Conntag
The following scenarios show how the conntag feature integrates with conntrack logging and system conntrack show commands. Conntag allows tagging conntrack entries with string values (up to 255 characters) for traffic identification and logging.
Conntag In Conntrack Show
Description
Verify that conntag values appear correctly in the
system conntrack show command output. The conntag
field should display the string value assigned to the
connection via traffic policy.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.799 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.799/0.799/0.799/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.320 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.276 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.249 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2031ms rtt min/avg/max/mdev = 0.249/0.281/0.320/0.029 ms
Step 6: Run the command system conntrack show on DUT0 and expect the following output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=631 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=631 packets=3 bytes=252 mark=0 conntag=my-logged-tag use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Conntag In Conntrack Logging
Description
Verify that conntag values appear in conntrack logging
events when system conntrack logging events is enabled.
The CONNTAG field should be included in log entries for
NEW, UPDATE, and DESTROY events.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.630 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.630/0.630/0.630/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Deleted archived journal /run/log/journal/140771393e044d28bd27951346e92000/system@61afe6542e0643d3bb92b6d7dbca0db5-0000000000008a79-00065357faaf4d90.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.615 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.276 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.279 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2025ms rtt min/avg/max/mdev = 0.276/0.390/0.615/0.159 ms
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=my-logged-tagShow output
Jun 03 11:46:36.086971 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:46:36.090041 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:46:36.090126 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:46:36.099684 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:46:36.215363 osdx ulogd[202148]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Jun 03 11:46:36.215387 osdx ulogd[202148]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Conntag In Traffic Policy Log
Description
Verify that conntag values appear in traffic policy log
entries when the log option is enabled on a rule that
sets conntag.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 log prefix CONNTAG set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.647 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.647/0.647/0.647/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Deleted archived journal /run/log/journal/140771393e044d28bd27951346e92000/system@61afe6542e0643d3bb92b6d7dbca0db5-0000000000008aca-00065357fb48c7c6.journal (84.0K). Vacuuming done, freed 84.0K of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.411 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.358 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.385 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2054ms rtt min/avg/max/mdev = 0.358/0.384/0.411/0.021 ms
Step 7: Run the command system journal show | tail on DUT0 and check whether the output contains the following tokens:
[CONNTAG-1] ACCEPTShow output
Jun 03 11:46:46.191047 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 12.0M free. Jun 03 11:46:46.193510 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:46:46.193568 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:46:46.203729 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:46:46.301976 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=14426 DF PROTO=ICMP TYPE=8 CODE=0 ID=635 SEQ=1 Jun 03 11:46:47.332060 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=14571 DF PROTO=ICMP TYPE=8 CODE=0 ID=635 SEQ=2 Jun 03 11:46:48.356089 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=14719 DF PROTO=ICMP TYPE=8 CODE=0 ID=635 SEQ=3
Conntag Persistence Through Connection States
Description
Verify that conntag values persist through different connection states (NEW, ESTABLISHED). The tag should remain associated with the connection throughout its lifecycle.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.578 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.578/0.578/0.578/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Deleted archived journal /run/log/journal/140771393e044d28bd27951346e92000/system@61afe6542e0643d3bb92b6d7dbca0db5-0000000000008afe-00065357fbe1819a.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.563 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.279 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.270 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2056ms rtt min/avg/max/mdev = 0.270/0.370/0.563/0.136 ms
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
\[NEW\].*CONNTAG=my-logged-tagShow output
Jun 03 11:46:56.865497 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 12.0M free. Jun 03 11:46:56.868064 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:46:56.868153 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:46:56.882508 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:46:57.022616 osdx ulogd[202949]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Jun 03 11:46:57.022639 osdx ulogd[202949]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
\[UPDATE\].*CONNTAG=my-logged-tagShow output
Jun 03 11:46:56.865497 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 12.0M free. Jun 03 11:46:56.868064 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:46:56.868153 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:46:56.882508 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:46:57.022616 osdx ulogd[202949]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Jun 03 11:46:57.022639 osdx ulogd[202949]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Jun 03 11:46:59.176989 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'.
Conntag With Long String In Logs
Description
Verify that long conntag strings are correctly logged and displayed. The system should handle strings up to 255 characters without truncation in logs.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag application-traffic-identifier-v1.2.3-production-env
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.740 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.740/0.740/0.740/0.000 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/140771393e044d28bd27951346e92000/system@61afe6542e0643d3bb92b6d7dbca0db5-0000000000008b50-00065357fc97a519.journal (108.0K). Vacuuming done, freed 108.0K of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.461 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.215 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.288 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2049ms rtt min/avg/max/mdev = 0.215/0.321/0.461/0.103 ms
Step 7: Run the command system conntrack show on DUT0 and expect the following output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=639 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=639 packets=3 bytes=252 mark=0 conntag=application-traffic-identifier-v1.2.3-production-env use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=application-traffic-identifierShow output
Jun 03 11:47:07.956841 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:47:07.959499 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:47:07.959556 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:47:07.966937 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:47:08.068863 osdx ulogd[203364]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=application-traffic-identifier-v1.2.3-production-env Jun 03 11:47:10.244389 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system conntrack show'.
