Conntag
The following scenarios show how the conntag feature integrates with conntrack logging and system conntrack show commands. Conntag allows tagging conntrack entries with string values (up to 255 characters) for traffic identification and logging.
Conntag In Conntrack Show
Description
Verify that conntag values appear correctly in the
system conntrack show command output. The conntag
field should display the string value assigned to the
connection via traffic policy.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.618 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.618/0.618/0.618/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.391 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.342 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.269 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2054ms rtt min/avg/max/mdev = 0.269/0.334/0.391/0.050 ms
Step 6: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=926 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=926 packets=3 bytes=252 mark=0 conntag=my-logged-tag use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Conntag In Conntrack Logging
Description
Verify that conntag values appear in conntrack logging
events when system conntrack logging events is enabled.
The CONNTAG field should be included in log entries for
NEW, UPDATE, and DESTROY events.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.264 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.264/0.264/0.264/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/9e2a66651dea45ed982d8152051049c2/system@a3f36fa224174fb38d5255318ea26437-0000000000023842-000651090d24019a.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.475 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.478 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.391 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2038ms rtt min/avg/max/mdev = 0.391/0.448/0.478/0.040 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=my-logged-tagShow output
May 05 02:46:19.319638 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free. May 05 02:46:19.320045 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:46:19.320074 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:46:19.328792 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:46:19.432862 osdx ulogd[685685]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 05 02:46:19.432884 osdx ulogd[685685]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Conntag In Traffic Policy Log
Description
Verify that conntag values appear in traffic policy log
entries when the log option is enabled on a rule that
sets conntag.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 log prefix CONNTAG set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.799 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.799/0.799/0.799/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal. Deleted archived journal /run/log/journal/9e2a66651dea45ed982d8152051049c2/system@a3f36fa224174fb38d5255318ea26437-0000000000023893-000651090dad34ca.journal (84.0K). Vacuuming done, freed 84.0K of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.604 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.253 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.254 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2052ms rtt min/avg/max/mdev = 0.253/0.370/0.604/0.165 ms
Step 7: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
[CONNTAG-1] ACCEPTShow output
May 05 02:46:28.289319 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 12.0M free. May 05 02:46:28.292472 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:46:28.292539 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:46:28.299425 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:46:28.395034 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=40206 DF PROTO=ICMP TYPE=8 CODE=0 ID=930 SEQ=1 May 05 02:46:29.424480 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=40219 DF PROTO=ICMP TYPE=8 CODE=0 ID=930 SEQ=2 May 05 02:46:30.446948 osdx kernel: [CONNTAG-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:de:ad:be:ef:6c:10:08:00 SRC=192.168.100.2 DST=192.168.100.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=40447 DF PROTO=ICMP TYPE=8 CODE=0 ID=930 SEQ=3
Conntag Persistence Through Connection States
Description
Verify that conntag values persist through different connection states (NEW, ESTABLISHED). The tag should remain associated with the connection throughout its lifecycle.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag my-logged-tag
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.741 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.741/0.741/0.741/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Deleted archived journal /run/log/journal/9e2a66651dea45ed982d8152051049c2/system@a3f36fa224174fb38d5255318ea26437-00000000000238c7-000651090e2762ff.journal (112.0K). Vacuuming done, freed 112.0K of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.499 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.423 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.476 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2043ms rtt min/avg/max/mdev = 0.423/0.466/0.499/0.031 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[NEW\].*CONNTAG=my-logged-tagShow output
May 05 02:46:36.383015 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 12.0M free. May 05 02:46:36.385810 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:46:36.385851 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:46:36.391730 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:46:36.493844 osdx ulogd[686405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 05 02:46:36.493862 osdx ulogd[686405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
\[UPDATE\].*CONNTAG=my-logged-tagShow output
May 05 02:46:36.383015 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 12.0M free. May 05 02:46:36.385810 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:46:36.385851 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:46:36.391730 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:46:36.493844 osdx ulogd[686405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 05 02:46:36.493862 osdx ulogd[686405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=my-logged-tag May 05 02:46:38.610365 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal show | cat'.
Conntag With Long String In Logs
Description
Verify that long conntag strings are correctly logged and displayed. The system should handle strings up to 255 characters without truncation in logs.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_TAG set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_TAG rule 1 set conntag application-traffic-identifier-v1.2.3-production-env
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.453 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.453/0.453/0.453/0.000 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Vacuuming done, freed 0B of archived journals from /var/log/journal. Vacuuming done, freed 0B of archived journals from /run/log/journal. Deleted archived journal /run/log/journal/9e2a66651dea45ed982d8152051049c2/system@a3f36fa224174fb38d5255318ea26437-0000000000023919-000651090ea14ec9.journal (108.0K). Vacuuming done, freed 108.0K of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.635 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.297 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.280 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2038ms rtt min/avg/max/mdev = 0.280/0.404/0.635/0.163 ms
Step 7: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=934 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=934 packets=3 bytes=252 mark=0 conntag=application-traffic-identifier-v1.2.3-production-env use=1 conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=application-traffic-identifierShow output
May 05 02:46:44.391933 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free. May 05 02:46:44.395729 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:46:44.395776 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:46:44.401466 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:46:44.501687 osdx ulogd[686780]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=application-traffic-identifier-v1.2.3-production-env May 05 02:46:46.604889 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system conntrack show'.
