4.6 KiB
亦庄环境:同时开启shunt策略和intercept策略导致测试环境断网
| ID | Creation Date | Assignee | Status |
|---|---|---|---|
| OMPUB-941 | 2023-06-07T11:44:59.000+0800 | 刘学利 | 已解决 |
现象: 同时开启shunt策略和intercept策略,测试环境断网。单独关闭shunt策略或intercept策略,网络立刻恢复。
TSG版本:TSG-23.05 OS版本:TSG-OS v23.05-rc2-124a06b (TSGXNXR620G40R01P0906) 流量接入模式:双臂接入
shunt策略配置如下: !image-2023-06-07-11-42-09-829.png|thumbnail!
intercpet策略配置如下: !image-2023-06-07-11-42-54-035.png|thumbnail! liuxueli commented on 2023-06-07T14:37:47.153+0800:
- 同时命中shunt和intercept策略,master先处理的intercept策略,再处理的shunt策略,intercept策略被执行后KNI收不到后续的数据包(TFE已完成TCP的repair),导致链接被中断。
gitlab commented on 2023-06-07T14:42:17.145+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|4abb2e9928] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941]:{quote}OMPUB-941: 同时命中security(shunt)和intercept策略,优先执行security策略{quote}
gitlab commented on 2023-06-07T15:34:21.527+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|4de70e9037] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941-v23.05|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941-v23.05]:{quote}OMPUB-941: 同时命中security(shunt)和intercept策略,优先执行security策略{quote}
liuyang commented on 2023-06-07T16:48:48.209+0800:
补充:同时配置shunt和shaping策略也断网 [~liuxueli]
gitlab commented on 2023-06-07T18:06:23.503+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|4b023ef230] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941]:{quote}OMPUB-941: 同时命中security(shunt)和intercept策略,优先执行security策略{quote}
gitlab commented on 2023-06-07T18:07:41.819+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tango/tsg_master/-/merge_requests/346] of [TSG Appliance / tsg_master|https://git.mesalab.cn/tango/tsg_master] on branch [bugfix-hitted-security-shunt-and-intercept-OMPUB-941|https://git.mesalab.cn/tango/tsg_master/-/tree/bugfix-hitted-security-shunt-and-intercept-OMPUB-941]:{quote}Resolve OMPUB-941 "Bugfix hitted security shunt and intercept "{quote}
zhangzhihan commented on 2023-06-08T10:18:51.849+0800:
亦庄现场已更新 tsg_master-6.0.17.4de70e9-1.el8.x86_64 ,同时开启shunt策略、intercept策略或shaping策略,均优先执行shunt策略,intercept策略或shaping策略无效
gitlab commented on 2023-06-08T20:52:14.656+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|56748f01c5] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-v23.06-firewall-v4|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-v23.06-firewall-v4]:{quote}更新tsg_master、firewall、packet_capture_plug、app_sketch_local,修复或适配:{quote}
gitlab commented on 2023-06-08T20:52:32.659+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/1372] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-v23.06-firewall-v4|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-v23.06-firewall-v4]:{quote}更新tsg_master、firewall、packet_capture_plug、app_sketch_local,修复或适配:{quote}
Attachments
39061/image-2023-06-07-11-42-09-829.png
39060/image-2023-06-07-11-42-54-035.png