{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations","id":"34043","self":"https://jira.geedge.net/rest/api/2/issue/34043","key":"OMPUB-899","fields":{"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10004","id":"10004","description":"","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10303&avatarType=issuetype","name":"故障","subtask":false,"avatarId":10303},"components":[],"timespent":null,"timeoriginalestimate":null,"description":"埃塞tv.cctv.com突然无法正常访问,中电要求排查确认是否和我们系统有关。\r\n\r\n \r\n\r\n2023-02-17  有部分用户向中电反馈该网站无法正常访问使用,询问是否和TSG系统有关。\r\n\r\n                     当时中电也咨询了业主,业主回复未对该网站进行deny。\r\n\r\n                     当天测试访问的情况是,部分终端首页就无法访问成功,要不首页刷新加载成功了但是点击首页视频视频加载失败。\r\n\r\n                     pcap包是上次2023-02-17 反馈问题给洋姐时捕的数据包\r\n\r\n[  https://tv.cctv.com/|https://tv.cctv.com/]目前存在以下情况:\r\n\r\n[2023-04-13|https://tv.cctv.com/]  刚访问的结果,是首页访问加载刷新比较慢,首页加载成功后,点击视频然后视频加载10秒钟左右,可加载成功正常播放。 \r\n\r\n ","project":{"self":"https://jira.geedge.net/rest/api/2/project/10206","id":"10206","key":"OMPUB","name":"Operation and Maintenance","projectTypeKey":"business","avatarUrls":{"48x48":"https://jira.geedge.net/secure/projectavatar?pid=10206&avatarId=10715","24x24":"https://jira.geedge.net/secure/projectavatar?size=small&pid=10206&avatarId=10715","16x16":"https://jira.geedge.net/secure/projectavatar?size=xsmall&pid=10206&avatarId=10715","32x32":"https://jira.geedge.net/secure/projectavatar?size=medium&pid=10206&avatarId=10715"},"projectCategory":{"self":"https://jira.geedge.net/rest/api/2/projectCategory/10002","id":"10002","description":"系统运维","name":"MaintenanceDev"}},"fixVersions":[],"aggregatetimespent":null,"resolution":{"self":"https://jira.geedge.net/rest/api/2/resolution/10000","id":"10000","description":"该问题的工作流程已完成。","name":"完成"},"timetracking":{},"customfield_10401":null,"customfield_10104":null,"customfield_10402":null,"customfield_10105":"0|i03xis:","customfield_10403":null,"customfield_10404":null,"attachment":[{"self":"https://jira.geedge.net/rest/api/2/attachment/37627","id":"37627","filename":"cctv.com.zip","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=chengsiyuan","name":"chengsiyuan","key":"JIRAUSER10915","emailAddress":"chengsiyuan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10346","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10346","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10346","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10346"},"displayName":"程思源","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-24T21:29:36.841+0800","size":36542801,"mimeType":"application/zip","content":"https://jira.geedge.net/secure/attachment/37627/cctv.com.zip"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37242","id":"37242","filename":"cctv.pcap","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuju","name":"liuju","key":"JIRAUSER10222","emailAddress":"liuju@zdjizhi.com","avatarUrls":{"48x48":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=48","24x24":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=24","16x16":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=16","32x32":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=32"},"displayName":"刘菊","active":false,"timeZone":"Asia/Shanghai"},"created":"2023-04-13T14:54:35.496+0800","size":1320614,"mimeType":"application/vnd.tcpdump.pcap","content":"https://jira.geedge.net/secure/attachment/37242/cctv.pcap"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37630","id":"37630","filename":"image-2023-04-25-09-05-31-302.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-25T09:05:31.682+0800","size":581079,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37630/image-2023-04-25-09-05-31-302.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37630/_thumb_37630.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37631","id":"37631","filename":"image-2023-04-25-09-07-32-104.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-25T09:07:32.460+0800","size":279607,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37631/image-2023-04-25-09-07-32-104.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37631/_thumb_37631.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37680","id":"37680","filename":"image-2023-05-04-17-37-09-358.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-05-04T17:37:09.704+0800","size":291553,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37680/image-2023-05-04-17-37-09-358.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37680/_thumb_37680.