105 lines
4.6 KiB
Markdown
105 lines
4.6 KiB
Markdown
# 亦庄环境:同时开启shunt策略和intercept策略导致测试环境断网
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-941 | 2023-06-07T11:44:59.000+0800 | 刘学利 | 已解决 |
|
||
|
||
|
||
---
|
||
|
||
现象:
|
||
同时开启shunt策略和intercept策略,测试环境断网。单独关闭shunt策略或intercept策略,网络立刻恢复。
|
||
|
||
TSG版本:TSG-23.05
|
||
OS版本:TSG-OS v23.05-rc2-124a06b (TSGXNXR620G40R01P0906)
|
||
流量接入模式:双臂接入
|
||
|
||
shunt策略配置如下:
|
||
!image-2023-06-07-11-42-09-829.png|thumbnail!
|
||
|
||
intercpet策略配置如下:
|
||
!image-2023-06-07-11-42-54-035.png|thumbnail! **liuxueli** commented on *2023-06-07T14:37:47.153+0800*:
|
||
|
||
* 同时命中shunt和intercept策略,master先处理的intercept策略,再处理的shunt策略,intercept策略被执行后KNI收不到后续的数据包(TFE已完成TCP的repair),导致链接被中断。
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-06-07T14:42:17.145+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/tango/tsg_master/-/commit/4abb2e99288365380d0adbb6b28b8f95d87a499b] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941]:{quote}OMPUB-941: 同时命中security(shunt)和intercept策略,优先执行security策略{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-06-07T15:34:21.527+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/tango/tsg_master/-/commit/4de70e9037cbec7a7860254fb567bc08d9547f8b] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941-v23.05|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941-v23.05]:{quote}OMPUB-941: 同时命中security(shunt)和intercept策略,优先执行security策略{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**liuyang** commented on *2023-06-07T16:48:48.209+0800*:
|
||
|
||
补充:同时配置shunt和shaping策略也断网 [~liuxueli]
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-06-07T18:06:23.503+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/tango/tsg_master/-/commit/4b023ef2305b676ae9932d4f644d42de98f108ce] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941]:{quote}OMPUB-941: 同时命中security(shunt)和intercept策略,优先执行security策略{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-06-07T18:07:41.819+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tango/tsg_master/-/merge_requests/346] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941]:{quote}Resolve OMPUB-941 "Bugfix hitted security shunt and intercept "{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhangzhihan** commented on *2023-06-08T10:18:51.849+0800*:
|
||
|
||
亦庄现场已更新 tsg_master-6.0.17.4de70e9-1.el8.x86_64 ,同时开启shunt策略、intercept策略或shaping策略,均优先执行shunt策略,intercept策略或shaping策略无效
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-06-08T20:52:14.656+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/56748f01c57b1232422880b97810278342bd40c7] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-v23.06-firewall-v4|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-v23.06-firewall-v4]:{quote}更新tsg_master、firewall、packet_capture_plug、app_sketch_local,修复或适配:{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-06-08T20:52:32.659+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/1372] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-v23.06-firewall-v4|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-v23.06-firewall-v4]:{quote}更新tsg_master、firewall、packet_capture_plug、app_sketch_local,修复或适配:{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**39061/image-2023-06-07-11-42-09-829.png**
|
||
|
||
---
|
||
|
||
**39060/image-2023-06-07-11-42-54-035.png**
|
||
|
||
---
|
||
|