jqlblue · August 29, 2015 14:01
diff --git a/gryphon_issues_jqlblue b/gryphon_issues_jqlblue
 TcpCopy信息

  TcpCopy版本号：0.9.9
  内核版本号：2.6.18-164.el5
  安装规则：
  ./configure --prefix=/usr/local/tcpcopy --enable-single
  启动命令：
  modprobe ip_queue
  iptables -I OUTPUT -p tcp --sport 80 -j QUEUE
  /usr/local/tcpcopy/bin/intercept
  iptables设置：
  
 iptables -L

 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         
 RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         
 RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination         
 QUEUE      tcp  --  anywhere             anywhere            tcp spt:http 

 Chain RH-Firewall-1-INPUT (2 references)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             anywhere            
 ACCEPT     icmp --  anywhere             anywhere            icmp any 
 ACCEPT     esp  --  anywhere             anywhere            
 ACCEPT     ah   --  anywhere             anywhere            
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
 ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
 ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
 ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:36524 
 REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

 日志打印[error_intercept.log]：

 2014/05/15 16:13:26 +451 [notice] intercept version:0.9.9
 2014/05/15 16:13:26 +451 [notice] intercept internal version:5
 2014/05/15 16:13:26 +451 [notice] TCPCOPY_SINGLE mode
 2014/05/15 16:13:26 +451 [notice] INTERCEPT_COMBINED mode
 2014/05/15 16:13:26 +451 [notice] msg listen socket:4
 2014/05/15 16:13:26 +451 [notice] firewall socket:5
 2014/05/15 16:13:56 +454 [notice] total resp packs:0, all:0, route:0
 2014/05/15 16:14:26 +454 [notice] total resp packs:0, all:0, route:0
 2014/05/15 16:14:51 +368 [notice] it adds fd:6
 2014/05/15 16:14:51 +368 [notice] it adds fd:7
 2014/05/15 16:14:56 +455 [notice] total resp packs:0, all:0, route:0
 2014/05/15 16:15:14 +423 [notice] recv length 0,fd:7
 2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:7
 2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:7
 2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:7
 2014/05/15 16:15:14 +423 [notice] destroy event:7
 2014/05/15 16:15:14 +423 [notice] recv length 0,fd:6
 2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:6
 2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:6
 2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:6
 2014/05/15 16:15:14 +423 [notice] destroy event:6
 2014/05/15 16:15:21 +346 [warn] sig 2 received
 2014/05/15 16:15:21 +346 [notice] release_resources begin
 2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:4
 2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:5
 2014/05/15 16:15:21 +346 [notice] release_resources end except log file


 Gryphon信息

  TcpCopy版本号：0.2.0
  内核版本号：2.6.18-164.el5
  安装规则：
  ./configure --enable-single
  启动命令：/usr/local/bin/gryphon -x 80-10.16.15.118:80 -f ./118.pcap -s 10.16.15.122 -u 100 -c 10.16.15.*
  