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37243","id":"37243","filename":"微信图片_20230413095232.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuju","name":"liuju","key":"JIRAUSER10222","emailAddress":"liuju@zdjizhi.com","avatarUrls":{"48x48":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=48","24x24":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=24","16x16":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=16","32x32":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=32"},"displayName":"刘菊","active":false,"timeZone":"Asia/Shanghai"},"created":"2023-04-13T14:53:27.133+0800","size":747815,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37243/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20230413095232.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37243/_thumb_37243.png"}],"aggregatetimeestimate":null,"resolutiondate":"2023-06-27T19:29:25.399+0800","workratio":-1,"summary":"【E21现场】tv.cctv.com无法正常访问","lastViewed":null,"watches":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-899/watchers","watchCount":4,"isWatching":false},"creator":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuju","name":"liuju","key":"JIRAUSER10222","emailAddress":"liuju@zdjizhi.com","avatarUrls":{"48x48":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=48","24x24":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=24","16x16":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=16","32x32":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=32"},"displayName":"刘菊","active":false,"timeZone":"Asia/Shanghai"},"subtasks":[],"created":"2023-04-13T14:56:59.776+0800","reporter":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuju","name":"liuju","key":"JIRAUSER10222","emailAddress":"liuju@zdjizhi.com","avatarUrls":{"48x48":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=48","24x24":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=24","16x16":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=16","32x32":"https://www.gravatar.com/avatar/de39e01c583621fe2030d723f55e0e79?d=mm&s=32"},"displayName":"刘菊","active":false,"timeZone":"Asia/Shanghai"},"customfield_10000":"{summaryBean=com.atlassian.jira.plugin.devstatus.rest.SummaryBean@49ca46aa[summary={pullrequest=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@6972cca7[overall=PullRequestOverallBean{stateCount=0, state='OPEN', details=PullRequestOverallDetails{openCount=0, mergedCount=0, declinedCount=0}},byInstanceType={}], build=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@26fa11c1[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BuildOverallBean@5992f64d[failedBuildCount=0,successfulBuildCount=0,unknownBuildCount=0,count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], review=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@319571b0[overall=com.atlassian.jira.plugin.devstatus.summary.beans.ReviewsOverallBean@7b3f18d3[stateCount=0,state=,dueDate=,overDue=false,count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], deployment-environment=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@dbd6a6c[overall=com.atlassian.jira.plugin.devstatus.summary.beans.DeploymentOverallBean@4353d508[topEnvironments=[],showProjects=false,successfulCount=0,count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], repository=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@59512423[overall=com.atlassian.jira.plugin.devstatus.summary.beans.CommitOverallBean@5aab465a[count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], branch=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@3ca3b969[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BranchOverallBean@6105d060[count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}]},errors=[],configErrors=[]], devSummaryJson={\"cachedValue\":{\"errors\":[],\"configErrors\":[],\"summary\":{\"pullrequest\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":\"OPEN\",\"details\":{\"openCount\":0,\"mergedCount\":0,\"declinedCount\":0,\"total\":0},\"open\":true},\"byInstanceType\":{}},\"build\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"failedBuildCount\":0,\"successfulBuildCount\":0,\"unknownBuildCount\":0},\"byInstanceType\":{}},\"review\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":null,\"dueDate\":null,\"overDue\":false,\"completed\":false},\"byInstanceType\":{}},\"deployment-environment\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"topEnvironments\":[],\"showProjects\":false,\"successfulCount\":0},\"byInstanceType\":{}},\"repository\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}},\"branch\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}}}},\"isStale\":false}}","aggregateprogress":{"progress":0,"total":0},"customfield_10100":null,"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/3","iconUrl":"https://jira.geedge.