Conntag
The following scenarios show how the conntag feature integrates with conntrack logging and system conntrack show commands. Conntag allows tagging conntrack entries with string values (up to 255 characters) for traffic identification and logging.
Conntag In Conntrack Show
Description
Verify that conntag values appear correctly in the
system conntrack show command output. The conntag
field should display the string value assigned to the
connection via traffic policy.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.607 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.607/0.607/0.607/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.457 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.449 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.210 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2032ms rtt min/avg/max/mdev = 0.210/0.372/0.457/0.114 ms
Step 6: Run the command system conntrack show on DUT0 and expect the following output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=245 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=245 packets=3 bytes=252 mark=0 conntag=my-logged-tag use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Conntag In Conntrack Logging
Description
Verify that conntag values appear in conntrack logging
events when system conntrack logging events is enabled.
The CONNTAG field should be included in log entries for
NEW, UPDATE, and DESTROY events.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.606 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.606/0.606/0.606/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/d1b141b298644f3ea5560bad25bf4943/system@0e6ef7db680445528f4f2843eca04470-00000000000112de-0006522d713b95c3.journal (64.0K). Deleted archived journal /run/log/journal/d1b141b298644f3ea5560bad25bf4943/system@0e6ef7db680445528f4f2843eca04470-00000000000112e1-0006522d713fda17.journal (112.0K). Vacuuming done, freed 176.0K of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.376 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.266 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.259 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2044ms rtt min/avg/max/mdev = 0.259/0.300/0.376/0.053 ms
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=my-logged-tagShow output
May 19 15:36:29.656568 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:36:29.657082 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:36:29.657118 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:36:29.666199 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:36:29.765164 osdx ulogd[456436]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 19 15:36:29.765182 osdx ulogd[456436]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Conntag In Traffic Policy Log
Description
Verify that conntag values appear in traffic policy log
entries when the log option is enabled on a rule that
sets conntag.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 log prefix CONNTAG set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.580 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.580/0.580/0.580/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Deleted archived journal /run/log/journal/d1b141b298644f3ea5560bad25bf4943/system@0e6ef7db680445528f4f2843eca04470-0000000000011332-0006522d71c93ac6.journal (84.0K). Vacuuming done, freed 84.0K of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. Vacuuming done, freed 0B of archived journals from /run/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.741 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.495 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.297 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2031ms rtt min/avg/max/mdev = 0.297/0.511/0.741/0.181 ms
Step 7: Run the command system journal show | tail on DUT0 and check whether the output contains the following tokens:
[CONNTAG-1] ACCEPTShow output
May 19 15:36:38.572429 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 12.0M free. May 19 15:36:38.573611 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:36:38.573650 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:36:38.581190 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:36:38.682933 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=34044 DF PROTO=ICMP TYPE=8 CODE=0 ID=249 SEQ=1 May 19 15:36:39.689878 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=34193 DF PROTO=ICMP TYPE=8 CODE=0 ID=249 SEQ=2 May 19 15:36:40.713785 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=34440 DF PROTO=ICMP TYPE=8 CODE=0 ID=249 SEQ=3
Conntag Persistence Through Connection States
Description
Verify that conntag values persist through different connection states (NEW, ESTABLISHED). The tag should remain associated with the connection throughout its lifecycle.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.525 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.525/0.525/0.525/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/d1b141b298644f3ea5560bad25bf4943/system@0e6ef7db680445528f4f2843eca04470-0000000000011366-0006522d72527f6a.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.531 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.197 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.452 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2030ms rtt min/avg/max/mdev = 0.197/0.393/0.531/0.142 ms
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
\[NEW\].*CONNTAG=my-logged-tagShow output
May 19 15:36:47.680696 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 12.0M free. May 19 15:36:47.682411 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:36:47.682468 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:36:47.689867 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:36:47.792663 osdx ulogd[457239]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 19 15:36:47.792684 osdx ulogd[457239]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
\[UPDATE\].*CONNTAG=my-logged-tagShow output
May 19 15:36:47.680696 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 12.0M free. May 19 15:36:47.682411 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:36:47.682468 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:36:47.689867 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:36:47.792663 osdx ulogd[457239]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 19 15:36:47.792684 osdx ulogd[457239]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 19 15:36:49.892305 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'.
