Conntag
The following scenarios show how the conntag feature integrates with conntrack logging and system conntrack show commands. Conntag allows tagging conntrack entries with string values (up to 255 characters) for traffic identification and logging.
Conntag In Conntrack Show
Description
Verify that conntag values appear correctly in the
system conntrack show command output. The conntag
field should display the string value assigned to the
connection via traffic policy.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.772 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.772/0.772/0.772/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.613 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.267 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.253 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2027ms rtt min/avg/max/mdev = 0.253/0.377/0.613/0.166 ms
Step 6: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=238 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=238 packets=3 bytes=252 mark=0 conntag=my-logged-tag use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Conntag In Conntrack Logging
Description
Verify that conntag values appear in conntrack logging
events when system conntrack logging events is enabled.
The CONNTAG field should be included in log entries for
NEW, UPDATE, and DESTROY events.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.688 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.688/0.688/0.688/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Deleted archived journal /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21/system@d7e300002d97421d9dea8194454ddaa3-0000000000008b69-00064f96195aab79.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.574 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.312 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.339 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2036ms rtt min/avg/max/mdev = 0.312/0.408/0.574/0.117 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=my-logged-tagShow output
Apr 16 16:12:32.529914 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:12:32.531486 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:12:32.531555 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:12:32.545949 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:12:32.656015 osdx ulogd[176194]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Apr 16 16:12:32.656037 osdx ulogd[176194]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Conntag In Traffic Policy Log
Description
Verify that conntag values appear in traffic policy log
entries when the log option is enabled on a rule that
sets conntag.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 log prefix CONNTAG set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.48 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.483/1.483/1.483/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21/system@d7e300002d97421d9dea8194454ddaa3-0000000000008bba-00064f961a227cd5.journal (84.0K). Vacuuming done, freed 84.0K of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.723 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.385 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.345 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2053ms rtt min/avg/max/mdev = 0.345/0.484/0.723/0.169 ms
Step 7: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
[CONNTAG-1] ACCEPTShow output
Apr 16 16:12:46.707905 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 12.0M free. Apr 16 16:12:46.713664 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:12:46.713778 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:12:46.727892 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:12:46.845311 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=18540 DF PROTO=ICMP TYPE=8 CODE=0 ID=242 SEQ=1 Apr 16 16:12:47.874346 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=18734 DF PROTO=ICMP TYPE=8 CODE=0 ID=242 SEQ=2 Apr 16 16:12:48.898159 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=18802 DF PROTO=ICMP TYPE=8 CODE=0 ID=242 SEQ=3
Conntag Persistence Through Connection States
Description
Verify that conntag values persist through different connection states (NEW, ESTABLISHED). The tag should remain associated with the connection throughout its lifecycle.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.853 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.853/0.853/0.853/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21/system@d7e300002d97421d9dea8194454ddaa3-0000000000008bee-00064f961af757f3.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.361 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.266 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.297 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2049ms rtt min/avg/max/mdev = 0.266/0.308/0.361/0.039 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[NEW\].*CONNTAG=my-logged-tagShow output
Apr 16 16:12:59.900423 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 12.0M free. Apr 16 16:12:59.903911 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:12:59.903995 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:12:59.914681 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:13:00.044008 osdx ulogd[176916]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Apr 16 16:13:00.044035 osdx ulogd[176916]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[UPDATE\].*CONNTAG=my-logged-tagShow output
Apr 16 16:12:59.900423 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 12.0M free. Apr 16 16:12:59.903911 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:12:59.903995 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:12:59.914681 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:13:00.044008 osdx ulogd[176916]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Apr 16 16:13:00.044035 osdx ulogd[176916]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag Apr 16 16:13:02.183171 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'.
Conntag With Long String In Logs
Description
Verify that long conntag strings are correctly logged and displayed. The system should handle strings up to 255 characters without truncation in logs.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag application-traffic-identifier-v1.2.3-production-env
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=2.96 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.960/2.960/2.960/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21/system@d7e300002d97421d9dea8194454ddaa3-0000000000008c40-00064f961bae6888.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.593 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.266 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.252 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2046ms rtt min/avg/max/mdev = 0.252/0.370/0.593/0.157 ms
Step 7: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=246 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=246 packets=3 bytes=252 mark=0 conntag=application-traffic-identifier-v1.2.3-production-env use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=application-traffic-identifierShow output
Apr 16 16:13:12.063336 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:13:12.064286 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:13:12.064334 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:13:12.081683 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:13:12.215066 osdx ulogd[177294]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=application-traffic-identifier-v1.2.3-production-env Apr 16 16:13:14.380664 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack show'.
