admin/geedge-jira
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a8bfef5778fc7ddd06fa05776bf1ecd0f61d4c4
geedge-jira/md/OMPUB-886.md
hello 46daec8ae4 first
2025-09-14 21:52:36 +00:00

7.3 KiB
Raw Blame History

E现场: 升级tsg-os-v22.11.5-e8004bc版本后2023-04-03出现一次重启

ID Creation Date Assignee Status
OMPUB-886 2023-04-06T09:40:03.000+0800 彭宣正 已关闭
  • E现场: 升级tsg-os-v22.11.5-e8004bc版本后2023-04-03出现一次重启 ** 版本: *** dtls-1.0.9.37f642a-1.x86_64 *** tsg_conn_sketch-3.3.16.1.c4207a1-1.el7.x86_64 ** minidump 转core文件位于192.168.40.82 *** sudo gdb sapp /home/admin/core_10.233.11.5_Apr3 ** 栈信息:

{code:java} Core was generated by `/opt/tsg/sapp/sapp -c /opt/tsg/sapp/etc/sapp.toml -C /opt/tsg/sapp -D /opt/tsg/'. #0  0x00007ffc98f306d0 in TLD_append(TLD_handle_t*, char*, void*, _tld_type) () from ./plug/platform/tsg_master/tsg_master.so Missing separate debuginfos, use: debuginfo-install sapp-4.2.91.566655a-1.el7.x86_64 (gdb) bt #0  0x00007ffc98f306d0 in TLD_append(TLD_handle_t*, char*, void*, _tld_type) () from ./plug/platform/tsg_master/tsg_master.so #1  0x00007ff890bdb55f in dtls_record_cookie_and_version (info=0x7ff638bf55f0, log=0x7ff621e7fc80, thread_seq=thread_seq@entry=2, dtls_context=, dtls_context=)     at /usr/src/debug/tsg_conn_sketch-3.3.16.1.c4207a1-Linux/LIBRARIES/src_0/src/record_dtls.cpp:30 #2  0x00007ff890bdb9c1 in tsg_conn_dtls_session_data_treatment (proto_ctx=0x7ff6218a3240, proto_ctx=0x7ff6218a3240, thread_seq=2, session_info=0x7ff638bf5590) at /usr/src/debug/tsg_conn_sketch-3.3.16.1.c4207a1-Linux/LIBRARIES/src_0/src/record_dtls.cpp:60 #3  tsg_record_dtls_entry (session_info=0x7ff638bf5590, param=0x7ff61e9cf068, thread_seq=2, a_stream=0x7fffb8c82edc, a_packet=) at /usr/src/debug/tsg_conn_sketch-3.3.16.1.c4207a1-Linux/LIBRARIES/src_0/src/record_dtls.cpp:129 #4  0x000000000045a016 in plugin_call_appentry () #5  0x000000000045a4c1 in plugin_process_data () #6  0x000000000045a676 in PROT_PROCESS () #7  0x00007ff890f34899 in dtls_callPlugins (a_dtls_stream=a_dtls_stream@entry=0x7ff41ad35640, a_udp=a_udp@entry=0x7fffb8c82edc, region_flag=region_flag@entry=2, data=data@entry=0x7ff638bf55e0, thread_seq=thread_seq@entry=2,      a_packet=a_packet@entry=0x7f4242690778) at /usr/src/debug/dtls-1.0.9.37f642a-Linux/LIBRARIES/src_0/src/dtls_common.cpp:96 #8  0x00007ff890f32f62 in dtls_hs_hello_verify_request_dissector (a_udp=0x7fffb8c82edc, a_dtls_stream=0x7ff41ad35640, thread_seq=2, a_packet=0x7f4242690778) at /usr/src/debug/dtls-1.0.9.37f642a-Linux/LIBRARIES/src_0/src/dtls_analyse.cpp:247 #9  0x00007ff890f33ede in dtls_handshake_dissector (a_packet=0x7f4242690778, thread_seq=2, a_dtls_stream=0x7ff41ad35640, a_udp=0x7fffb8c82edc) at /usr/src/debug/dtls-1.0.9.37f642a-Linux/LIBRARIES/src_0/src/dtls_analyse.cpp:419 #10 dtls_analyseStream (a_udp=a_udp@entry=0x7fffb8c82edc, a_dtls_stream=0x7ff41ad35640, thread_seq=thread_seq@entry=2, a_packet=a_packet@entry=0x7f4242690778) at /usr/src/debug/dtls-1.0.9.37f642a-Linux/LIBRARIES/src_0/src/dtls_analyse.cpp:450 #11 0x00007ff890f32ac2 in DTLS_ENTRY (a_udp=0x7fffb8c82edc, pme=0x7ff61e9cfaec, thread_seq=2, a_packet=0x7f4242690778) at /usr/src/debug/dtls-1.0.9.37f642a-Linux/LIBRARIES/src_0/src/dtls.cpp:373 #12 0x0000000000441407 in plugin_call_streamentry () #13 0x0000000000441642 in call_streamentry () #14 0x0000000000441a57 in stream_process () #15 0x0000000000441f39 in stream_process_udp () #16 0x000000000044e753 in dealipv4udppkt () #17 0x0000000000442dd5 in ipv4_entry () #18 0x0000000000455cf9 in gtp_entry () #19 0x000000000044e7bb in dealipv4udppkt () #20 0x0000000000442dd5 in ipv4_entry () #21 0x0000000000455024 in IEEE_8021_entry () #22 0x000000000044dae6 in eth_entry () #23 0x00000000004560ee in vxlan_entry () #24 0x000000000044e966 in dealipv4udppkt () #25 0x0000000000442e8d in ipv4_entry () #26 0x000000000044d8a3 in eth_entry () #27 0x000000000043a1c7 in mesa_default_pkt_cb () #28 0x000000000050f52b in marsio4_process_packet () #29 0x000000000050fd00 in marsio4_worker () #30 0x00007ffff79acea5 in start_thread () from /lib64/libpthread.so.0 #31 0x00007ffff59d3b0d in clone () from /lib64/libc.so.6 {code}pengxuanzheng commented on 2023-04-06T15:52:49.789+0800:

