Re: SRX SIP packets doesnt flow, instead ICMP

I configure flow trace

[edit security flow]
noc@j240-1# show 
traceoptions {
    file dataflow.log size 10k files 2;
    flag basic-datapath;
    packet-filter pbx {
        source-prefix 192.168.77.122/32;
        destination-prefix 10.3.7.82/32;
    }
    packet-filter pbxReverse {
        source-prefix 10.3.7.82/32;
    }
}

noc@j240-1# run show log dataflow.log    
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:  permitted by policy internet-access(4)
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:  packet passed, Permitted by policy.
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_src_xlate:  incoming src port is : 46698.
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 1/32773, pst_nat: True.
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_pst_nat_xlate: pst nat binding found
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:  choose interface vlan.100(P2P) as outgoing phy if
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:is_loop_pak: No loop: on ifp: vlan.100, addr: 10.3.7.82, rtt_idx:0
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:-jsf : Alloc sess plugin info for session 249108252790
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]Normal interest check. regd plugins 28, enabled impl mask 0x0
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
Dec 19 11:18:08 11:18:08.465786:CID-0:RT: Allocating plugin info block for plugin(26)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF] set ext handle 0x4b9c5b50 for plugin 26 on session 249108252790
Dec 19 11:18:08 11:18:08.465786:CID-0:RT: Allocating plugin info block for plugin(12)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT: Allocating plugin info block for plugin(31)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]Plugins(0x84001000, count 3) enabled for session = 249108252790, impli mask(0xc), post_nat cnt 0 svc req(0x5)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]c2s order list:
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               12
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               26
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               31
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]s2c order list:
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               31
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               26
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               12
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:  service lookup identified service 63.
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:  flow_first_final_check: in <ge-0/0/15.0>, out <vlan.100>
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:natp(0x59c8a318): no tcp sequence check(0x00000000) as 0x00010000.
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:flow_first_final_check: flow_set_xlate_vector.
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:In flow_first_complete_session
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:flow_first_complete_session: pak_ptr is xlated packet
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:flow_first_complete_session, pak_ptr: 0x51e331b0, nsp: 0x59c8a318, in_tunnel: 0x0
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:construct v4 vector for nsp2
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  existing vector list 0x9082-0x4b9d38e8.
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  Session (id:149622) created for first pak 9082
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:first pak processing successful
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  flow_first_install_session======> 0x59c8a318
Dec 19 11:18:09 11:18:08.465786:CID-0:RT: nsp 0x59c8a318, nsp2 0x59c8a3a8
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  make_nsp_ready_no_resolve()
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:flow_ipv4_rt_lkup success 192.168.77.122, iifl 0x58, oifl 0x58
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  route lookup: dest-ip 192.168.77.122 orig ifp ge-0/0/15.0 output_ifp ge-0/0/15.0 orig-zone 6 out-zone 6 vsd 0
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  route to 10.2.0.250
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:Doing jsf sess create notify
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set ext handle 0x49a684d8 for plugin 12 on session 249108252790
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set strm buf 0x498a2fd0 for plugin 12
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:-jsf create notify: plugin id 12. rc 0
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set strm buf 0x498a33c0 for plugin 26
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:-jsf create notify: plugin id 26. rc 3
