116 lines
3.3 KiB
Markdown
116 lines
3.3 KiB
Markdown
# 需要通过radius log ,nat log 与 subscriber ID做关联
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-831 | 2023-03-02T09:20:48.000+0800 | 刘洋 | 已解决 |
|
||
|
||
|
||
---
|
||
|
||
P19项目需要通过Radius log 以及 nat log 对subscriber ID做关联
|
||
|
||
|
||
|
||
!image-2023-03-02-08-32-05-404.png!
|
||
|
||
在现场发现运营商给到的Raidus log 中Calling Station ID字段是上网用的手机号码,捕获的数据包中Framed-IP-Address 字段是通过Radius 认证后分配的地址
|
||
|
||
!image-2023-03-02-09-11-37-999.png!
|
||
|
||
在捕获的数据包中CFLOW协议包含NAT log信息
|
||
|
||
请通过这些信息对Subscriber ID做关联**anran** commented on *2023-03-02T09:25:29.001+0800*:
|
||
|
||
1、SubscriberID 如果是AA或者aa ,是否是同一个用户,待确认。
|
||
|
||
2、有没有Subscriber ID 显示是ufone,Calling Station ID没有显示电话号码这种情况,待确认。
|
||
|
||
白天会捕获更多数据包以便补充信息
|
||
|
||
|
||
|
||
---
|
||
|
||
**anran** commented on *2023-03-02T09:28:43.738+0800*:
|
||
|
||
!1111111.png! 在TSG展示界面显示如图(当时客户提供的样本数据),今天到现场会补充最新的截图
|
||
|
||
|
||
|
||
---
|
||
|
||
**anran** commented on *2023-03-04T07:07:14.372+0800*:
|
||
|
||
关于Radius log / NAT log 以及Subscriber ID做关联的需求:
|
||
今天正式接入POC测试流量,流量接入时间大约为伊斯兰堡时间2023年3月4日01:10左右
|
||
radius_2023-03-04-0115.pcap包中协议为CFLOW的数据包是包含NAT Log模板的
|
||
radius_2023-03-04-0141.pcap包中协议为CFLOW的数据包现在是看不到内容的,因为需要通过之前的模板以及协议为Radius的数据包中的Calling_Station_Id、Framed-IP-Address、端口号做关联才能读取到内容
|
||
|
||
日志存在[https://de.files.gdnt-cloud.com/]
|
||
|
||
!image-2023-03-04-07-06-49-031.png!
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhengchao** commented on *2023-03-06T14:27:16.943+0800*:
|
||
|
||
h2. Plan A
|
||
|
||
按照Subscriber ID的方法处理,对于功能端需要:
|
||
* Client IP + Port -> SrcAddr (From CFLOW)
|
||
* SrcAddr -> Calling Station ID (From RADIUS)
|
||
|
||
原IP Plugin表结构不支持端口范围,开发工作量较大。
|
||
h2. Plan B
|
||
|
||
采用网络叙事者进行Data Integration,定时(如10s)将CK中的CFLOW日志和RADIUS日志关联,若发生变化,则使用CM API写入Object:
|
||
* Object Type: IP Address
|
||
* Object Name: Calling Station ID xxxx
|
||
* Object Content: Post NAT Source IP address: Port Range Start - Port Range End
|
||
|
||
测试时,安全策略引用网络叙事者创建的5个Calling Station ID Object。
|
||
h2. 结论
|
||
|
||
采用Plan B
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
# Attachments
|
||
|
||
Attachment: 0059.pcap
|
||
|
||
[0059.pcap](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35645/0059.pcap)
|
||
|
||
|
||
|
||
Attachment: 1111111.png
|
||
|
||
|
||
|
||
|
||
|
||
Attachment: image-2023-03-02-08-32-05-404.png
|
||
|
||
|
||
|
||
|
||
|
||
Attachment: image-2023-03-02-09-11-37-999.png
|
||
|
||
|
||
|
||
|
||
|
||
Attachment: image-2023-03-04-07-06-49-031.png
|
||
|
||
|
||
|
||
|
||
|