Conntag With Long String In Logs
Description
Verify that long conntag strings are correctly logged and displayed. The system should handle strings up to 255 characters without truncation in logs.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag application-traffic-identifier-v1.2.3-production-env
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.364 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.364/0.364/0.364/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/d1b141b298644f3ea5560bad25bf4943/system@0e6ef7db680445528f4f2843eca04470-00000000000113b8-0006522d72eaebee.journal (108.0K). Vacuuming done, freed 108.0K of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.421 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.640 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.676 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2038ms rtt min/avg/max/mdev = 0.421/0.579/0.676/0.112 ms
Step 7: Run the command system conntrack show on DUT0 and expect the following output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=253 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=253 packets=3 bytes=252 mark=0 conntag=application-traffic-identifier-v1.2.3-production-env use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=application-traffic-identifierShow output
May 19 15:36:57.782333 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:36:57.785712 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:36:57.785759 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:36:57.792833 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:36:57.896145 osdx ulogd[457654]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=application-traffic-identifier-v1.2.3-production-env May 19 15:37:00.018880 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system conntrack show'.
Conntag With Multiple Policies
Description
Verify that different traffic policies can set different conntag values, and each connection is tagged appropriately based on which policy rule matched.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_MULTI set service ssh set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_MULTI rule 1 selector SEL_ICMP set traffic policy POLICY_MULTI rule 1 set conntag icmp-traffic-tag set traffic policy POLICY_MULTI rule 2 selector SEL_TCP set traffic policy POLICY_MULTI rule 2 set conntag tcp-traffic-tag set traffic selector SEL_ICMP rule 1 protocol icmp set traffic selector SEL_TCP rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.500 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.326 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.428 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2049ms rtt min/avg/max/mdev = 0.326/0.418/0.500/0.071 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/d1b141b298644f3ea5560bad25bf4943/system@0e6ef7db680445528f4f2843eca04470-0000000000011407-0006522d7374791a.journal (120.0K). Vacuuming done, freed 120.0K of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.426 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.368 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.511 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2041ms rtt min/avg/max/mdev = 0.368/0.435/0.511/0.058 ms
Step 7: Initiate an SSH connection from DUT1 to IP address 192.168.100.1 using user admin:
admin@DUT1$ ssh admin@192.168.100.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.100.1' (ECDSA) to the list of known hosts. admin@192.168.100.1's password: Welcome to Teldat OSDx v4.2.10.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue May 19 15:36:14 2026 admin@osdx$
Step 8: Run the command system conntrack show on DUT0 and expect the following output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=255 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=255 packets=3 bytes=252 mark=0 conntag=icmp-traffic-tag use=1 tcp 6 19 TIME_WAIT src=192.168.100.2 dst=192.168.100.1 sport=51670 dport=22 packets=23 bytes=5005 src=192.168.100.1 dst=192.168.100.2 sport=22 dport=51670 packets=20 bytes=4841 [ASSURED] mark=0 conntag=tcp-traffic-tag use=1 conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 9: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=icmp-traffic-tagShow output
May 19 15:37:09.354699 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:37:09.356178 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:09.356217 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:09.363584 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:09.463551 osdx ulogd[458152]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 19 15:37:09.463569 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 19 15:37:11.587697 osdx ulogd[458152]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.587717 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.587728 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.731420 osdx sshd[458209]: Accepted password for admin from 192.168.100.2 port 51670 ssh2 May 19 15:37:11.736854 osdx sshd[458209]: pam_env(sshd:session): deprecated reading of user environment enabled May 19 15:37:11.803363 osdx OSDxCLI[458219]: User 'admin' has logged in. May 19 15:37:11.817139 osdx OSDxCLI[458219]: User 'admin' has logged out. May 19 15:37:11.820511 osdx sshd[458218]: Received disconnect from 192.168.100.2 port 51670:11: disconnected by user May 19 15:37:11.820594 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.820614 osdx sshd[458218]: Disconnected from user admin 192.168.100.2 port 51670 May 19 15:37:11.821408 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.821524 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.952459 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system conntrack show'.
Step 10: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=tcp-traffic-tagShow output
May 19 15:37:09.354699 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:37:09.356178 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:09.356217 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:09.363584 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:09.463551 osdx ulogd[458152]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 19 15:37:09.463569 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 19 15:37:11.587697 osdx ulogd[458152]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.587717 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.587728 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.731420 osdx sshd[458209]: Accepted password for admin from 192.168.100.2 port 51670 ssh2 May 19 15:37:11.736854 osdx sshd[458209]: pam_env(sshd:session): deprecated reading of user environment enabled May 19 15:37:11.803363 osdx OSDxCLI[458219]: User 'admin' has logged in. May 19 15:37:11.817139 osdx OSDxCLI[458219]: User 'admin' has logged out. May 19 15:37:11.820511 osdx sshd[458218]: Received disconnect from 192.168.100.2 port 51670:11: disconnected by user May 19 15:37:11.820594 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.820614 osdx sshd[458218]: Disconnected from user admin 192.168.100.2 port 51670 May 19 15:37:11.821408 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.821524 osdx ulogd[458152]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=51670 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=51670 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 19 15:37:11.952459 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system conntrack show'. May 19 15:37:12.021809 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'.