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10200":null,"customfield_10400":null,"labels":["E21现场"],"environment":null,"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"duedate":null,"progress":{"progress":0,"total":0},"issuelinks":[{"id":"31577","self":"https://jira.geedge.net/rest/api/2/issueLink/31577","type":{"id":"10002","name":"Duplicate","inward":"is duplicated by","outward":"duplicates","self":"https://jira.geedge.net/rest/api/2/issueLinkType/10002"},"inwardIssue":{"id":"32386","key":"OMPUB-799","self":"https://jira.geedge.net/rest/api/2/issue/32386","fields":{"summary":"【XJ-CUCC-IDC】省出入口升级TSG和APP Sketch DB后,应用流量识别骤增","status":{"self":"https://jira.geedge.net/rest/api/2/status/10103","description":"这一问题被认为是完成, 这项决议是正确的。问题已关闭可以重新开放。","iconUrl":"https://jira.geedge.net/images/icons/statuses/generic.png","name":"已关闭","id":"10103","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}},"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/1","iconUrl":"https://jira.geedge.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10004","id":"10004","description":"","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10303&avatarType=issuetype","name":"故障","subtask":false,"avatarId":10303}}}},{"id":"31486","self":"https://jira.geedge.net/rest/api/2/issueLink/31486","type":{"id":"10003","name":"Relates","inward":"relates to","outward":"relates to","self":"https://jira.geedge.net/rest/api/2/issueLinkType/10003"},"inwardIssue":{"id":"32386","key":"OMPUB-799","self":"https://jira.geedge.net/rest/api/2/issue/32386","fields":{"summary":"【XJ-CUCC-IDC】省出入口升级TSG和APP Sketch DB后,应用流量识别骤增","status":{"self":"https://jira.geedge.net/rest/api/2/status/10103","description":"这一问题被认为是完成, 这项决议是正确的。问题已关闭可以重新开放。","iconUrl":"https://jira.geedge.net/images/icons/statuses/generic.png","name":"已关闭","id":"10103","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}},"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/1","iconUrl":"https://jira.geedge.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10004","id":"10004","description":"","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10303&avatarType=issuetype","name":"故障","subtask":false,"avatarId":10303}}}}],"comment":{"comments":[{"self":"https://jira.geedge.net/rest/api/2/issue/34043/comment/57737","id":"57737","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=chengsiyuan","name":"chengsiyuan","key":"JIRAUSER10915","emailAddress":"chengsiyuan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10346","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10346","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10346","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10346"},"displayName":"程思源","active":true,"timeZone":"Asia/Shanghai"},"body":"2023-04-24 10:30:00 to 2023-04-24 10:56:59测试:\r\n测试环境:电脑连接手机热点,电脑访问[https://tv.cctv.com/;|https://tv.cctv.com/]\r\n测试结果:1、电脑无痕模式下访问[https://tv.cctv.com/],首次无法访问,点击刷新后2分钟左右,访问成功,但是首页加载速度很慢,点击视频无法加载;\r\n                   2、测试时间段的Security Events可以查到对应日志,Session Records未查到日志。\r\n\r\n附件cctv.com.zip为:测试时间段的pcap包、对应的session record和security event log日志情况截图、以及security event log日志详情\r\n                  ","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=chengsiyuan","name":"chengsiyuan","key":"JIRAUSER10915","emailAddress":"chengsiyuan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10346","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10346","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10346","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10346"},"displayName":"程思源","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-24T16:14:41.897+0800","updated":"2023-04-24T16:14:41.897+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/34043/comment/57748","id":"57748","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"* 使用wireshark条件tls.handshake.extensions_server_name == \"tv.cctv.com\"对pcap进行过滤,一共可以查询到6次包含“tv.cctv.com”的SSL Client Hello请求,其中前4次的ja3 hash,与Security Events中的一一对应\r\n\r\n!image-2023-04-25-09-05-31-302.png|width=1046,height=539!