admin/geedge-jira
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a8bfef5778fc7ddd06fa05776bf1ecd0f61d4c4
geedge-jira/md/OMPUB-1195.md
hello 46daec8ae4 first
2025-09-14 21:52:36 +00:00

93 lines
3.9 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 南京环境firewall因未获取到streaminfo对应的session造成段错误
| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-1195 | 2024-03-25T13:24:32.000+0800 | 杨威 | 已关闭 |
---
*故障范围*
* 2024-03-22 PM设备IP 192.168.12.4频繁出现coredump
*问题描述*
* stellar-c v1.0.15版本增加了仅为innermost会话sapp stream创建stellar session的逻辑
* sapp上的L7 decoder对所有的会话(sapp stream)进行识别和解析可能导致sapp stream和stellar session不对应的情况
** 例如dns decoder解析出的结果上送至firewall如果stellar-c认为这个sapp stream并非innermost则将导致firewall无法通过sapp stream找到stellar session
 
!image-2024-03-25-13-16-31-386.png!
*临时修复方案*
* 2024-03-22 PM所有设备临时回退至stellar-c v1.0.14
* 23-24日未再出现相同的coredump现场
 
*后续排查*
* 继续定位故障原因确定是由于decoder错误解析还是sapp对于innermost会话的判断有误
 **yangwei** commented on *2024-03-25T15:49:02.874+0800*:
进一步定位原因为sapp存在将dns数据包误识别为teredo隧道的情况
[^dns-to-teredo.pcap]
 
相关组件做如下更新:
* ^stellar_on_sapp: 对于innermost的判断仅针对GTP Tunnel^
** ^原因innermost判断主要针对在sapp上一个数据包能够触发多个TCP/UDP流的情况目前仅有Teredo和GTP两类隧道的外层是UDP协议能够额外触发一个sapp上的stream考虑到Teredo隧道本身并没有负载上的强特征因此仅对GTP隧道进行排除^
* ^sapp对于teredo的判断暂时仅支持标准端口^
** ^原因Teredo隧道本身并没有负载上的强特征当前是基于UDP负载强制转换为IPv6头部并根据RFC4380-Page12的定义进行判断误识别的概率较高在未找到适合的判断依据前加上对默认端口UDP 3544的判断以增强准确性^
---
**gitlab** commented on *2024-03-25T19:49:08.305+0800*:
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/8abcbf8a2757f794f51d12eb89acf75d82626738] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.02-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.02-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
---
**gitlab** commented on *2024-03-25T19:50:13.159+0800*:
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/2284] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.02-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.02-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
---
**gitlab** commented on *2024-03-25T19:59:33.527+0800*:
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/7c1e55db1beabde6114fa6c6228beef7842191ba] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.03-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.03-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
---
**gitlab** commented on *2024-03-25T20:00:32.643+0800*:
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/2285] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [Update-24.03-sapp-stellar-c|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/Update-24.03-sapp-stellar-c]:{quote}🐞 fix(stellar-c & sapp): Fix OMPUB-1195{quote}
---
## Attachments
**54168/dns-to-teredo.pcap**
---
**54157/image-2024-03-25-13-16-31-386.png**
---
Reference in New Issue View Git Blame Copy Permalink