310 lines
24 KiB
Markdown
310 lines
24 KiB
Markdown
# M22: Signature中引用不合法的LUA脚本执行报错时导致工作线程严重锁冲突
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-1256 | 2024-04-23T17:29:38.000+0800 | 杨威 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
* M22: Signature中引用不合法的LUA脚本执行报错时导致工作线程严重锁冲突
|
||
** lua脚本见附件
|
||
** 栈信息:
|
||
***
|
||
{code:java}
|
||
172 Thread 0x7ffa5eb65700 (LWP 282) "sapp" 0x00007ffff67ec180 in nanosleep () from /lib64/libpthread.so.0
|
||
173 Thread 0x7ffa5e364700 (LWP 283) "sapp_marsio_0" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
174 Thread 0x7ffa5db63700 (LWP 284) "sapp_marsio_1" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
175 Thread 0x7ffa5cfff700 (LWP 285) "sapp_marsio_2" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
176 Thread 0x7ffa5c1ff700 (LWP 286) "sapp_marsio_3" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
177 Thread 0x7ffa5b3ff700 (LWP 287) "sapp_marsio_4" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
178 Thread 0x7ffa5a9fe700 (LWP 288) "sapp_marsio_5" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
179 Thread 0x7ffa597ff700 (LWP 289) "sapp_marsio_6" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
180 Thread 0x7ffa58bff700 (LWP 290) "sapp_marsio_7" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
181 Thread 0x7ffa57dff700 (LWP 291) "sapp_marsio_8" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
182 Thread 0x7ffa56fff700 (LWP 292) "sapp_marsio_9" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
183 Thread 0x7ffa561ff700 (LWP 293) "sapp_marsio_10" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
184 Thread 0x7ffa551ff700 (LWP 294) "sapp_marsio_11" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
185 Thread 0x7ffa545ff700 (LWP 295) "sapp_marsio_12" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
186 Thread 0x7ffa533ff700 (LWP 296) "sapp_marsio_13" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
187 Thread 0x7ffa529fe700 (LWP 297) "sapp_marsio_14" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
188 Thread 0x7ffa51bff700 (LWP 298) "sapp_marsio_15" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
189 Thread 0x7ffa50dff700 (LWP 299) "sapp_marsio_16" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
190 Thread 0x7ffa4ffff700 (LWP 300) "sapp_marsio_17" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
191 Thread 0x7ffa4f3ff700 (LWP 301) "sapp_marsio_18" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
192 Thread 0x7ffa4e5ff700 (LWP 302) "sapp_marsio_19" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
193 Thread 0x7ffa4d7ff700 (LWP 303) "sapp_marsio_20" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
194 Thread 0x7ffa4c9ff700 (LWP 304) "sapp_marsio_21" 0x00000000004736e1 in bitmap_increment (bitmap=0x7ffeb9a21800, index=<optimized out>, offset=<optimized out>)
|
||
at /home/yangwei/platform/sapp/src/support/dablooms/src/dablooms.c:116
|
||
195 Thread 0x7ffa4b9ff700 (LWP 305) "sapp_marsio_22" 0x00007ffff67e4b67 in pthread_mutex_lock () from /lib64/libpthread.so.0
|
||
196 Thread 0x7ffa4abff700 (LWP 306) "sapp_marsio_23" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
197 Thread 0x7ffa49dff700 (LWP 307) "sapp_marsio_24" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
198 Thread 0x7ffa491ff700 (LWP 308) "sapp_marsio_25" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
