2025-09-14 21:52:36 +00:00
|
|
|
|
# 【E21】Psiphon3应用特征中白名单保护机制未生效
|
|
|
|
|
|
|
|
|
|
|
|
| ID | Creation Date | Assignee | Status |
|
|
|
|
|
|
|----|----------------|----------|--------|
|
|
|
|
|
|
| OMPUB-664 | 2022-10-12T10:57:34.000+0800 | 窦凤虎 | 已关闭 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
2022.10.10用户下发ID为9367的策略对Psiphon3应用进行Deny,策略下发后Google等应用无法正常访问;
|
|
|
|
|
|
|
|
|
|
|
|
经排查,Google相关应用流量被误识别为Psiphon3导致被误封,具体排查过程参见[https://docs.geedge.net/display/TSGEN/The+collateral+damage+analysis+of+Psiphon3+Blocking]
|
|
|
|
|
|
|
|
|
|
|
|
排查过程中如下问题需要进一步跟进,对于双向流量或者C2S侧流量:
|
|
|
|
|
|
* 日志中包含google的SNI并未被TOP SNI学习到,且TOP SNI中全部为完全匹配的SNI没有右匹配SNI
|
|
|
|
|
|
* 日志中google的server ip并未被TOP Server IP学习到
|
|
|
|
|
|
|
|
|
|
|
|
请[~doufenghu] 帮忙确认以上现象是否正常?**zhangwei** commented on *2022-10-12T11:08:17.566+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
CM学习Top SNI时,学习到小于3字节的SNI,导致该学习事务回滚,新数据未写入数据库。Top Server IP的学习任务未见异常。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**fengjunfeng** commented on *2022-10-12T16:50:08.246+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
现场数据SNI.json中发现以下异常数据:$a $o $t $w $am $
|
|
|
|
|
|
|
|
|
|
|
|
CM后续学习任务优化:异常数据丢弃
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**liuyang** commented on *2022-10-13T11:05:53.434+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
请为TSG22.07版本准备升级文件,文件上传至 [https://de.files.gdnt-cloud.com/library/96d36930-4dff-4777-96d0-84e77c869c31/E21/upgrade/TSG22.07_upgrade]
|
|
|
|
|
|
|
|
|
|
|
|
在[https://docs.geedge.net/pages/viewpage.action?pageId=58298244]创建子页面,说明:升级目的、升级包获取(包括路径、文件名、MD5值)、升级步骤、升级后验证
|
|
|
|
|
|
|
|
|
|
|
|
[~leijun]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**zhangwei** commented on *2022-10-13T14:16:35.101+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
{quote}请为TSG22.07版本准备升级文件,文件上传至 [https://de.files.gdnt-cloud.com/library/96d36930-4dff-4777-96d0-84e77c869c31/E21/upgrade/TSG22.07_upgrade]
|
|
|
|
|
|
|
|
|
|
|
|
在[https://docs.geedge.net/pages/viewpage.action?pageId=58298244]创建子页面,说明:升级目的、升级包获取(包括路径、文件名、MD5值)、升级步骤、升级后验证
|
|
|
|
|
|
{quote}
|
|
|
|
|
|
本次只升级Webfocus模块
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**zhangwei** commented on *2022-10-17T11:41:00.373+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
Webfocus升级说明:https://docs.geedge.net/pages/viewpage.action?pageId=82872707
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**liuju** commented on *2022-10-18T15:20:06.567+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
已根据升级文档步骤完成webfocus升级,将界面导出 的top sni和查询galaxy 导出的top sni上传附件
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**fengjunfeng** commented on *2022-10-19T16:24:17.795+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
根据日志及导出数据总结:
|
|
|
|
|
|
|
|
|
|
|
|
E21 2022-10-18 10:44:57学习批次:fqdn_20221018083315-new.txt学习到数据30000条,其中异常数据16条,重复数据10条,入库数据29974条
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**fengjunfeng** commented on *2022-10-19T16:38:43.199+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
fqdn_20221018083315-new.txt文件和qgw_top_sni_new文件,数据差异为200条,经与Galaxy同事联调沟通,使用相同的学习条件(时间范围),多次调用Galaxy接口,存在Galaxy返回的结果数据不一致的情况。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
# Attachments
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
Attachment: App+Client+IPs.txt
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[App+Client+IPs.txt](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31580/App+Client+IPs.txt)
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
Attachment: fqdn_20221018065400.txt
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[fqdn_20221018065400.txt](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31739/fqdn_20221018065400.txt)
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
Attachment: fqdn_20221018083315-new.txt
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[fqdn_20221018083315-new.txt](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31755/fqdn_20221018083315-new.txt)
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
Attachment: FQDNs.txt
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[FQDNs.txt](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31582/FQDNs.txt)
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
Attachment: qgw_top_sni
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[qgw_top_sni](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31738/qgw_top_sni)
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
Attachment: qgw_top_sni_new
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[qgw_top_sni_new](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31754/qgw_top_sni_new)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Attachment: SNI.json
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[SNI.json](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31591/SNI.json)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Attachment: top+Server+IPs.txt
|
2025-09-14 22:27:11 +00:00
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
[top+Server+IPs.txt](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/31581/top+Server+IPs.txt)
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
