security debug register¶

security debug register(1) BIG-IP TMSH Manual security debug register(1)

NAME
register - Configures a debug register.

MODULE
security debug

SYNTAX
Configure the register component within the security debug module using the syntax in the following sections.

MODIFY
modify register [name]
options:
all
description [string]
destination {
address [ip_address/prefixlen]
port [port]
}
[disabled | enabled]
match-ip-version [false | true]
protocol [any | [protocol] ]
source {
address [ip_address/prefixlen]
port [port]
vlan [vlan name]
}

edit register [ [name] ... ]
options:
all-properties
non-default-properties

reset-stats register [ [name] ... ]

DISPLAY
list register
list register [ [name] ... ]
options:
all-properties
non-default-properties
one-line

show register [ [name] ... ]
options:
all-properties (default | exa | gig | kil | meg | peta | raw | tera |
yotta | zetta)
field-fmt

RUN
run register [name]
options:
filename [filename | stdout]
max-file-mb [integer]
max-packets [integer]
unidirectional [true | false]
capture-start
capture-stop

DESCRIPTION
This component configures the traffic flow for hardware debug functionality based on the incoming packets' IP header
6-tuple values.

The run command performs the hardware debug functionality by capturing the network traffic which matches the register
configuration.

EXAMPLES
modify register r1 enabled source { address 1.1.1.0/24 port any vlan vlan-168 }

Configure register r1 to match the traffic from address 1.1.1.0/24 on any port and vlan defined in vlan-168.

reset-stats register r1

Reset the statistics of register named r1.

show register r1

Displays statistics and status of register named r1.

run register r1 filename /shared/f1.cap max-file-mb 100 max-packets 5000 capture-start

Start capturing the network traffic based on r1 configuration and save the tcpdump file to /shared/f1.cap, up to 100 mb or
5000 packets whichever comes first.

run register r1 capture-stop

Stop capturing the network traffic on r1 manually.

OPTIONS
description
User-defined description.

destination
Matches against each packet's destination IP and/or destination port.

address
Specifies an IP address and network to compare against the packet's destination address.

The format for an IPv4 address is a.b.c.d[/prefix]. The general format for an IPv6 address is
a:b:c:d:e:f:g:h[/prefix]; you can shorten this by eliminating leading zeros from each field (for example, you can
shorten "2001:0db7:3f4a:09dd:ca90:ff00:0042:8329" to "2001:db7:3f4a:9dd:ca90:ff00:42:8329"), and/or by removing
the longest contiguous field of zeros (for example, you can shorten "2001:0:0:0:c34a:0:23ff:678" to
"2001::c34a:0:23ff:678"). TMSH accepts any valid text representation of IPv6 addresses, as defined in RFC 2373
(see ).

port Specifies a port to compare against the packet's destination port.

match-ip-version
Specifies whether any/any6 in source/destination address is to match 'any IPv4', 'any IPv6', or 'any IPv4 and any
IPv6' addresses.

If match-ip-version is true, both source and destination addresses must have the same IP address family. If match-ip-
version is false and both source and destination addresses are any or any6, both addresses represent 'any IPv4 and
IPv6 addresses'.

If match-ip-version is false and only one address is set to any or any6, the address is interpreted based on the other
IP address' family (IPv4 or IPv6). The default is false.

protocol
Specifies the IP protocol to compare against the packet. The default value is any.

source
Matches against each packet's source IP, source port, and/or source VLAN.

address
Specifies an IP address and network to compare against the packet's source address.

The format for an IPv4 address is a.b.c.d[/prefix]. The general format for an IPv6 address is
a:b:c:d:e:f:g:h[/prefix]

port Specifies a port to compare against the packet's source port.

vlan Specifies a vlan name.

filename
Specifies the full path of the file in which to capture the packets from the run command.

The option is only for the run command with option capture-start. The default value is stdout if it's not specified.
The tcpdump will be displayed on the console if the value is stdout.

max-file-mb
Specifies the maximum file size in the run command.

The option is only for the run command with option capture-start. The default value is 1 if it's not specified. The
unit is in 1,000,000 bytes.

max-packets
Specifies the maximum number of packets that can be captured in the run command.

The option is only for the run command with option capture-start. The default value is 1000 if it's not specified.

unidirectional
Specifies that only the unidirectional traffic can be captured in the run command.

The option is only for the run command with option capture-start. The default value is false which means bidirectional
traffic will be captured. If the value is true, the command will only capture unidirectional traffic.

capture-start
Specifies the action to start capturing the network traffic.

The option is only for the run command. Either capture-start or
capture-stop must be specified as the last option on the run command.

capture-stop
Specifies the action to stop capturing the network traffic.

The option is only for the run command. Either capture-start or
capture-stop must be specified as the last option on the run command.

SEE ALSO
edit, list, modify, security, debug, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.

BIG-IP 2018-12-05 security debug register(1)