Conntag With Multiple Policies
Description
Verify that different traffic policies can set different conntag values, and each connection is tagged appropriately based on which policy rule matched.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY_MULTI set service ssh set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY_MULTI rule 1 selector SEL_ICMP set traffic policy POLICY_MULTI rule 1 set conntag icmp-traffic-tag set traffic policy POLICY_MULTI rule 2 selector SEL_TCP set traffic policy POLICY_MULTI rule 2 set conntag tcp-traffic-tag set traffic selector SEL_ICMP rule 1 protocol icmp set traffic selector SEL_TCP rule 1 protocol tcp
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.436 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.503 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.398 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2037ms rtt min/avg/max/mdev = 0.398/0.445/0.503/0.043 ms
Step 4: Run command system conntrack clear at DUT0 and expect this output:
Show output
Connection tracking table has been emptied
Step 5: Run command system journal clear at DUT0 and expect this output:
Show output
Deleted archived journal /run/log/journal/9e2a66651dea45ed982d8152051049c2/system@a3f36fa224174fb38d5255318ea26437-0000000000023968-000651090f1b7f1e.journal (120.0K). Vacuuming done, freed 120.0K of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. Vacuuming done, freed 0B of archived journals from /run/log/journal. Vacuuming done, freed 0B of archived journals from /var/log/journal.
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.353 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.274 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.679 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2040ms rtt min/avg/max/mdev = 0.274/0.435/0.679/0.175 ms
Step 7: Init an SSH connection from DUT1 to IP address 192.168.100.1 with the user admin:
admin@DUT1$ ssh admin@192.168.100.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.100.1' (ECDSA) to the list of known hosts. admin@192.168.100.1's password: Welcome to Teldat OSDx v4.2.9.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue May 5 02:04:20 2026 admin@osdx$
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
icmp 1 29 src=192.168.100.2 dst=192.168.100.1 type=8 code=0 id=936 packets=3 bytes=252 src=192.168.100.1 dst=192.168.100.2 type=0 code=0 id=936 packets=3 bytes=252 mark=0 conntag=icmp-traffic-tag use=1 tcp 6 19 TIME_WAIT src=192.168.100.2 dst=192.168.100.1 sport=53146 dport=22 packets=23 bytes=5007 src=192.168.100.1 dst=192.168.100.2 sport=22 dport=53146 packets=21 bytes=4911 [ASSURED] mark=0 conntag=tcp-traffic-tag use=1 conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=icmp-traffic-tagShow output
May 05 02:46:55.160679 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free. May 05 02:46:55.161065 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:46:55.161093 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:46:55.169430 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:46:55.270986 osdx ulogd[687238]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 05 02:46:55.271004 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 05 02:46:57.398737 osdx ulogd[687238]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.398755 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.398766 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.548972 osdx sshd[687283]: Accepted password for admin from 192.168.100.2 port 53146 ssh2 May 05 02:46:57.554693 osdx sshd[687283]: pam_env(sshd:session): deprecated reading of user environment enabled May 05 02:46:57.626478 osdx OSDxCLI[687293]: User 'admin' has logged in. May 05 02:46:57.640078 osdx OSDxCLI[687293]: User 'admin' has logged out. May 05 02:46:57.644429 osdx sshd[687292]: Received disconnect from 192.168.100.2 port 53146:11: disconnected by user May 05 02:46:57.644459 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.644535 osdx sshd[687292]: Disconnected from user admin 192.168.100.2 port 53146 May 05 02:46:57.645513 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.645533 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.775019 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system conntrack show'.
Step 10: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
CONNTAG=tcp-traffic-tagShow output
May 05 02:46:55.160679 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free. May 05 02:46:55.161065 osdx systemd-journald[1908]: Received client request to rotate journal, rotating. May 05 02:46:55.161093 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2. May 05 02:46:55.169430 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal clear'. May 05 02:46:55.270986 osdx ulogd[687238]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 05 02:46:55.271004 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 CONNTAG=icmp-traffic-tag May 05 02:46:57.398737 osdx ulogd[687238]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.398755 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.398766 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.548972 osdx sshd[687283]: Accepted password for admin from 192.168.100.2 port 53146 ssh2 May 05 02:46:57.554693 osdx sshd[687283]: pam_env(sshd:session): deprecated reading of user environment enabled May 05 02:46:57.626478 osdx OSDxCLI[687293]: User 'admin' has logged in. May 05 02:46:57.640078 osdx OSDxCLI[687293]: User 'admin' has logged out. May 05 02:46:57.644429 osdx sshd[687292]: Received disconnect from 192.168.100.2 port 53146:11: disconnected by user May 05 02:46:57.644459 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.644535 osdx sshd[687292]: Disconnected from user admin 192.168.100.2 port 53146 May 05 02:46:57.645513 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.645533 osdx ulogd[687238]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=TCP SPT=53146 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=53146 PKTS=0 BYTES=0 CONNTAG=tcp-traffic-tag May 05 02:46:57.775019 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system conntrack show'. May 05 02:46:57.841815 osdx OSDxCLI[598646]: User 'admin' executed a new command: 'system journal show | cat'.