199 Thread 0x7ffa483ff700 (LWP 309) "sapp_marsio_26" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
200 Thread 0x7ffa471ff700 (LWP 310) "sapp_marsio_27" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
201 Thread 0x7ffa467fe700 (LWP 311) "sapp_marsio_28" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
202 Thread 0x7ffa459ff700 (LWP 312) "sapp_marsio_29" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
203 Thread 0x7ffa44bff700 (LWP 313) "sapp_marsio_30" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
204 Thread 0x7ffa43dff700 (LWP 314) "sapp_marsio_31" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
205 Thread 0x7ffa42fff700 (LWP 315) "sapp_marsio_32" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
206 Thread 0x7ffa421ff700 (LWP 316) "sapp_marsio_33" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
207 Thread 0x7ffa413ff700 (LWP 317) "sapp_marsio_34" 0x00007ffff67ec180 in nanosleep () from /lib64/libpthread.so.0
|
||
208 Thread 0x7ffa405ff700 (LWP 318) "sapp_marsio_35" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
209 Thread 0x7ffa3f7ff700 (LWP 319) "sapp_marsio_36" 0x00007ffff67eb831 in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
210 Thread 0x7ffa3ebff700 (LWP 320) "sapp_marsio_37" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
211 Thread 0x7ffa3dbff700 (LWP 321) "sapp_marsio_38" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
212 Thread 0x7ffa3cbff700 (LWP 322) "sapp_marsio_39" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
213 Thread 0x7ffa3c1fe700 (LWP 323) "sapp_marsio_40" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
214 Thread 0x7ffa3b3ff700 (LWP 324) "sapp_marsio_41" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
215 Thread 0x7ffa3a5ff700 (LWP 325) "sapp_marsio_42" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
216 Thread 0x7ffa397ff700 (LWP 326) "sapp_marsio_43" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
217 Thread 0x7ffa389ff700 (LWP 327) "sapp_marsio_44" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
218 Thread 0x7ffa37bff700 (LWP 328) "sapp_marsio_45" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
219 Thread 0x7ffa36dff700 (LWP 329) "sapp_marsio_46" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
220 Thread 0x7ffa35fff700 (LWP 330) "sapp_marsio_47" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0
|
||
221 Thread 0x7ffa351ff700 (LWP 331) "sapp_marsio_48" 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
222 Thread 0x7ffa343ff700 (LWP 332) "sapp_marsio_49" 0x00007ffff67eb82d in __lll_lock_wait () from /lib64/libpthread.so.0 {code}
|
||
|
||
*
|
||
**
|
||
***
|
||
{code:java}
|
||
(gdb) thr 196
|
||
[Switching to thread 196 (Thread 0x7ffa4abff700 (LWP 306))]
|
||
#0 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
(gdb) bt
|
||
#0 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
#1 0x00007ffff67e62e6 in __pthread_mutex_unlock_usercnt () from /lib64/libpthread.so.0
|
||
#2 0x00007ffff5800073 in dl_iterate_phdr () from /lib64/libc.so.6
|
||
#3 0x00007ffff5a6f175 in _Unwind_Find_FDE () from /lib64/libgcc_s.so.1
|
||
#4 0x00007ffff5a6b713 in uw_frame_state_for () from /lib64/libgcc_s.so.1
|
||
#5 0x00007ffff5a6cb2d in _Unwind_RaiseException_Phase2 () from /lib64/libgcc_s.so.1
|
||
#6 0x00007ffff5a6d071 in _Unwind_RaiseException () from /lib64/libgcc_s.so.1
|
||
#7 0x00007ffe34a636fb in lj_err_throw () from /opt/tsg/framework/lib/libelua.so
