128 lines
5.3 KiB
Markdown
128 lines
5.3 KiB
Markdown
# POC现场:使用内置OpenVPN特征,策略无命中
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-544 | 2022-07-01T14:14:33.000+0800 | 刘学利 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
POC演示现场,使用OpenVPN内置特征进行阻断,业主的OpenVPN正常访问,策略无命中日志
|
||
附件是对应的pcap包 以及 业主OpenVPN的配置文件**liuxueli** commented on *2022-07-04T14:00:10.767+0800*:
|
||
|
||
* 增加识别方式,参照:https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/openvpn.c
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhangzhihan** commented on *2022-07-11T17:52:39.101+0800*:
|
||
|
||
[~liuxueli] POC现场更新 app_proto_identify-2.1.2 ,更新后openvpn依然无法拦截 [^openvpn_udp.pcap] [^openvpn_udp_pure.pcap]
|
||
|
||
|
||
|
||
---
|
||
|
||
**liuxueli** commented on *2022-07-11T19:06:06.313+0800*:
|
||
|
||
* 新提供的数据包,读包能识别出openvpn,请确认openvpn的相关策略是否正确。[~zhangzhihan]
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2022-07-12T17:39:45.343+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/af0c34f77af99db374f9572ef86c114cf1f7c2e5] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2022-07-12T17:40:21.416+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/838] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2022-07-12T17:40:24.284+0800*:
|
||
|
||
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/43c09861448d71fd590a4b96ee9080d024b7c179] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**liuxueli** commented on *2022-07-12T18:18:12.622+0800*:
|
||
|
||
* 2022/0712 查看现场日志,发现加载配置报错,报错如下:
|
||
**
|
||
{code:java}
|
||
Tue Jul 12 16:25:58 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5
|
||
Tue Jul 12 16:26:29 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38.
|
||
Tue Jul 12 16:26:29 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5
|
||
Tue Jul 12 16:27:00 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38.
|
||
Tue Jul 12 16:27:00 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5
|
||
Tue Jul 12 16:27:31 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38.
|
||
Tue Jul 12 16:27:31 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5
|
||
Tue Jul 12 16:28:22 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38.
|
||
Tue Jul 12 16:28:22 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5
|
||
Tue Jul 12 16:29:13 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38.
|
||
Tue Jul 12 16:29:13 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5
|
||
Tue Jul 12 16:29:50 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38.
|
||
Tue Jul 12 16:29:50 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 {code}
|
||
|
||
* 重启SAPP正常加载配置后,OPENVPN有阻断效果。
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2022-07-12T22:24:44.441+0800*:
|
||
|
||
[付明卫|https://git.mesalab.cn/fumingwei] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/724fa577188613a8b94a1bbc4dac62348dd14ffe] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2022-07-12T22:26:21.781+0800*:
|
||
|
||
[付明卫|https://git.mesalab.cn/fumingwei] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/839] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [dev-22.07|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/dev-22.07]:{quote}2022/7/12{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**29253/MMH_JP_CMP.ovpn**
|
||
|
||
---
|
||
|
||
**29533/openvpn_udp_pure.pcap**
|
||
|
||
---
|
||
|
||
**29532/openvpn_udp.pcap**
|
||
|
||
---
|
||
|
||
**29255/OpenVPN+tcpdump_mesa捕包.pcap**
|
||
|
||
---
|
||
|
||
**29254/OpenVPN+客户端捕包.cap**
|
||
|
||
---
|
||
|
||
**29267/OpenVPN+客户端捕包-1.cap**
|
||
|
||
---
|
||
|