Conntag
The following scenarios show how the conntag feature integrates with conntrack logging and system conntrack show commands. Conntag allows tagging conntrack entries with string values (up to 255 characters) for traffic identification and logging.
Conntag In Conntrack Show
Description
Verify that conntag values appear correctly in the
system conntrack show command output. The conntag
field should display the string value assigned to the
connection via traffic policy.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.740 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.740/0.740/0.740/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.751 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.313 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.297 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2032ms rtt min/avg/max/mdev = 0.297/0.453/0.751/0.210 ms
Step 6: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=43 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=43 packets=3 bytes=252 mark=0 conntag=my-logged-tag use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Conntag In Conntrack Logging
Description
Verify that conntag values appear in conntrack logging
events when system conntrack logging events is enabled.
The CONNTAG field should be included in log entries for
NEW, UPDATE, and DESTROY events.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.782 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.782/0.782/0.782/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Deleted archived journal /run/log/journal/9342df493a59479ea19be04fa8920e8f/system@d1266c1ac3944b419063d3010cdc4d44-00000000000009ac-00064daba1e84245.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.588 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.257 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.384 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2034ms rtt min/avg/max/mdev = 0.257/0.409/0.588/0.136 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=my-logged-tagShow output
Mar 23 07:03:33.634019 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.8M, max 13.8M, 11.9M free. Mar 23 07:03:33.637003 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:03:33.637053 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:03:33.642917 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:03:33.738104 osdx ulogd[10803]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Mar 23 07:03:33.738127 osdx ulogd[10803]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Conntag In Traffic Policy Log
Description
Verify that conntag values appear in traffic policy log
entries when the log option is enabled on a rule that
sets conntag.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 log prefix CONNTAG set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.869 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.869/0.869/0.869/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Deleted archived journal /run/log/journal/9342df493a59479ea19be04fa8920e8f/system@d1266c1ac3944b419063d3010cdc4d44-00000000000009fc-00064daba270a058.journal (84.0K). Vacuuming done, freed 84.0K of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Vacuuming done, freed 0B of archived journals from /run/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.623 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.311 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.300 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2026ms rtt min/avg/max/mdev = 0.300/0.411/0.623/0.149 ms
Step 7: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
[CONNTAG-1] ACCEPTShow output
Mar 23 07:03:42.867338 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.8M, max 13.8M, 12.0M free. Mar 23 07:03:42.869016 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:03:42.869061 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:03:42.876415 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:03:43.009221 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=48366 DF PROTO=ICMP TYPE=8 CODE=0 ID=47 SEQ=1 Mar 23 07:03:44.011621 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=48422 DF PROTO=ICMP TYPE=8 CODE=0 ID=47 SEQ=2 Mar 23 07:03:45.035590 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=48457 DF PROTO=ICMP TYPE=8 CODE=0 ID=47 SEQ=3
Conntag Persistence Through Connection States
Description
Verify that conntag values persist through different connection states (NEW, ESTABLISHED). The tag should remain associated with the connection throughout its lifecycle.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.991 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.991/0.991/0.991/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Deleted archived journal /run/log/journal/9342df493a59479ea19be04fa8920e8f/system@d1266c1ac3944b419063d3010cdc4d44-0000000000000a2f-00064daba3092236.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.619 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.288 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.321 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2052ms rtt min/avg/max/mdev = 0.288/0.409/0.619/0.148 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[NEW\].*CONNTAG=my-logged-tagShow output
Mar 23 07:03:53.107291 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.8M, max 13.8M, 12.0M free. Mar 23 07:03:53.108340 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:03:53.108389 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:03:53.124042 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:03:53.219157 osdx ulogd[11521]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Mar 23 07:03:53.219184 osdx ulogd[11521]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[UPDATE\].*CONNTAG=my-logged-tagShow output
Mar 23 07:03:53.107291 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.8M, max 13.8M, 12.0M free. Mar 23 07:03:53.108340 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:03:53.108389 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:03:53.124042 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:03:53.219157 osdx ulogd[11521]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Mar 23 07:03:53.219184 osdx ulogd[11521]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Mar 23 07:03:55.357473 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal show | cat'.
Conntag With Long String In Logs
Description
Verify that long conntag strings are correctly logged and displayed. The system should handle strings up to 255 characters without truncation in logs.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag application-traffic-identifier-v1.2.3-production-env
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.800 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.800/0.800/0.800/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Deleted archived journal /run/log/journal/9342df493a59479ea19be04fa8920e8f/system@d1266c1ac3944b419063d3010cdc4d44-0000000000000a80-00064daba3a19926.journal (108.0K). Vacuuming done, freed 108.0K of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.446 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.239 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.237 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2054ms rtt min/avg/max/mdev = 0.237/0.307/0.446/0.098 ms
Step 7: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=51 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=51 packets=3 bytes=252 mark=0 conntag=application-traffic-identifier-v1.2.3-production-env use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=application-traffic-identifierShow output
Mar 23 07:04:03.004440 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.8M, max 13.8M, 11.9M free. Mar 23 07:04:03.006483 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:04:03.006552 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:04:03.015012 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:04:03.151623 osdx ulogd[11895]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=application-traffic-identifier-v1.2.3-production-env Mar 23 07:04:05.277564 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system conntrack show'.