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set ext handle 0x49a65d78 for plugin 31 on session 249108252790
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set strm buf 0x498a2e80 for plugin 31
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:-jsf create notify: plugin id 31. rc 0
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:no need update ha
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:Installing c2s NP session wing
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:Installing s2c NP session wing
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:first path session installation succeeded
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:Fwd packet with rtbl idx 0, cos 0, rl 8865360
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:flow_sess_reinject_pkt_for_sz_common:SPU reinject pkt for sz
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:  flow need to reinject pkt.
Dec 19 11:18:09 11:18:08.466278:CID-0:RT: ----- flow_process_pkt rc 0x11 (fp rc 7)
Dec 19 11:18:09 11:18:08.466495:CID-0:RT:SPU received an event,type SESS_MSG_FLUSHED_PAK, common:3
Dec 19 11:18:09 11:18:08.466495:CID-0:RT:Rcv packet with rtbl idx 0, cos 0, rl 8865360
Dec 19 11:18:09 11:18:08.466495:CID-0:RT:SPU processing spu_flushed_pak, flag: 0x2, mbuf:0x0x43b87800
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:<192.168.77.122/46698->10.3.7.82/5060;6> matched filter pbx:
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:packet [60] ipid = 47538, @0x43b87a1c
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:---- flow_process_pkt: (thd 2): flow_ctxt type 21, common flag 0x803, mbuf 0x43b87800, rtbl_idx = 0
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:flow process pak, mbuf 0x43b87800, ifl 0, ctxt_type 21 inq type 6
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:change ifl to 0x58
Dec 19 11:18:09 11:18:08.466624:CID-0:RT: in_ifp <trust:ge-0/0/15.0>
Dec 19 11:18:09 11:18:08.466624:CID-0:RT: setting SZ flag in lpak 0x51e32f30, mbuf 0x43b87800, sess id 0x24876
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:setting rtt to:0x609d7720 based on VR ID:0 carried over in flow ctxt,  proto 2(ipv4)
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x609d7720
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:host inq check inq_type 0x6
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:  flow session id 149622
Dec 19 11:18:09 11:18:08.466769:CID-0:RT: vector bits 0x9082 vector 0x4b9d38e8
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:flow_tcp_wsf_update: wsf 7
Dec 19 11:18:09 11:18:08.466769:CID-0:RT: ****jsf svc chain: sess id 149622, dir 1, nat_done 0, pak pid 0, first pid 12
Dec 19 11:18:09 11:18:08.466846:CID-0:RT: plugin name junos-tcp-svr-emul. action JSF_SESSION_ACTION_NONE, stbuf 0x498a2fd0
Dec 19 11:18:09 11:18:08.466846:CID-0:RT: jsf resume sess id 149622, direction 1
Dec 19 11:18:09 11:18:08.466846:CID-0:RT:PKT-PROC for plugin junos-tcp-svr-emul jbuf 0x5d51cfe8, sess jsf flags 0x0, rc 9
Dec 19 11:18:09 11:18:08.466846:CID-0:RT: begin walk strm chain: sess id 149622, dir 1
Dec 19 11:18:09 11:18:08.466846:CID-0:RT:  walk: pid 12, prev stbuf 0x0, curr stbuf 0x498a2fd0, ignore 0
Dec 19 11:18:09 11:18:08.466945:CID-0:RT:  walk: pid 26, prev stbuf 0x498a2fd0, curr stbuf 0x498a33c0, ignore 0
Dec 19 11:18:09 11:18:08.466945:CID-0:RT:  Moved 0 bytes, rc=102. Prev tx empty[1], Curr Rx Empty[0], resume reqd[1]
Dec 19 11:18:09 11:18:08.466945:CID-0:RT:  walk: pid 31, prev stbuf 0x498a33c0, curr stbuf 0x498a2e80, ignore 0
Dec 19 11:18:09 11:18:08.467013:CID-0:RT:  Moved 0 bytes, rc=102. Prev tx empty[1], Curr Rx Empty[1], resume reqd[1]
Dec 19 11:18:09 11:18:08.467013:CID-0:RT:  total bytes moved 0, resume reqd 1
Dec 19 11:18:09 11:18:08.467013:CID-0:RT: after stream walk jb 0x5d51cfe8, rc 9, ctx.jb 0x0
Dec 19 11:18:09 11:18:08.467013:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x51e32f30 associated with mbuf 0x43b87800
Dec 19 11:18:09 11:18:08.467013:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc 0)
Dec 19 11:18:28 11:18:27.948476:CID-0:RT:jsf sess close notify
Dec 19 11:18:28 11:18:27.948476:CID-0:RT:flow_ipv4_del_flow: sess 149622, in hash 32
Dec 19 11:18:28 11:18:27.948476:CID-0:RT:flow_ipv4_del_flow: sess 149622, in hash 32
Dec 19 11:18:29 11:18:29.949631:CID-0:RT:jsf sess destroy notify
Dec 19 11:18:29 11:18:29.949631:CID-0:RT:[JSF] set strm buf 0x0 for plugin 12
Dec 19 11:18:29 11:18:29.950131:CID-0:RT:[JSF] set strm buf 0x0 for plugin 26
Dec 19 11:18:29 11:18:29.950131:CID-0:RT:[JSF] set ext handle 0x0 for plugin 26 on session 249108252790
Dec 19 11:18:29 11:18:29.950131:CID-0:RT:[JSF] set strm buf 0x0 for plugin 31

It look like packet goes not to untrust zone, right?

Re: SRX SIP packets doesnt flow, instead ICMP

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112