  • 原因dtls的hello verify request 消息的结构体没有初始化为全0导致cookie内容可能是一个随机值 ** !image-2023-04-06-15-43-19-453.png! ** hello verify request 消息的作用是使用cookie来预防dos攻击的所以在定义中是一定会有cookie的所以之前默认解析该消息时cookie一定可以填上所以没有初始化全0
  • 解析协议时,所有的字段都必须先假设不存在,即使该协议已经被识别成功

gitlab commented on 2023-04-06T15:54:55.151+0800:

[彭宣正|https://git.mesalab.cn/pxz] mentioned this issue in [a commit|ab7166e558] of [彭宣正 / dtls|https://git.mesalab.cn/pxz/dtls] on branch [bugfix-ompub-886|https://git.mesalab.cn/pxz/dtls/-/tree/bugfix-ompub-886]:{quote}🐞 fix(OMPUB-886): 初始化 hello verify request 消息结构体为全0{quote}

gitlab commented on 2023-04-06T15:56:29.330+0800:

[彭宣正|https://git.mesalab.cn/pxz] mentioned this issue in [a merge request|https://git.mesalab.cn/pxz/dtls/-/merge_requests/9] of [彭宣正 / dtls|https://git.mesalab.cn/pxz/dtls] on branch [bugfix-ompub-886|https://git.mesalab.cn/pxz/dtls/-/tree/bugfix-ompub-886]:{quote}🐞 fix(OMPUB-886): 初始化 hello verify request 消息结构体为全0{quote}

liuxueli commented on 2023-05-06T14:46:45.464+0800:

  • E现场已关闭DTLS相关插件暂时没有重启的现象。

gitlab commented on 2023-05-06T15:12:53.154+0800:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|1f3aba6b22] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-v23.05-firewall-v1|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-v23.05-firewall-v1]:{quote}更新sapp、tsg_master、app_proto_identify、app_sketch_local、http、mail、dtls、firewall、...{quote}

gitlab commented on 2023-05-06T15:22:16.018+0800:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/1261] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-v23.05-firewall-v1|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-v23.05-firewall-v1]:{quote}更新sapp、tsg_master、app_proto_identify、app_sketch_local、http、mail、dtls、firewall、...{quote}

gitlab commented on 2023-05-06T15:33:10.617+0800:

[付明卫|https://git.mesalab.cn/fumingwei] mentioned this issue in [a commit|a4b1225708] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-v23.05-firewall-v1|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-v23.05-firewall-v1]:{quote}更新sapp、tsg_master、app_proto_identify、app_sketch_local、http、mail、dtls、firewall、...{quote}

Attachments

36857/image-2023-04-06-15-43-19-453.png