Conntag With Multiple Policies
Description
Verify that different traffic policies can set different conntag values, and each connection is tagged appropriately based on which policy rule matched.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_MULTI set service ssh set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_MULTI rule 1 selector SEL_ICMP set traffic policy POLICY_MULTI rule 1 set conntag icmp-traffic-tag set traffic policy POLICY_MULTI rule 2 selector SEL_TCP set traffic policy POLICY_MULTI rule 2 set conntag tcp-traffic-tag set traffic selector SEL_ICMP rule 1 protocol icmp set traffic selector SEL_TCP rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.924 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.996 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.301 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.301/0.740/0.996/0.312 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Deleted archived journal /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21/system@d7e300002d97421d9dea8194454ddaa3-0000000000008c90-00064f961c8386a3.journal (120.0K). Vacuuming done, freed 120.0K of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.502 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.315 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.315 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2051ms rtt min/avg/max/mdev = 0.315/0.377/0.502/0.088 ms
Step 7: Init an SSH connection from DUT1 to IP address 192.168.100.1 with the user admin:
admin@DUT1$ ssh admin@192.168.100.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.100.1' (ECDSA) to the list of known hosts. admin@192.168.100.1's password: Welcome to Teldat OSDx v4.2.9.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Sun Mar 23 00:01:03 2025 admin@osdx$
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 19 TIME_WAIT src=192.168.100.2 dst=192.168.100.1 sport=37468 dport=22 packets=25 bytes=5084 src=192.168.100.1 dst=192.168.100.2 sport=22 dport=37468 packets=20 bytes=4796 [ASSURED] mark=0 conntag=tcp-traffic-tag use=1 icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=248 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=248 packets=3 bytes=252 mark=0 conntag=icmp-traffic-tag use=1 conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=icmp-traffic-tagShow output
Apr 16 16:13:28.711125 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 2.4M, max 13.8M, 11.3M free. Apr 16 16:13:28.714433 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:13:28.714545 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:13:28.726150 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:13:28.824281 osdx ulogd[177752]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Apr 16 16:13:28.824313 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Apr 16 16:13:30.965767 osdx ulogd[177752]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:30.965791 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:30.966221 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.139589 osdx sshd[177795]: Accepted password for admin from 192.168.100.2 port 37468 ssh2 Apr 16 16:13:31.148347 osdx sshd[177795]: pam_env(sshd:session): deprecated reading of user environment enabled Apr 16 16:13:31.224416 osdx OSDxCLI[177805]: User 'admin' has logged in. Apr 16 16:13:31.240702 osdx OSDxCLI[177805]: User 'admin' has logged out. Apr 16 16:13:31.247063 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.247961 osdx sshd[177804]: Received disconnect from 192.168.100.2 port 37468:11: disconnected by user Apr 16 16:13:31.248107 osdx sshd[177804]: Disconnected from user admin 192.168.100.2 port 37468 Apr 16 16:13:31.248185 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.249450 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.249852 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.507469 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack show'.
Step 10: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=tcp-traffic-tagShow output
Apr 16 16:13:28.711125 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 2.4M, max 13.8M, 11.3M free. Apr 16 16:13:28.714433 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:13:28.714545 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:13:28.726150 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:13:28.824281 osdx ulogd[177752]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Apr 16 16:13:28.824313 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag Apr 16 16:13:30.965767 osdx ulogd[177752]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:30.965791 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:30.966221 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.139589 osdx sshd[177795]: Accepted password for admin from 192.168.100.2 port 37468 ssh2 Apr 16 16:13:31.148347 osdx sshd[177795]: pam_env(sshd:session): deprecated reading of user environment enabled Apr 16 16:13:31.224416 osdx OSDxCLI[177805]: User 'admin' has logged in. Apr 16 16:13:31.240702 osdx OSDxCLI[177805]: User 'admin' has logged out. Apr 16 16:13:31.247063 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.247961 osdx sshd[177804]: Received disconnect from 192.168.100.2 port 37468:11: disconnected by user Apr 16 16:13:31.248107 osdx sshd[177804]: Disconnected from user admin 192.168.100.2 port 37468 Apr 16 16:13:31.248185 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.249450 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.249852 osdx ulogd[177752]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=37468 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37468 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag Apr 16 16:13:31.507469 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system conntrack show'. Apr 16 16:13:31.592622 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'.