jqlblue/gryphon_issues_jqlblue

## gryphon_issues_jqlblue
TcpCopy信息

  TcpCopy版本号：0.9.9
  内核版本号：2.6.18-164.el5
  安装规则：
  ./configure --prefix=/usr/local/tcpcopy --enable-single
  启动命令：
  modprobe ip_queue
  iptables -I OUTPUT -p tcp --sport 80 -j QUEUE
  /usr/local/tcpcopy/bin/intercept
  iptables设置：

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
QUEUE      tcp  --  anywhere             anywhere            tcp spt:http

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:36524
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

日志打印[error_intercept.log]：

2014/05/15 16:13:26 +451 [notice] intercept version:0.9.9
2014/05/15 16:13:26 +451 [notice] intercept internal version:5
2014/05/15 16:13:26 +451 [notice] TCPCOPY_SINGLE mode
2014/05/15 16:13:26 +451 [notice] INTERCEPT_COMBINED mode
2014/05/15 16:13:26 +451 [notice] msg listen socket:4
2014/05/15 16:13:26 +451 [notice] firewall socket:5
2014/05/15 16:13:56 +454 [notice] total resp packs:0, all:0, route:0
2014/05/15 16:14:26 +454 [notice] total resp packs:0, all:0, route:0
2014/05/15 16:14:51 +368 [notice] it adds fd:6
2014/05/15 16:14:51 +368 [notice] it adds fd:7
2014/05/15 16:14:56 +455 [notice] total resp packs:0, all:0, route:0
2014/05/15 16:15:14 +423 [notice] recv length 0,fd:7
2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:7
2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:7
2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:7
2014/05/15 16:15:14 +423 [notice] destroy event:7
2014/05/15 16:15:14 +423 [notice] recv length 0,fd:6
2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:6
2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:6
2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:6
2014/05/15 16:15:14 +423 [notice] destroy event:6
2014/05/15 16:15:21 +346 [warn] sig 2 received
2014/05/15 16:15:21 +346 [notice] release_resources begin
2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:4
2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:5
2014/05/15 16:15:21 +346 [notice] release_resources end except log file


Gryphon信息

  TcpCopy版本号：0.2.0
  内核版本号：2.6.18-164.el5
  安装规则：
  ./configure --enable-single
  启动命令：/usr/local/bin/gryphon -x 80-10.16.15.118:80 -f ./118.pcap -s 10.16.15.122 -u 100 -c 10.16.15.*

  日志打印[error_gryphon.log]：

2014/05/15 16:14:51 +363 [notice] gryphon version:0.2.0
2014/05/15 16:14:51 +363 [notice] target:80-10.16.15.118:80
2014/05/15 16:14:51 +363 [notice] GRYPHON_SINGLE mode
2014/05/15 16:14:51 +363 [notice] keepalive timeout:120
2014/05/15 16:14:51 +363 [notice] set global port for gryphon
2014/05/15 16:14:51 +363 [notice] parallel connections per target:2
2014/05/15 16:14:51 +363 [notice] throughput factor: 1,interval:0 ms
2014/05/15 16:14:51 +363 [notice] init connections speed:1024
2014/05/15 16:14:51 +363 [notice] s parameter:10.16.15.122
2014/05/15 16:14:51 +363 [notice] set only ip for gryphon
2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
2014/05/15 16:14:51 +363 [notice] add dr tunnels for exchanging info:2047807498:36524
2014/05/15 16:14:51 +363 [notice] read over from file:./118.pcap
2014/05/15 16:14:51 +363 [notice] pool size:72900718
2014/05/15 16:14:51 +363 [notice] stop, null from pcap_next
2014/05/15 16:14:51 +363 [info] total packets: 992007, needed packets:495965
2014/05/15 16:14:51 +363 [notice] pool used:61630692
2014/05/15 16:14:51 +363 [info] enter tc_build_users
2014/05/15 16:14:51 +363 [notice] users:100, sessions:99178, total packets needed sent:400
2014/05/15 16:14:51 +363 [info] leave tc_build_users
2014/05/15 16:14:52 +865 [notice] total is larger than size of users
2014/05/15 16:14:56 +364 [notice] active conns:0
2014/05/15 16:14:56 +364 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:14:56 +364 [notice] reset sent:0, fin sent:0
2014/05/15 16:14:56 +364 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:14:56 +364 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:01 +367 [notice] active conns:0
2014/05/15 16:15:01 +367 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:01 +367 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:01 +367 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:01 +367 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:06 +369 [notice] active conns:0
2014/05/15 16:15:06 +369 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:06 +369 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:06 +369 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:06 +369 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:11 +371 [notice] active conns:0
2014/05/15 16:15:11 +371 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:11 +371 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:11 +371 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:11 +371 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:14 +406 [warn] sig 2 received
2014/05/15 16:15:14 +406 [notice] active conns:0
2014/05/15 16:15:14 +406 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:14 +406 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:14 +406 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:14 +406 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:14 +406 [notice] remove timer over
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] send 100 reset packs to release tcp resources
2014/05/15 16:15:14 +406 [notice] valid sessions:99126
2014/05/15 16:15:14 +406 [notice] tc_event_loop_finish over

补充信息：
intercept安装在 10.16.15.122
gryphon安装在 10.16.15.113
测试服务器是 10.16.15.118
在测试机上抓包使用的命令：tcpdump -i any tcp and port 80 -w xxx.pcap
	TcpCopy信息

	TcpCopy版本号：0.9.9
	内核版本号：2.6.18-164.el5
	安装规则：
	./configure --prefix=/usr/local/tcpcopy --enable-single
	启动命令：
	modprobe ip_queue
	iptables -I OUTPUT -p tcp --sport 80 -j QUEUE
	/usr/local/tcpcopy/bin/intercept
	iptables设置：

	iptables -L

	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	RH-Firewall-1-INPUT all -- anywhere anywhere

