Skip to content

Instantly share code, notes, and snippets.

@jqlblue
Last active August 29, 2015 14:01
Show Gist options
  • Save jqlblue/766f41b8a6ccef01aa10 to your computer and use it in GitHub Desktop.
Save jqlblue/766f41b8a6ccef01aa10 to your computer and use it in GitHub Desktop.
在传统架构下,64位linux系统上使用gryphon时遇到的问题。测试请求没有抵达nginx
TcpCopy信息
TcpCopy版本号:0.9.9
内核版本号:2.6.18-164.el5
安装规则:
./configure --prefix=/usr/local/tcpcopy --enable-single
启动命令:
modprobe ip_queue
iptables -I OUTPUT -p tcp --sport 80 -j QUEUE
/usr/local/tcpcopy/bin/intercept
iptables设置:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
QUEUE tcp -- anywhere anywhere tcp spt:http
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:36524
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
日志打印[error_intercept.log]:
2014/05/15 16:13:26 +451 [notice] intercept version:0.9.9
2014/05/15 16:13:26 +451 [notice] intercept internal version:5
2014/05/15 16:13:26 +451 [notice] TCPCOPY_SINGLE mode
2014/05/15 16:13:26 +451 [notice] INTERCEPT_COMBINED mode
2014/05/15 16:13:26 +451 [notice] msg listen socket:4
2014/05/15 16:13:26 +451 [notice] firewall socket:5
2014/05/15 16:13:56 +454 [notice] total resp packs:0, all:0, route:0
2014/05/15 16:14:26 +454 [notice] total resp packs:0, all:0, route:0
2014/05/15 16:14:51 +368 [notice] it adds fd:6
2014/05/15 16:14:51 +368 [notice] it adds fd:7
2014/05/15 16:14:56 +455 [notice] total resp packs:0, all:0, route:0
2014/05/15 16:15:14 +423 [notice] recv length 0,fd:7
2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:7
2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:7
2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:7
2014/05/15 16:15:14 +423 [notice] destroy event:7
2014/05/15 16:15:14 +423 [notice] recv length 0,fd:6
2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:6
2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:6
2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:6
2014/05/15 16:15:14 +423 [notice] destroy event:6
2014/05/15 16:15:21 +346 [warn] sig 2 received
2014/05/15 16:15:21 +346 [notice] release_resources begin
2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:4
2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:5
2014/05/15 16:15:21 +346 [notice] release_resources end except log file
Gryphon信息
TcpCopy版本号:0.2.0
内核版本号:2.6.18-164.el5
安装规则:
./configure --enable-single
启动命令:/usr/local/bin/gryphon -x 80-10.16.15.118:80 -f ./118.pcap -s 10.16.15.122 -u 100 -c 10.16.15.*
日志打印[error_gryphon.log]:
2014/05/15 16:14:51 +363 [notice] gryphon version:0.2.0
2014/05/15 16:14:51 +363 [notice] target:80-10.16.15.118:80
2014/05/15 16:14:51 +363 [notice] GRYPHON_SINGLE mode
2014/05/15 16:14:51 +363 [notice] keepalive timeout:120
2014/05/15 16:14:51 +363 [notice] set global port for gryphon
2014/05/15 16:14:51 +363 [notice] parallel connections per target:2
2014/05/15 16:14:51 +363 [notice] throughput factor: 1,interval:0 ms
2014/05/15 16:14:51 +363 [notice] init connections speed:1024
2014/05/15 16:14:51 +363 [notice] s parameter:10.16.15.122
2014/05/15 16:14:51 +363 [notice] set only ip for gryphon
2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
2014/05/15 16:14:51 +363 [notice] add dr tunnels for exchanging info:2047807498:36524
2014/05/15 16:14:51 +363 [notice] read over from file:./118.pcap
2014/05/15 16:14:51 +363 [notice] pool size:72900718
2014/05/15 16:14:51 +363 [notice] stop, null from pcap_next
2014/05/15 16:14:51 +363 [info] total packets: 992007, needed packets:495965
2014/05/15 16:14:51 +363 [notice] pool used:61630692
2014/05/15 16:14:51 +363 [info] enter tc_build_users
2014/05/15 16:14:51 +363 [notice] users:100, sessions:99178, total packets needed sent:400
2014/05/15 16:14:51 +363 [info] leave tc_build_users
2014/05/15 16:14:52 +865 [notice] total is larger than size of users
2014/05/15 16:14:56 +364 [notice] active conns:0
2014/05/15 16:14:56 +364 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:14:56 +364 [notice] reset sent:0, fin sent:0
2014/05/15 16:14:56 +364 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:14:56 +364 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:01 +367 [notice] active conns:0
2014/05/15 16:15:01 +367 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:01 +367 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:01 +367 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:01 +367 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:06 +369 [notice] active conns:0
2014/05/15 16:15:06 +369 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:06 +369 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:06 +369 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:06 +369 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:11 +371 [notice] active conns:0
2014/05/15 16:15:11 +371 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:11 +371 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:11 +371 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:11 +371 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:14 +406 [warn] sig 2 received
2014/05/15 16:15:14 +406 [notice] active conns:0
2014/05/15 16:15:14 +406 [notice] reject:0, reset recv:0,fin recv:0
2014/05/15 16:15:14 +406 [notice] reset sent:0, fin sent:0
2014/05/15 16:15:14 +406 [notice] conns:0,resp packs:0,c-resp packs:0
2014/05/15 16:15:14 +406 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
2014/05/15 16:15:14 +406 [notice] remove timer over
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] connection fails:32768
2014/05/15 16:15:14 +406 [notice] send 100 reset packs to release tcp resources
2014/05/15 16:15:14 +406 [notice] valid sessions:99126
2014/05/15 16:15:14 +406 [notice] tc_event_loop_finish over
补充信息:
intercept安装在 10.16.15.122
gryphon安装在 10.16.15.113
测试服务器是 10.16.15.118
在测试机上抓包使用的命令:tcpdump -i any tcp and port 80 -w xxx.pcap
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment