{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations","id":"34099","self":"https://jira.geedge.net/rest/api/2/issue/34099","key":"OMPUB-902","fields":{"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10004","id":"10004","description":"","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10303&avatarType=issuetype","name":"故障","subtask":false,"avatarId":10303},"components":[],"timespent":null,"timeoriginalestimate":null,"description":"测试环境：信息港LTS环境\r\n策略ID：18839\r\n策略-URL对象：*hypertext/WWW/\r\n测试网址：http://info.cern.ch/hypertext/WWW/\r\n服务端IP：188.184.21.108\r\n\r\n穿透现象：\r\n使用chrome浏览器访问测试网址，可以正常deny，此时不做任何操作，等待浏览器重传，一段时间后穿透。{color:red}查看安全策略日志，发现穿透的那次没有对应日志。查看tcpdump_mesa抓到的包，可以看到对应端口的报文{color}\r\n\r\n数据包分析：\r\nclien_188.184.21.108.pcap中的数据为过滤后的，只有客户端访问188.184.21.108的数据包。在客户端8340端口之前（含）的访问都是能够正常阻断的，客户端可以看到rst包。在8341端口时出现穿透，客户端未收到rst，同时查看tcpdump_mesa_188.184.21.108.pcap发现8341端口相关的流量是正常经过了sapp的\r\n\r\n !image-2023-04-17-11-26-01-759.png|thumbnail! \r\n !image-2023-04-17-11-26-08-896.png|thumbnail! \r\n !image-2023-04-17-11-30-56-481.png|thumbnail! \r\n","project":{"self":"https://jira.geedge.net/rest/api/2/project/10206","id":"10206","key":"OMPUB","name":"Operation and Maintenance","projectTypeKey":"business","avatarUrls":{"48x48":"https://jira.geedge.net/secure/projectavatar?pid=10206&avatarId=10715","24x24":"https://jira.geedge.net/secure/projectavatar?size=small&pid=10206&avatarId=10715","16x16":"https://jira.geedge.net/secure/projectavatar?size=xsmall&pid=10206&avatarId=10715","32x32":"https://jira.geedge.net/secure/projectavatar?size=medium&pid=10206&avatarId=10715"},"projectCategory":{"self":"https://jira.geedge.net/rest/api/2/projectCategory/10002","id":"10002","description":"系统运维","name":"MaintenanceDev"}},"fixVersions":[],"aggregatetimespent":null,"resolution":{"self":"https://jira.geedge.net/rest/api/2/resolution/10000","id":"10000","description":"该问题的工作流程已完成。","name":"完成"},"timetracking":{},"customfield_10401":null,"customfield_10104":null,"customfield_10402":null,"customfield_10105":"0|i03xv8:","customfield_10403":null,"customfield_10404":null,"attachment":[{"self":"https://jira.geedge.net/rest/api/2/attachment/37386","id":"37386","filename":"client_188.184.21.108.pcap","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-17T11:31:42.726+0800","size":11783,"mimeType":"application/vnd.tcpdump.pcap","content":"https://jira.geedge.net/secure/attachment/37386/client_188.184.21.108.pcap"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37389","id":"37389","filename":"image-2023-04-17-11-26-01-759.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-17T11:26:03.710+0800","size":380555,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37389/image-2023-04-17-11-26-01-759.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37389/_thumb_37389.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37388","id":"37388","filename":"image-2023-04-17-11-26-08-896.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-17T11:26:10.831+0800","size":560252,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37388/image-2023-04-17-11-26-08-896.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37388/_thumb_37388.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37387","id":"37387","filename":"image-2023-04-17-11-30-56-481.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-17T11:30:58.466+0800","size":108369,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37387/image-2023-04-17-11-30-56-481.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37387/_thumb_37387.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37629","id":"37629","filename":"image-2023-04-25-08-49-04-674.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-25T08:49:05.016+0800","size":334105,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/37629/image-2023-04-25-08-49-04-674.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/37629/_thumb_37629.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/37385","id":"37385","filename":"tcpdump_mesa_188.184.21.108.pcap","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-17T11:32:48.085+0800","size":13987,"mimeType":"application/vnd.tcpdump.pcap","content":"https://jira.geedge.net/secure/attachment/37385/tcpdump_mesa_188.184.21.108.pcap"}],"aggregatetimeestimate":null,"resolutiondate":"2023-04-25T10:17:07.884+0800","workratio":-1,"summary":"特定http网址被chrome浏览器重传时无法成功deny","lastViewed":null,"watches":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-902/watchers","watchCount":5,"isWatching":false},"creator":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"subtasks":[],"created":"2023-04-17T10:48:48.537+0800","reporter":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"customfield_10000":"{summaryBean=com.atlassian.jira.plugin.devstatus.rest.SummaryBean@37415b77[summary={pullrequest=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@5ecaac4c[overall=PullRequestOverallBean{stateCount=0, state='OPEN', details=PullRequestOverallDetails{openCount=0, mergedCount=0, declinedCount=0}},byInstanceType={}], build=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@50f6ea22[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BuildOverallBean@5b5594bc[failedBuildCount=0,successfulBuildCount=0,unknownBuildCount=0,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], review=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@6c6efbe8[overall=com.atlassian.jira.plugin.devstatus.summary.beans.ReviewsOverallBean@dae2997[stateCount=0,state=<null>,dueDate=<null>,overDue=false,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], deployment-environment=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@6a6e65fa[overall=com.atlassian.jira.plugin.devstatus.summary.beans.DeploymentOverallBean@1de9fc7f[topEnvironments=[],showProjects=false,successfulCount=0,count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], repository=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@643e591[overall=com.atlassian.jira.plugin.devstatus.summary.beans.CommitOverallBean@7a5d865f[count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}], branch=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@63857d5b[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BranchOverallBean@315d6f50[count=0,lastUpdated=<null>,lastUpdatedTimestamp=<null>],byInstanceType={}]},errors=[],configErrors=[]], devSummaryJson={\"cachedValue\":{\"errors\":[],\"configErrors\":[],\"summary\":{\"pullrequest\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":\"OPEN\",\"details\":{\"openCount\":0,\"mergedCount\":0,\"declinedCount\":0,\"total\":0},\"open\":true},\"byInstanceType\":{}},\"build\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"failedBuildCount\":0,\"successfulBuildCount\":0,\"unknownBuildCount\":0},\"byInstanceType\":{}},\"review\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":null,\"dueDate\":null,\"overDue\":false,\"completed\":false},\"byInstanceType\":{}},\"deployment-environment\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"topEnvironments\":[],\"showProjects\":false,\"successfulCount\":0},\"byInstanceType\":{}},\"repository\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}},\"branch\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}}}},\"isStale\":false}}","aggregateprogress":{"progress":0,"total":0},"customfield_10100":null,"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/3","iconUrl":"https://jira.geedge.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10200":null,"customfield_10400":null,"labels":["LTS"],"environment":null,"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"duedate":null,"progress":{"progress":0,"total":0},"issuelinks":[],"comment":{"comments":[{"self":"https://jira.geedge.net/rest/api/2/issue/34099/comment/57534","id":"57534","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"body":"在福建也发现了同样的问题，测试网址 https://p.xxt011.com/，访问一开始正常阻断，静置一段时间（大概一小时？）过后自动穿了","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-19T11:02:18.457+0800","updated":"2023-04-19T11:02:18.457+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/34099/comment/57747","id":"57747","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"在京版五楼测试环境发现，使用chrome访问被deny网站时，浏览器重试的连接，三次握手成功后，等待超过30秒（平台设置的默认TCP流超时是30秒）才发起HTTP Get请求，触发sapp的超时淘汰，导致穿透。\r\n * 可以通过修改etc/sapp.toml->STREAM->stream.tcp-> timeout参数增加TCP超时时间\r\n\r\n会话记录日志没有对应四元组的原因为，sapp认为该会话仅传输了3个包和0个字节，默认发送会话记录的条件是“超过3个包{*}且{*}传输的TCP负载长度大于5”，会话没有满足该条件，因此没有对应的记录。\r\n * 可以修改tsgconf/main.conf->TSG_CONN_SKETCH->tcp_min_bytes，降低对发送TCP负载长度的要求，使当前会话被记录\r\n\r\n!image-2023-04-25-08-49-04-674.png|width=1531,height=198!","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-25T08:55:05.398+0800","updated":"2023-04-25T08:55:05.398+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/34099/comment/57755","id":"57755","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"body":"调整超时时间后，对该网站连续测试10次，均未穿透。","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=zhangzhihan","name":"zhangzhihan","key":"JIRAUSER10111","emailAddress":"zhangzhihan@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10111&avatarId=12001","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10111&avatarId=12001","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10111&avatarId=12001","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10111&avatarId=12001"},"displayName":"张智涵","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-04-25T10:16:56.085+0800","updated":"2023-04-25T10:16:56.085+0800"}],"maxResults":3,"total":3,"startAt":0},"votes":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-902/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"assignee":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"updated":"2023-04-25T10:17:07.891+0800","status":{"self":"https://jira.geedge.net/rest/api/2/status/10103","description":"这一问题被认为是完成, 这项决议是正确的。问题已关闭可以重新开放。","iconUrl":"https://jira.geedge.net/images/icons/statuses/generic.png","name":"已关闭","id":"10103","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}}}}