93 lines
3.9 KiB
Markdown
93 lines
3.9 KiB
Markdown
|
# 南京环境:firewall因未获取到streaminfo对应的session造成段错误
|
|||
|
|
|
|||
|
|
| ID | Creation Date | Assignee | Status |
|
|||
|
|
|----|----------------|----------|--------|
|
|||
|
|
| OMPUB-1195 | 2024-03-25T13:24:32.000+0800 | 杨威 | 已关闭 |
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
*故障范围*
|
|||
|
|
* 2024-03-22 PM,设备IP 192.168.12.4频繁出现coredump
|
|||
|
|
|
|||
|
|
*问题描述*
|
|||
|
|
* stellar-c v1.0.15版本增加了仅为innermost会话(sapp stream)创建stellar session的逻辑
|
|||
|
|
* sapp上的L7 decoder对所有的会话(sapp stream)进行识别和解析,可能导致sapp stream和stellar session不对应的情况
|
|||
|
|
** 例如dns decoder解析出的结果,上送至firewall,如果stellar-c认为这个sapp stream并非innermost,则将导致firewall无法通过sapp stream找到stellar session
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
!image-2024-03-25-13-16-31-386.png!
|
|||
|
|
|
|||
|
|
*临时修复方案*
|
|||
|
|
* 2024-03-22 PM,所有设备临时回退至stellar-c v1.0.14
|
|||
|
|
* 23-24日未再出现相同的coredump现场
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
*后续排查*
|
|||
|
|
* 继续定位故障原因,确定是由于decoder错误解析,还是sapp对于innermost会话的判断有误
|
|||
|
|
|
|||
|
|
**yangwei** commented on *2024-03-25T15:49:02.874+0800*:
|
|||
|
|
|
|||
|
|
进一步定位原因为,sapp存在将dns数据包误识别为teredo隧道的情况
|
|||
|
|
|
|||
|
|
[^dns-to-teredo.pcap]
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
相关组件做如下更新:
|
|||
|
|
* ^stellar_on_sapp: 对于innermost的判断,仅针对GTP Tunnel^
|
|||
|
|
** ^原因:innermost判断主要针对在sapp上一个数据包能够触发多个TCP/UDP流的情况,目前仅有Teredo和GTP两类隧道的外层是UDP协议,能够额外触发一个sapp上的stream,考虑到Teredo隧道本身并没有负载上的强特征,因此仅对GTP隧道进行排除^
|
|||
|
|
* ^sapp:对于teredo的判断,暂时仅支持标准端口^
|
|||
|
|
** ^原因:Teredo隧道本身并没有负载上的强特征,当前是基于UDP负载强制转换为IPv6头部,并根据RFC4380-Page12的定义进行判断,误识别的概率较高,在未找到适合的判断依据前,加上对默认端口(UDP 3544)的判断以增强准确性^
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**gitlab** commented on *2024-03-25T19:49:08.305+0800*:
|
|||
|
|
|
|||
|
|
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/8abcbf8a2757f794f51d12eb89acf75d82626738] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.02-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.02-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**gitlab** commented on *2024-03-25T19:50:13.159+0800*:
|
|||
|
|
|
|||
|
|
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/2284] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.02-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.02-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**gitlab** commented on *2024-03-25T19:59:33.527+0800*:
|
|||
|
|
|
|||
|
|
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/7c1e55db1beabde6114fa6c6228beef7842191ba] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.03-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.03-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**gitlab** commented on *2024-03-25T20:00:32.643+0800*:
|
|||
|
|
|
|||
|
|
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/2285] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.03-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.03-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
## Attachments
|
|||
|
|
|
|||
|
|
**54168/dns-to-teredo.pcap**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**54157/image-2024-03-25-13-16-31-386.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|