|
||
#8 0x00007ffe34a63a7f in lj_err_run () from /opt/tsg/framework/lib/libelua.so
|
||
#9 0x00007ffe34a63bad in err_msgv () from /opt/tsg/framework/lib/libelua.so
|
||
#10 0x00007ffe34a63cfc in lj_err_optype () from /opt/tsg/framework/lib/libelua.so
|
||
#11 0x00007ffe34a84f86 in lj_meta_tget () from /opt/tsg/framework/lib/libelua.so
|
||
#12 0x00007ffe34a7f79b in lj_vmeta_tgetv () from /opt/tsg/framework/lib/libelua.so
|
||
#13 0x00007ffe34a6d32c in lua_pcall () from /opt/tsg/framework/lib/libelua.so
|
||
#14 0x00007ffe34a62699 in elua_execute_script(elua_script*, char const*, unsigned long, void*, elua_context*, elua_data*) () from /opt/tsg/framework/lib/libelua.so
|
||
#15 0x00007ffe34ce1acd in app_sketch_call_lua_script(session*, elua_vm*, lua_rt_info*, char*, unsigned long, lua_extract_attribute*, int) () from ./stellar_plugin/context_based_detector.so
|
||
#16 0x00007ffe34cdf690 in session_lua_script_exec(session*, lua_runtime_context const*, int) () from ./stellar_plugin/context_based_detector.so
|
||
#17 0x00007ffe34cded94 in context_based_detector_session_entry(session*, int, packet const*, void*) () from ./stellar_plugin/context_based_detector.so
|
||
#18 0x00007ffe383f5b42 in session_dispatch () from ./plug/stellar_on_sapp/stellar_on_sapp.so
|
||
#19 0x00007ffe383f4394 in adapter_session_state_update () from ./plug/stellar_on_sapp/stellar_on_sapp.so
|
||
#20 0x00007ffe383f3433 in loader_transfer_stream_entry.constprop () from ./plug/stellar_on_sapp/stellar_on_sapp.so
|
||
#21 0x0000000000436915 in plugin_call_streamentry (type=type@entry=2, pFunInfo=pFunInfo@entry=0x7ff9619929e4, a_stream=a_stream@entry=0x7fff40e9839c, transport_hdr=transport_hdr@entry=0x0,
|
||
thread_seq=23, a_packet=a_packet@entry=0x5002f4a60d80) at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:300
|
||
#22 0x0000000000436cf5 in call_streamentry (a_stream=a_stream@entry=0x7fff40e9839c, this_iphdr=this_iphdr@entry=0x5002f4a60d80, transport_hdr=transport_hdr@entry=0x5002f4a60d94,
|
||
raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0, pFunInfo=pFunInfo@entry=0x7ff9619929e4) at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:519
|
||
#23 0x0000000000437442 in stream_state_data_process (funnum=<optimized out>, pfunAarry=0x9a7ba0 <g_StreamTcpAllFun>, smart_offload_flag=2 '\002',
|
||
opstate=0x7fff40e983b9 "\003\001\001", <incomplete sequence \345>, apme=0x7ff961992694, raw_pkt=0x7ffa4abfe1c0, transport_hdr=0x5002f4a60d94, this_iphdr=0x5002f4a60d80,
|
||
a_stream=0x7fff40e9839c) at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:643
|
||
#24 stream_process (a_stream=a_stream@entry=0x7fff40e9839c, this_iphdr=this_iphdr@entry=0x5002f4a60d80, transport_hdr=transport_hdr@entry=0x5002f4a60d94, raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0,
|
||
funnum=<optimized out>, pfunAarry=pfunAarry@entry=0x9a7ba0 <g_StreamTcpAllFun>, apme=0x7ff961992694, opstate=0x7fff40e983b9 "\003\001\001", <incomplete sequence \345>,
|
||
smart_offload_flag=2 '\002') at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:1005
|
||
#25 0x00000000004379a7 in stream_process_tcp_allpkt (a_tcp=a_tcp@entry=0x7fff40e9839c, this_iphdr=this_iphdr@entry=0x5002f4a60d80, transport_hdr=transport_hdr@entry=0x5002f4a60d94,
|
||
raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0, apme=apme@entry=0x7ff961992694, popstate=popstate@entry=0x7fff40e983b9 "\003\001\001", <incomplete sequence \345>)