Conntag With Multiple Policies
Description
Verify that different traffic policies can set different conntag values, and each connection is tagged appropriately based on which policy rule matched.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_MULTI set service ssh set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_MULTI rule 1 selector SEL_ICMP set traffic policy POLICY_MULTI rule 1 set conntag icmp-traffic-tag set traffic policy POLICY_MULTI rule 2 selector SEL_TCP set traffic policy POLICY_MULTI rule 2 set conntag tcp-traffic-tag set traffic selector SEL_ICMP rule 1 protocol icmp set traffic selector SEL_TCP rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.37 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.473 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.248 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2031ms rtt min/avg/max/mdev = 0.248/0.697/1.370/0.484 ms
Step 4: Run the command system conntrack clear on DUT0 and expect the following output:
Show output
Connection tracking table has been emptied
Step 5: Run the command system journal clear on DUT0 and expect the following output:
Show output
Deleted archived journal /run/log/journal/140771393e044d28bd27951346e92000/system@61afe6542e0643d3bb92b6d7dbca0db5-0000000000008b9f-00065357fd2fab5f.journal (120.0K). Vacuuming done, freed 120.0K of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.629 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.240 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.323 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2052ms rtt min/avg/max/mdev = 0.240/0.397/0.629/0.167 ms
Step 7: Initiate an SSH connection from DUT1 to IP address 192.168.100.1 using user admin:
admin@DUT1$ ssh admin@192.168.100.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.100.1' (ECDSA) to the list of known hosts. admin@192.168.100.1's password: Welcome to Teldat OSDx v4.2.10.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Sun Mar 23 00:01:03 2025 admin@osdx$
Step 8: Run the command system conntrack show on DUT0 and expect the following output:
Show output
tcp 6 19 TIME_WAIT src=192.168.100.2 dst=192.168.100.1 sport=53320 dport=22 packets=25 bytes=5109 src=192.168.100.1 dst=192.168.100.2 sport=22 dport=53320 packets=20 bytes=4841 [ASSURED] mark=0 conntag=tcp-traffic-tag use=1 icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=641 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=641 packets=3 bytes=252 mark=0 conntag=icmp-traffic-tag use=1 conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 9: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=icmp-traffic-tagShow output
Jun 03 11:47:21.210182 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:47:21.213126 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:47:21.213193 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:47:21.221397 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:47:21.335829 osdx ulogd[203862]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Jun 03 11:47:21.335849 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Jun 03 11:47:23.470114 osdx ulogd[203862]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.470139 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.470153 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.652754 osdx sshd[203921]: Accepted password for admin from 192.168.100.2 port 53320 ssh2 Jun 03 11:47:23.660441 osdx sshd[203921]: pam_env(sshd:session): deprecated reading of user environment enabled Jun 03 11:47:23.729628 osdx OSDxCLI[203931]: User 'admin' has logged in. Jun 03 11:47:23.769837 osdx OSDxCLI[203931]: User 'admin' has logged out. Jun 03 11:47:23.773605 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.773630 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.773641 osdx sshd[203930]: Received disconnect from 192.168.100.2 port 53320:11: disconnected by user Jun 03 11:47:23.773790 osdx sshd[203930]: Disconnected from user admin 192.168.100.2 port 53320 Jun 03 11:47:23.774886 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.775146 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.945783 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system conntrack show'.
Step 10: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
CONNTAG=tcp-traffic-tagShow output
Jun 03 11:47:21.210182 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:47:21.213126 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:47:21.213193 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:47:21.221397 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:47:21.335829 osdx ulogd[203862]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Jun 03 11:47:21.335849 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Jun 03 11:47:23.470114 osdx ulogd[203862]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.470139 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.470153 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.652754 osdx sshd[203921]: Accepted password for admin from 192.168.100.2 port 53320 ssh2 Jun 03 11:47:23.660441 osdx sshd[203921]: pam_env(sshd:session): deprecated reading of user environment enabled Jun 03 11:47:23.729628 osdx OSDxCLI[203931]: User 'admin' has logged in. Jun 03 11:47:23.769837 osdx OSDxCLI[203931]: User 'admin' has logged out. Jun 03 11:47:23.773605 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.773630 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.773641 osdx sshd[203930]: Received disconnect from 192.168.100.2 port 53320:11: disconnected by user Jun 03 11:47:23.773790 osdx sshd[203930]: Disconnected from user admin 192.168.100.2 port 53320 Jun 03 11:47:23.774886 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.775146 osdx ulogd[203862]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53320 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53320 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Jun 03 11:47:23.945783 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system conntrack show'. Jun 03 11:47:24.086342 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'.