\r\n * 查看第一个在客户端捕获的SSL会话,第8个包发起的Client Hello出现了多次重传后,客户端主动发送rst断开,与NPB收到C2S单向流量,并命中策略执行deny->reset动作时,由于缺乏S2C侧信息,执行动作退化为Drop相符,最终客户端在多次重试后,主动结束会话。\r\n\r\n!image-2023-04-25-09-07-32-104.png|width=1096,height=214!\r\n * 最后两个SSL会话,使用服务端IP+SNI条件,在TSG界面查询,未查询到日志可能由以下原因导致:\r\n ** 对应处理的NPB(10.227.11.9)处理能力过载,bypass掉了对应的流量没有进行业务处理,可以通过查询NZ界面排除该原因\r\n ** 测试过程中,对应会话的流量没有完整分发给NPB,或者NPB出现丢包,导致不包含SNI为tv.cctv.com的请求(被Deny的会话,不会被包含在会话日志中),可以通过修改查询条件为ClientIP+ServerIP进行排除","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-25T09:17:36.121+0800","updated":"2023-04-25T09:17:36.121+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/34043/comment/57867","id":"57867","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"4.25更新:\r\n * 使用思源提供的NZ监控记录,未发现对应的NPB有bypass现象,排除上述可能性1\r\n * 观察思源提供的测试时段,按服务端IP+客户端IP查询会话记录日志的结果,未见上图在客户端捕包中过滤出来包编号为133和139的两次SSL会话(ja3hash分别为0ff609d8da5f262fbf853192d219b638和4b147568c463e2c44acbacf41c59986f)\r\n * !image-2023-05-04-17-37-09-358.png|width=866,height=454!\r\n\r\n \r\n\r\n初步结论为,存在测试客户端部分流量没有经过TSG系统的现象,从而导致deny效果不佳","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-05-04T17:40:01.829+0800","updated":"2023-05-04T17:40:01.829+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/34043/comment/57893","id":"57893","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"更新描述后,发现是用户是想确认为什么TSG系统没有下发相关阻断或干扰策略的前提下,[ https://tv.cctv.com/|https://tv.cctv.com/]访问效果不佳。\r\n\r\n结合前述分析,更新描述如下:\r\n * 2023-04-24 10:30:00 to 2023-04-24 10:56:59测试\r\n ** 客户端数据分析\r\n *** 客户端共发起6次包含“tv.cctv.com”的SSL Client Hello请求,其中前4次访问失败,后2次访问成功\r\n *** 分析失败的前4次访问可以发现,发起Client Hello后,出现了多次重传,最后客户端主动发送rst断开。该现象与被中间网络设备丢弃数据包类似。\r\n ** TSG系统日志数据分析\r\n *** 在TSG系统查询客户端公网IP+前4次访问的服务端IP(95.101.22.161),可以找到对应ja3hash的会话日志,说明该会话经过TSG系统,且TSG系统并未做出相应的丢弃数据包行为\r\n *** 分析TSG系统记录的前4个会话信息,发现为C2S侧单向流,且pkt_send数量为3,TSG系统仅能看到C2S侧的SYN,ACK,和首个Client Hello数据包,对于客户端后续的重传包未有记录,{*}推测执行丢弃的系统部署位置相对TSG系统,更靠近客户端侧{*}\r\n *** 对于后2次访问成功的会话,未见到对应的TSG日志查询结果返回,请[~chengsiyuan] 补充查询对应测试时段测试客户端IP+服务端IP(95.101.22.177)的会话日志,以便进一步进行分析\r\n **** 根据补充的会话日志信息,可以在TSG系统查询到后2次使用TLS1.3访问的日志,可知测试客户端的流量经过TSG系统\r\n\r\n \r\n\r\n结论:\r\n * tv.cctv.com的访问,存在被其他(除TSG之外的)网络审计系统{*}丢弃{*}的情况\r\n * 根据TSG记录的会话日志,{*}推测该系统的部署位置,较TSG更靠近客户端{*}\r\n * 客户端捕包结果显示,当tv.cctv.com的访问切换为TLS1.3后,访问成功,对应2023-04-13 测试时首先无法访问,一段时间后可以正常播放的现象,{*}推测该系统对TLS1.3的过滤能力不佳{*}","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-05-06T09:25:25.262+0800","updated":"2023-05-08T15:05:32.518+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/34043/comment/58211","id":"58211","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhengchao","name":"zhengchao","key":"JIRAUSER10000","emailAddress":"zhengchao@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10000&avatarId=10604","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10000&avatarId=10604","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10000&avatarId=10604","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10000&avatarId=10604"},"displayName":"郑超","active":true,"timeZone":"Asia/Qyzylorda"},"body":"cctv.com被误识别为tiktok","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhengchao","name":"zhengchao","key":"JIRAUSER10000","emailAddress":"zhengchao@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10000&avatarId=10604","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10000&avatarId=10604","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10000&avatarId=10604","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10000&avatarId=10604"},"displayName":"郑超","active":true,"timeZone":"Asia/Qyzylorda"},"created":"2023-05-15T10:34:20.222+0800","updated":"2023-05-15T10:34:20.222+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/34043/comment/60877","id":"60877","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"原因同https://jira.geedge.net/browse/OMPUB-799,已向现场提供修改配置文件的临时解决方案,伺机实施","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-06-27T19:29:15.831+0800","updated":"2023-06-27T19:29:15.831+0800"}],"maxResults":6,"total":6,"startAt":0},"votes":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-899/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"assignee":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"updated":"2024-08-29T15:37:26.338+0800","status":{"self":"https://jira.geedge.net/rest/api/2/status/10103","description":"这一问题被认为是完成, 这项决议是正确的。问题已关闭可以重新开放。","iconUrl":"https://jira.geedge.net/images/icons/statuses/generic.png","name":"已关闭","id":"10103","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}}}}