|
||
at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:1167
|
||
#26 0x000000000043dfaa in deal_tcp_stream (pindex=pindex@entry=0x5002f4a60d28, this_iphdr=this_iphdr@entry=0x5002f4a60d80, this_tcphdr=0x5002f4a60d94, tcplen=1412,
|
||
raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0, offset_to_raw_pkt_hdr=<optimized out>) at /home/yangwei/platform/sapp/src/dealpkt/deal_tcp.c:3180
|
||
#27 0x000000000043efa4 in dealtcppkt (offset_to_raw_pkt_hdr=<optimized out>, raw_packet=0x7ffa4abfe1c0, tcpdatalen=<optimized out>, routedir=1 '\001', thread_num=<optimized out>,
|
||
this_tcphdr=<optimized out>, this_iphdr=0x5002f4a60d80, pfindex=0x5002f4a60d28) at /home/yangwei/platform/sapp/src/dealpkt/deal_tcp.c:3262
|
||
#28 dealipv4tcppkt (pfindex=pfindex@entry=0x5002f4a60d28, this_iphdr=this_iphdr@entry=0x5002f4a60d80, thread_num=<optimized out>, routedir=routedir@entry=1 '\001',
|
||
raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0, offset_to_raw_pkt_hdr=<optimized out>) at /home/yangwei/platform/sapp/src/dealpkt/deal_tcp.c:3314
|
||
#29 0x0000000000446f0c in process_ipv4_pkt (pfindex=0x5002f4a60d28, pfindex@entry=0x7ffa4abfd4b0, a_packet=a_packet@entry=0x5002f4a60d80, thread_num=thread_num@entry=23,
|
||
routedir=routedir@entry=1 '\001', raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0, offset_to_raw_pkt_hdr=1, offset_to_raw_pkt_hdr@entry=14) at /home/yangwei/platform/sapp/src/dealpkt/deal_udp.c:1140
|
||
#30 0x000000000043885b in ipv4_entry (pfstream_pr=<optimized out>, this_layer_data=this_layer_data@entry=0x5002f4a60d80, thread_num=thread_num@entry=23, routedir=routedir@entry=1 '\001',
|
||
raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0, offset_to_raw_pkt_hdr=<optimized out>) at /home/yangwei/platform/sapp/src/dealpkt/deal_ipv4.c:785
|
||
#31 0x0000000000444a44 in eth_entry (fstream_pr=fstream_pr@entry=0x0, this_layer_hdr=0x5002f4a60d72, thread_num=thread_num@entry=23, dir=<optimized out>, raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0,
|
||
offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=0) at /home/yangwei/platform/sapp/src/dealpkt/deal_ethernet.c:177
|
||
#32 0x000000000042fdf2 in mesa_default_pkt_cb (p_raw_pkt=0x7ffa4abfe1c0, dir=<optimized out>, thread_num=<optimized out>) at /home/yangwei/platform/sapp/src/packet_io/packet_io.c:652
|
||
#33 0x0000000000513c07 in marsio4_pkt_hand (dir=0 '\000', raw_pkt=0x7ffa4abfe1c0, rx_buff=0x5002f4a60bc0, tid=23) at /home/yangwei/platform/sapp/src/packet_io/packet_io_marsio.c:797
|
||
#34 marsio4_process_packet (tid=tid@entry=23, raw_pkt=raw_pkt@entry=0x7ffa4abfe1c0) at /home/yangwei/platform/sapp/src/packet_io/packet_io_marsio.c:841
|
||
#35 0x0000000000514311 in marsio4_worker (arg=<optimized out>) at /home/yangwei/platform/sapp/src/packet_io/packet_io_marsio.c:999
|
||
#36 0x00007ffff67e21ca in start_thread () from /lib64/libpthread.so.0
|
||
#37 0x00007ffff56d0e73 in clone () from /lib64/libc.so.6 {code}
|
||
|
||
*
|
||
**
|
||
***
|
||
{code:java}
|
||
(gdb) thr 197
|
||
[Switching to thread 197 (Thread 0x7ffa49dff700 (LWP 307))]
|
||
#0 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
(gdb) bt
|
||
#0 0x00007ffff67eb8ca in __lll_unlock_wake () from /lib64/libpthread.so.0
|
||
#1 0x00007ffff67e62e6 in __pthread_mutex_unlock_usercnt () from /lib64/libpthread.so.0
|
||