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination
	RH-Firewall-1-INPUT all -- anywhere anywhere

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination
	QUEUE tcp -- anywhere anywhere tcp spt:http

	Chain RH-Firewall-1-INPUT (2 references)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere
	ACCEPT icmp -- anywhere anywhere icmp any
	ACCEPT esp -- anywhere anywhere
	ACCEPT ah -- anywhere anywhere
	ACCEPT udp -- anywhere anywhere udp dpt:ipp
	ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
	ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:36524
	REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

	日志打印[error_intercept.log]：

	2014/05/15 16:13:26 +451 [notice] intercept version:0.9.9
	2014/05/15 16:13:26 +451 [notice] intercept internal version:5
	2014/05/15 16:13:26 +451 [notice] TCPCOPY_SINGLE mode
	2014/05/15 16:13:26 +451 [notice] INTERCEPT_COMBINED mode
	2014/05/15 16:13:26 +451 [notice] msg listen socket:4
	2014/05/15 16:13:26 +451 [notice] firewall socket:5
	2014/05/15 16:13:56 +454 [notice] total resp packs:0, all:0, route:0
	2014/05/15 16:14:26 +454 [notice] total resp packs:0, all:0, route:0
	2014/05/15 16:14:51 +368 [notice] it adds fd:6
	2014/05/15 16:14:51 +368 [notice] it adds fd:7
	2014/05/15 16:14:56 +455 [notice] total resp packs:0, all:0, route:0
	2014/05/15 16:15:14 +423 [notice] recv length 0,fd:7
	2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:7
	2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:7
	2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:7
	2014/05/15 16:15:14 +423 [notice] destroy event:7
	2014/05/15 16:15:14 +423 [notice] recv length 0,fd:6
	2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:6
	2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:6
	2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:6
	2014/05/15 16:15:14 +423 [notice] destroy event:6
	2014/05/15 16:15:21 +346 [warn] sig 2 received
	2014/05/15 16:15:21 +346 [notice] release_resources begin
	2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:4
	2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:5
	2014/05/15 16:15:21 +346 [notice] release_resources end except log file


	Gryphon信息

	TcpCopy版本号：0.2.0
	内核版本号：2.6.18-164.el5
	安装规则：
	./configure --enable-single
	启动命令：/usr/local/bin/gryphon -x 80-10.16.15.118:80 -f ./118.pcap -s 10.16.15.122 -u 100 -c 10.16.15.*

	日志打印[error_gryphon.log]：

	2014/05/15 16:14:51 +363 [notice] gryphon version:0.2.0
	2014/05/15 16:14:51 +363 [notice] target:80-10.16.15.118:80
	2014/05/15 16:14:51 +363 [notice] GRYPHON_SINGLE mode
	2014/05/15 16:14:51 +363 [notice] keepalive timeout:120
	2014/05/15 16:14:51 +363 [notice] set global port for gryphon
	2014/05/15 16:14:51 +363 [notice] parallel connections per target:2
	2014/05/15 16:14:51 +363 [notice] throughput factor: 1,interval:0 ms
	2014/05/15 16:14:51 +363 [notice] init connections speed:1024
	2014/05/15 16:14:51 +363 [notice] s parameter:10.16.15.122
	2014/05/15 16:14:51 +363 [notice] set only ip for gryphon
	2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
	2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
	2014/05/15 16:14:51 +363 [notice] add dr tunnels for exchanging info:2047807498:36524
	2014/05/15 16:14:51 +363 [notice] read over from file:./118.pcap
	2014/05/15 16:14:51 +363 [notice] pool size:72900718
	2014/05/15 16:14:51 +363 [notice] stop, null from pcap_next
	2014/05/15 16:14:51 +363 [info] total packets: 992007, needed packets:495965
	2014/05/15 16:14:51 +363 [notice] pool used:61630692
	2014/05/15 16:14:51 +363 [info] enter tc_build_users
	2014/05/15 16:14:51 +363 [notice] users:100, sessions:99178, total packets needed sent:400
	2014/05/15 16:14:51 +363 [info] leave tc_build_users
	2014/05/15 16:14:52 +865 [notice] total is larger than size of users
	2014/05/15 16:14:56 +364 [notice] active conns:0
	2014/05/15 16:14:56 +364 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:14:56 +364 [notice] reset sent:0, fin sent:0
	2014/05/15 16:14:56 +364 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:14:56 +364 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:01 +367 [notice] active conns:0
	2014/05/15 16:15:01 +367 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:01 +367 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:01 +367 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:01 +367 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:06 +369 [notice] active conns:0
	2014/05/15 16:15:06 +369 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:06 +369 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:06 +369 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:06 +369 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:11 +371 [notice] active conns:0
	2014/05/15 16:15:11 +371 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:11 +371 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:11 +371 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:11 +371 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:14 +406 [warn] sig 2 received
	2014/05/15 16:15:14 +406 [notice] active conns:0
	2014/05/15 16:15:14 +406 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:14 +406 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:14 +406 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:14 +406 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:14 +406 [notice] remove timer over
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] send 100 reset packs to release tcp resources
	2014/05/15 16:15:14 +406 [notice] valid sessions:99126
	2014/05/15 16:15:14 +406 [notice] tc_event_loop_finish over

	补充信息：
	intercept安装在 10.16.15.122
	gryphon安装在 10.16.15.113
	测试服务器是 10.16.15.118
	在测试机上抓包使用的命令：tcpdump -i any tcp and port 80 -w xxx.pcap