours):
-<code>
-ls -la /var/lib/dpi/blcache*
-</code>
-Check if [[en:dpi:dpi_components:platform:by_pass:start|mode bypass]] is active (if present):
-<code>
-bpctl_util all get_bypass
-Mistake:
--bash: bpctl_util: command not found
-Means you don't have a bypass
-</code>
-Check if there is a service on the subscriber, if there is, whether it corresponds to the [[en:dpi:dpi_options:opt_filtration:filtration_ctrl:start|black_list_sm]] parameter:
-<code>
-looking for a login by IP (if logins are used)
-fdpi_ctrl list all --bind_multi | grep 192.168.1.100
-user_100:192.168.1.100
-check the status of the service:
-fdpi_ctrl list --service 4 --login user_100
-Autodetected fastdpi params : dev='eth5', port=29000
-connecting 192.168.0.2:29000 ...
-================================
-user_100 4 (0x8) default
-Result processing login=user_100 :
-/1/0
-Total: filtering service is active
-Checking the state of the parameter:
-service fastdpi reload
-grep black_list_sm /var/log/dpi/fastdpi_alert.log | tail-1
-black_list_sm : 0
-ATTENTION! The parameter is set by default, which means that the inversion works - the active service disables filtering on the subscriber.
-For details, see the section on filtering service management.
-</code>
-Check that the test subscriber's traffic goes through DPI:
-<code>
-check that the log files do not exceed 1GB:
-ls -la /var/log/dpi/fastdpi_slave_?.log
-if it exceeds then do:
-echo "" > /var/log/dpi/fastdpi_slave_0.log
-echo "" > /var/log/dpi/fastdpi_slave_1.log
-echo "" > /var/log/dpi/fastdpi_slave_2.log
-echo "" > /var/log/dpi/fastdpi_slave_3.log
-Set the IP address of the test computer in the /etc/dpi/fastdpi.conf configuration:
-trace_ip=<IP>
-After installation do:
-service fastdpi reload
-Sample verification for protonmail.com:
-. Request
-wget protonmail.com
---2020-02-09 19:50:15-- http://protonmail.com/
-Resolving protonmail.com... 5.3.3.17, 2a02:2698:a002:1::3:17
-Connecting to protonmail.com|5.3.3.17|:80... connected.
-HTTP request sent, awaiting response... 302 Moved Temporarily
-Location: http://vasexperts.ru/test/blocked.php [following]
---2020-02-09 19:50:16-- http://vasexperts.ru/test/blocked.php
-Resolving vasexperts.ru... 45.151.108.17
-Connecting to vasexperts.ru|45.151.108.17|:80... connected.
-HTTP request sent, awaiting response... 200 OK
-. checking log entries
-grep -E "proton" -A5 /var/log/dpi/fastdpi_slave_?.log
-/var/log/dpi/fastdpi_slave_1.log:HTTP_HOST=_protonmail.com_
-/var/log/dpi/fastdpi_slave_1.log-HTTP_REFERER(0)=_null_
-/var/log/dpi/fastdpi_slave_1.log-HTTP_USER-AGENT=_Wget/1.12 (linux-gnu)_
-/var/log/dpi/fastdpi_slave_1.log-HTTP_COOKIE=_null_
-/var/log/dpi/fastdpi_slave_1.log-[TRACE ][000000045177957936][0167666FC85BFC15] CHECK_HTTP 192.168.1.8:24359 --> 5.3.3.17:80 url_blocked=0x22, method=1 : URL=_/_
-/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_
-/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_
-/var/log/dpi/fastdpi_slave_1.log-       new_prg_id=0x0(0x0)
-/var/log/dpi/fastdpi_slave_1.log-       other_prg_id=0x0(0x0)
-/var/log/dpi/fastdpi_slave_1.log-       prof_idx={0,0,0,0,0,0}
-/var/log/dpi/fastdpi_slave_1.log-       ddos=0
---
-/var/log/dpi/fastdpi_slave_1.log:       HTTP_HOST=_protonmail.com_
-/var/log/dpi/fastdpi_slave_1.log-       HTTP_REFERER=_null_
-/var/log/dpi/fastdpi_slave_1.log-       NEW_URL=http://vasexperts.ru/test/blocked.php_
-/var/log/dpi/fastdpi_slave_1.log-       NEW_REFERER=_null_
-The log shows that the resource is blocked:
-... url_blocked=0x22 ...
-and redirected to the blocking page:
-NEW_URL=http://vasexperts.ru/test/blocked.php_
-</code>

Profile

Settings

Differences

Differences

What were you trying to find?