#2 0x00007ffff5800073 in dl_iterate_phdr () from /lib64/libc.so.6
|
||
#3 0x00007ffff5a6f175 in _Unwind_Find_FDE () from /lib64/libgcc_s.so.1
|
||
#4 0x00007ffff5a6b713 in uw_frame_state_for () from /lib64/libgcc_s.so.1
|
||
#5 0x00007ffff5a6cb2d in _Unwind_RaiseException_Phase2 () from /lib64/libgcc_s.so.1
|
||
#6 0x00007ffff5a6d071 in _Unwind_RaiseException () from /lib64/libgcc_s.so.1
|
||
#7 0x00007ffe34a636fb in lj_err_throw () from /opt/tsg/framework/lib/libelua.so
|
||
#8 0x00007ffe34a63a7f in lj_err_run () from /opt/tsg/framework/lib/libelua.so
|
||
#9 0x00007ffe34a63bad in err_msgv () from /opt/tsg/framework/lib/libelua.so
|
||
#10 0x00007ffe34a63cfc in lj_err_optype () from /opt/tsg/framework/lib/libelua.so
|
||
#11 0x00007ffe34a84f86 in lj_meta_tget () from /opt/tsg/framework/lib/libelua.so
|
||
#12 0x00007ffe34a7f79b in lj_vmeta_tgetv () from /opt/tsg/framework/lib/libelua.so
|
||
#13 0x00007ffe34a6d32c in lua_pcall () from /opt/tsg/framework/lib/libelua.so
|
||
#14 0x00007ffe34a62699 in elua_execute_script(elua_script*, char const*, unsigned long, void*, elua_context*, elua_data*) () from /opt/tsg/framework/lib/libelua.so
|
||
#15 0x00007ffe34ce1acd in app_sketch_call_lua_script(session*, elua_vm*, lua_rt_info*, char*, unsigned long, lua_extract_attribute*, int) () from ./stellar_plugin/context_based_detector.so
|
||
#16 0x00007ffe34cdf690 in session_lua_script_exec(session*, lua_runtime_context const*, int) () from ./stellar_plugin/context_based_detector.so
|
||
#17 0x00007ffe34cded94 in context_based_detector_session_entry(session*, int, packet const*, void*) () from ./stellar_plugin/context_based_detector.so
|
||
#18 0x00007ffe383f5b42 in session_dispatch () from ./plug/stellar_on_sapp/stellar_on_sapp.so
|
||
#19 0x00007ffe383f4394 in adapter_session_state_update () from ./plug/stellar_on_sapp/stellar_on_sapp.so
|
||
#20 0x00007ffe383f3433 in loader_transfer_stream_entry.constprop () from ./plug/stellar_on_sapp/stellar_on_sapp.so
|
||
#21 0x0000000000436915 in plugin_call_streamentry (type=type@entry=2, pFunInfo=pFunInfo@entry=0x7ff8f12df624, a_stream=a_stream@entry=0x7fff436afadc, transport_hdr=transport_hdr@entry=0x0,
|
||
thread_seq=24, a_packet=a_packet@entry=0x50040d289c04) at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:300
|
||
#22 0x0000000000436cf5 in call_streamentry (a_stream=a_stream@entry=0x7fff436afadc, this_iphdr=this_iphdr@entry=0x50040d289c04, transport_hdr=transport_hdr@entry=0x50040d289c18,
|
||
raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0, pFunInfo=pFunInfo@entry=0x7ff8f12df624) at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:519
|
||
#23 0x0000000000437442 in stream_state_data_process (funnum=<optimized out>, pfunAarry=0x9a7ba0 <g_StreamTcpAllFun>, smart_offload_flag=2 '\002', opstate=0x7fff436afaf9 "\003\001\001?",
|
||
apme=0x7ff8f12df2d4, raw_pkt=0x7ffa49dfe1c0, transport_hdr=0x50040d289c18, this_iphdr=0x50040d289c04, a_stream=0x7fff436afadc) at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:643
|
||
#24 stream_process (a_stream=a_stream@entry=0x7fff436afadc, this_iphdr=this_iphdr@entry=0x50040d289c04, transport_hdr=transport_hdr@entry=0x50040d289c18, raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0,
|
||
funnum=<optimized out>, pfunAarry=pfunAarry@entry=0x9a7ba0 <g_StreamTcpAllFun>, apme=0x7ff8f12df2d4, opstate=0x7fff436afaf9 "\003\001\001?", smart_offload_flag=2 '\002')
|
||