Conntag With Multiple Policies
Description
Verify that different traffic policies can set different conntag values, and each connection is tagged appropriately based on which policy rule matched.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_MULTI set service ssh set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_MULTI rule 1 selector SEL_ICMP set traffic policy POLICY_MULTI rule 1 set conntag icmp-traffic-tag set traffic policy POLICY_MULTI rule 2 selector SEL_TCP set traffic policy POLICY_MULTI rule 2 set conntag tcp-traffic-tag set traffic selector SEL_ICMP rule 1 protocol icmp set traffic selector SEL_TCP rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.669 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.257 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.263 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2044ms rtt min/avg/max/mdev = 0.257/0.396/0.669/0.192 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Deleted archived journal /run/log/journal/9342df493a59479ea19be04fa8920e8f/system@d1266c1ac3944b419063d3010cdc4d44-0000000000000ace-00064daba42b32a3.journal (120.0K). Vacuuming done, freed 120.0K of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Vacuuming done, freed 0B of archived journals from /run/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.571 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.248 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.297 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2042ms rtt min/avg/max/mdev = 0.248/0.372/0.571/0.142 ms
Step 7: Init an SSH connection from DUT1 to IP address 192.168.100.1 with the user admin:
admin@DUT1$ ssh admin@192.168.100.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.100.1' (ECDSA) to the list of known hosts. admin@192.168.100.1's password: Welcome to Teldat OSDx v4.2.9.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Mon Mar 23 06:59:54 2026 admin@osdx$
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 19 TIME_WAIT src=192.168.100.2 dst=192.168.100.1 sport=42630 dport=22 packets=25 bytes=5084 src=192.168.100.1 dst=192.168.100.2 sport=22 dport=42630 packets=20 bytes=4824 [ASSURED] mark=0 conntag=tcp-traffic-tag use=1 icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=53 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=53 packets=3 bytes=252 mark=0 conntag=icmp-traffic-tag use=1 conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=icmp-traffic-tagShow output
Mar 23 07:04:14.760693 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.8M, max 13.8M, 11.9M free. Mar 23 07:04:14.764079 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:04:14.764177 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:04:14.772459 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:04:14.892970 osdx ulogd[12357]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Mar 23 07:04:14.892991 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Mar 23 07:04:17.014345 osdx ulogd[12357]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.014376 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.014412 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.186294 osdx sshd[12399]: Accepted password for admin from 192.168.100.2 port 42630 ssh2 Mar 23 07:04:17.192585 osdx sshd[12399]: pam_env(sshd:session): deprecated reading of user environment enabled Mar 23 07:04:17.259381 osdx OSDxCLI[12409]: User 'admin' has logged in. Mar 23 07:04:17.273999 osdx OSDxCLI[12409]: User 'admin' has logged out. Mar 23 07:04:17.274858 osdx sshd[12408]: Received disconnect from 192.168.100.2 port 42630:11: disconnected by user Mar 23 07:04:17.274864 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.274885 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.274999 osdx sshd[12408]: Disconnected from user admin 192.168.100.2 port 42630 Mar 23 07:04:17.276106 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.276267 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.424501 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system conntrack show'.
Step 10: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=tcp-traffic-tagShow output
Mar 23 07:04:14.760693 osdx systemd-journald[2224]: Runtime Journal (/run/log/journal/9342df493a59479ea19be04fa8920e8f) is 1.8M, max 13.8M, 11.9M free. Mar 23 07:04:14.764079 osdx systemd-journald[2224]: Received client request to rotate journal, rotating. Mar 23 07:04:14.764177 osdx systemd-journald[2224]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9342df493a59479ea19be04fa8920e8f. Mar 23 07:04:14.772459 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal clear'. Mar 23 07:04:14.892970 osdx ulogd[12357]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Mar 23 07:04:14.892991 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Mar 23 07:04:17.014345 osdx ulogd[12357]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.014376 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.014412 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.186294 osdx sshd[12399]: Accepted password for admin from 192.168.100.2 port 42630 ssh2 Mar 23 07:04:17.192585 osdx sshd[12399]: pam_env(sshd:session): deprecated reading of user environment enabled Mar 23 07:04:17.259381 osdx OSDxCLI[12409]: User 'admin' has logged in. Mar 23 07:04:17.273999 osdx OSDxCLI[12409]: User 'admin' has logged out. Mar 23 07:04:17.274858 osdx sshd[12408]: Received disconnect from 192.168.100.2 port 42630:11: disconnected by user Mar 23 07:04:17.274864 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.274885 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.274999 osdx sshd[12408]: Disconnected from user admin 192.168.100.2 port 42630 Mar 23 07:04:17.276106 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.276267 osdx ulogd[12357]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=42630 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42630 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Mar 23 07:04:17.424501 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system conntrack show'. Mar 23 07:04:17.509471 osdx OSDxCLI[2568]: User 'admin' executed a new command: 'system journal show | cat'.