at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:1005
|
||
#25 0x00000000004379a7 in stream_process_tcp_allpkt (a_tcp=a_tcp@entry=0x7fff436afadc, this_iphdr=this_iphdr@entry=0x50040d289c04, transport_hdr=transport_hdr@entry=0x50040d289c18,
|
||
raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0, apme=apme@entry=0x7ff8f12df2d4, popstate=popstate@entry=0x7fff436afaf9 "\003\001\001?") at /home/yangwei/platform/sapp/src/dealpkt/callapp.c:1167
|
||
#26 0x000000000043dfaa in deal_tcp_stream (pindex=pindex@entry=0x50040d289bac, this_iphdr=this_iphdr@entry=0x50040d289c04, this_tcphdr=0x50040d289c18, tcplen=1400,
|
||
raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0, offset_to_raw_pkt_hdr=<optimized out>) at /home/yangwei/platform/sapp/src/dealpkt/deal_tcp.c:3180
|
||
#27 0x000000000043efa4 in dealtcppkt (offset_to_raw_pkt_hdr=<optimized out>, raw_packet=0x7ffa49dfe1c0, tcpdatalen=<optimized out>, routedir=1 '\001', thread_num=<optimized out>,
|
||
this_tcphdr=<optimized out>, this_iphdr=0x50040d289c04, pfindex=0x50040d289bac) at /home/yangwei/platform/sapp/src/dealpkt/deal_tcp.c:3262
|
||
#28 dealipv4tcppkt (pfindex=pfindex@entry=0x50040d289bac, this_iphdr=this_iphdr@entry=0x50040d289c04, thread_num=<optimized out>, routedir=routedir@entry=1 '\001',
|
||
raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0, offset_to_raw_pkt_hdr=<optimized out>) at /home/yangwei/platform/sapp/src/dealpkt/deal_tcp.c:3314
|
||
#29 0x0000000000446f0c in process_ipv4_pkt (pfindex=0x50040d289bac, pfindex@entry=0x7ffa49dfd2f0, a_packet=a_packet@entry=0x50040d289c04, thread_num=thread_num@entry=24,
|
||
routedir=routedir@entry=1 '\001', raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0, offset_to_raw_pkt_hdr=1, offset_to_raw_pkt_hdr@entry=18) at /home/yangwei/platform/sapp/src/dealpkt/deal_udp.c:1140
|
||
#30 0x000000000043885b in ipv4_entry (pfstream_pr=pfstream_pr@entry=0x7ffa49dfd508, this_layer_data=this_layer_data@entry=0x50040d289c04, thread_num=thread_num@entry=24,
|
||
routedir=routedir@entry=1 '\001', raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0, offset_to_raw_pkt_hdr=<optimized out>) at /home/yangwei/platform/sapp/src/dealpkt/deal_ipv4.c:785
|
||
#31 0x0000000000439d11 in mpls_uc_entry (pfstream_pr=<optimized out>, this_layer_data=this_layer_data@entry=0x50040d289c00, thread_num=thread_num@entry=24, routedir=routedir@entry=1 '\001',
|
||
raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0, offset_to_raw_pkt_hdr=14) at /home/yangwei/platform/sapp/src/dealpkt/deal_mpls.c:201
|
||
#32 0x0000000000444a80 in eth_entry (fstream_pr=fstream_pr@entry=0x0, this_layer_hdr=0x50040d289bf2, thread_num=thread_num@entry=24, dir=<optimized out>, raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0,
|
||
offset_to_raw_pkt_hdr=offset_to_raw_pkt_hdr@entry=0) at /home/yangwei/platform/sapp/src/dealpkt/deal_ethernet.c:203
|
||
#33 0x000000000042fdf2 in mesa_default_pkt_cb (p_raw_pkt=0x7ffa49dfe1c0, dir=<optimized out>, thread_num=<optimized out>) at /home/yangwei/platform/sapp/src/packet_io/packet_io.c:652
|
||
#34 0x0000000000513c07 in marsio4_pkt_hand (dir=0 '\000', raw_pkt=0x7ffa49dfe1c0, rx_buff=0x50040d289a40, tid=24) at /home/yangwei/platform/sapp/src/packet_io/packet_io_marsio.c:797
|
||
#35 marsio4_process_packet (tid=tid@entry=24, raw_pkt=raw_pkt@entry=0x7ffa49dfe1c0) at /home/yangwei/platform/sapp/src/packet_io/packet_io_marsio.c:841
|
||
#36 0x0000000000514311 in marsio4_worker (arg=<optimized out>) at /home/yangwei/platform/sapp/src/packet_io/packet_io_marsio.c:999
|
||
#37 0x00007ffff67e21ca in start_thread () from /lib64/libpthread.so.0
|
||
#38 0x00007ffff56d0e73 in clone () from /lib64/libc.so.6
|
||
(gdb) quit
|
||
{code}**gitlab** commented on *2024-04-24T11:25:18.872+0800*:
|
||
|
||
[冯伟浩|https://git.mesalab.cn/fengweihao] mentioned this issue in [a commit|https://git.mesalab.cn/appsketch/context_based_detector/-/commit/7934935e8446baa7cf727c56646fa006ee2f0e71] of [AppSketch / context_based_detector|https://git.mesalab.cn/appsketch/context_based_detector] on branch [develop-version|https://git.mesalab.cn/appsketch/context_based_detector/-/tree/develop-version]:{quote}OMPUB-1256: context_based_detector加载APP_SIG_LUA_SCRIPTS回调表过程中,增加对lua脚本运行检查{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**yangwei** commented on *2024-04-24T15:57:27.640+0800*:
|
||
|
||
UI需要增加对用户导入的APP Lua脚本校验,避免在界面导入成功,但功能端检查失败后未实际执行,造成使用困惑的问题。
|
||
|
||
[~fengweihao] 参考TSG Proxy Script,提供App Lua脚本校验工具供UI进行导入校验
|
||
|
||
|
||
|
||
---
|
||
|
||
**yangwei** commented on *2024-04-24T15:59:33.884+0800*:
|
||
|
||
功能端每个工作线程开启一个lua虚拟机,原则上不会出现单个工作线程抛出异常,导致其他线程锁住的问题,现场堆栈都在__lll_unlock_wake的原因待进一步排查原因
|
||
|
||
|
||
|
||
---
|
||
|
||
**fengweihao** commented on *2024-04-24T16:47:07.818+0800*:
|
||
|
||
luac-tool工具介绍如下:
|
||
|
||
关于Proxy:
|
||
* luac-tool增加context_based_detector中lua注册函数, 兼容Proxy下lua script检测,Proxy具体参考TSG-15443
|
||
|
||
详情如下:
|
||
*
|
||
{code:java}
|
||
./luac-tool
|
||
luac-tool: ./luac-tool
|
||
usage: luac-tool [options] [filenames]
|
||
Available options are:
|
||
-p Grammar function check
|
||
-t Script timeout
|
||
-m Input module name[tfe|app]
|
||
-r The return value of lua{code}
|
||
|
||
检查工具:
|
||
* -p 指定输入的lua脚本路径
|
||
* -t lua脚本执行时间超时检测(来源: APP_SIG_LUA_SCRIPTS表中max_exec_time)
|
||
* -m 指定当前检测的模块名,默认为tfe
|
||
* -r lua脚本返回值检测 (来源: APP_SIG_LUA_SCRIPTS表中attribute_type)
|
||
|
||
样例如下:
|
||
*
|
||
{code:java}
|
||
检测tfe下的lua脚本:
|
||
# ./luac-tool -p run_script_hijack.lua -t 1000000 -m app -r string
|
||
message : Script run error, Maybe use of unsupported function
|
||
|
||
返回值检测:
|
||
return_string_normal.lua 脚本内容如下
|
||
local str = "lua"
|
||
local payload=APP.data
|
||
openvpn_id ="openvpn"APP.context.c2s_count=1
|
||
APP.log_debug("LUA-String-704:", str)
|
||
APP.append_extra_info("openvpn_s2c_id", "str")
|
||
return string.len(str), str
|
||
|
||
脚本检测:
|
||
失败:
|
||
# ./luac-tool -p return_string_normal.lua -t 100000 -m app -r numeric
|
||
message : The lua return value does not match
|
||
成功
|
||
# ./luac-tool -p return_string_normal.lua -t 100000 -m app -r string
|
||
|
||
正常APP_SIG_LUA_SCRIPTS脚本检测
|
||
./luac-tool -p OPENVPN_application.lua -t 100000 -m app -r bool{code}
|
||
|
||
检查工具:
|
||
* [^luac-tool]
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**56178/luac-tool**
|
||
|
||
---
|
||
|
||
**56059/run_script_hijack.lua**
|
||
|
||
---
|
||
|
||
**56060/run_script_insert.lua**
|
||
|
||
---
|
||
|
||
**56061/run_script_log_error_replace_req_head.lua**
|
||
|
||
---
|
||
|
||
**56062/run_script_log_error_replace_resbody.lua**
|
||
|
||
---
|
||
|
||
**56065/run_script_redirect_uri.lua**
|
||
|
||
---
|
||
|
||
**56064/run_script_redirect_uri+(1).lua**
|
||
|
||
---
|
||
|
||
**56063/run_script_redirect_uri+(1)+(1).lua**
|
||
|
||
---
|
||
|