  日志打印[error_gryphon.log]：
  
 2014/05/15 16:14:51 +363 [notice] gryphon version:0.2.0
 2014/05/15 16:14:51 +363 [notice] target:80-10.16.15.118:80
 2014/05/15 16:14:51 +363 [notice] GRYPHON_SINGLE mode
 2014/05/15 16:14:51 +363 [notice] keepalive timeout:120
 2014/05/15 16:14:51 +363 [notice] set global port for gryphon
 2014/05/15 16:14:51 +363 [notice] parallel connections per target:2
 2014/05/15 16:14:51 +363 [notice] throughput factor: 1,interval:0 ms
 2014/05/15 16:14:51 +363 [notice] init connections speed:1024
 2014/05/15 16:14:51 +363 [notice] s parameter:10.16.15.122
 2014/05/15 16:14:51 +363 [notice] set only ip for gryphon
 2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
 2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
 2014/05/15 16:14:51 +363 [notice] add dr tunnels for exchanging info:2047807498:36524
 2014/05/15 16:14:51 +363 [notice] read over from file:./118.pcap
 2014/05/15 16:14:51 +363 [notice] pool size:72900718
 2014/05/15 16:14:51 +363 [notice] stop, null from pcap_next
 2014/05/15 16:14:51 +363 [info] total packets: 992007, needed packets:495965
 2014/05/15 16:14:51 +363 [notice] pool used:61630692
 2014/05/15 16:14:51 +363 [info] enter tc_build_users
 2014/05/15 16:14:51 +363 [notice] users:100, sessions:99178, total packets needed sent:400
 2014/05/15 16:14:51 +363 [info] leave tc_build_users
 2014/05/15 16:14:52 +865 [notice] total is larger than size of users
 2014/05/15 16:14:56 +364 [notice] active conns:0
 2014/05/15 16:14:56 +364 [notice] reject:0, reset recv:0,fin recv:0
 2014/05/15 16:14:56 +364 [notice] reset sent:0, fin sent:0
 2014/05/15 16:14:56 +364 [notice] conns:0,resp packs:0,c-resp packs:0
 2014/05/15 16:14:56 +364 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
 2014/05/15 16:15:01 +367 [notice] active conns:0
 2014/05/15 16:15:01 +367 [notice] reject:0, reset recv:0,fin recv:0
 2014/05/15 16:15:01 +367 [notice] reset sent:0, fin sent:0
 2014/05/15 16:15:01 +367 [notice] conns:0,resp packs:0,c-resp packs:0
 2014/05/15 16:15:01 +367 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
 2014/05/15 16:15:06 +369 [notice] active conns:0
 2014/05/15 16:15:06 +369 [notice] reject:0, reset recv:0,fin recv:0
 2014/05/15 16:15:06 +369 [notice] reset sent:0, fin sent:0
 2014/05/15 16:15:06 +369 [notice] conns:0,resp packs:0,c-resp packs:0
 2014/05/15 16:15:06 +369 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
 2014/05/15 16:15:11 +371 [notice] active conns:0
 2014/05/15 16:15:11 +371 [notice] reject:0, reset recv:0,fin recv:0
 2014/05/15 16:15:11 +371 [notice] reset sent:0, fin sent:0
 2014/05/15 16:15:11 +371 [notice] conns:0,resp packs:0,c-resp packs:0
 2014/05/15 16:15:11 +371 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
 2014/05/15 16:15:14 +406 [warn] sig 2 received
 2014/05/15 16:15:14 +406 [notice] active conns:0
 2014/05/15 16:15:14 +406 [notice] reject:0, reset recv:0,fin recv:0
 2014/05/15 16:15:14 +406 [notice] reset sent:0, fin sent:0
 2014/05/15 16:15:14 +406 [notice] conns:0,resp packs:0,c-resp packs:0
 2014/05/15 16:15:14 +406 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
 2014/05/15 16:15:14 +406 [notice] remove timer over
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] connection fails:32768
 2014/05/15 16:15:14 +406 [notice] send 100 reset packs to release tcp resources
 2014/05/15 16:15:14 +406 [notice] valid sessions:99126
 2014/05/15 16:15:14 +406 [notice] tc_event_loop_finish over

 补充信息：
 intercept安装在 10.16.15.122
 gryphon安装在 10.16.15.113
 测试服务器是 10.16.15.118
 在测试机上抓包使用的命令：tcpdump -i any tcp and port 80 -w xxx.pcap
	TcpCopy信息

	TcpCopy版本号：0.9.9
	内核版本号：2.6.18-164.el5
	安装规则：
	./configure --prefix=/usr/local/tcpcopy --enable-single
	启动命令：
	modprobe ip_queue
	iptables -I OUTPUT -p tcp --sport 80 -j QUEUE
	/usr/local/tcpcopy/bin/intercept
	iptables设置：

	iptables -L

	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	RH-Firewall-1-INPUT all -- anywhere anywhere

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination
	RH-Firewall-1-INPUT all -- anywhere anywhere

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination
	QUEUE tcp -- anywhere anywhere tcp spt:http

	Chain RH-Firewall-1-INPUT (2 references)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere
	ACCEPT icmp -- anywhere anywhere icmp any
	ACCEPT esp -- anywhere anywhere
	ACCEPT ah -- anywhere anywhere
	ACCEPT udp -- anywhere anywhere udp dpt:ipp
	ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
	ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
	ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:36524
	REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

	日志打印[error_intercept.log]：

	2014/05/15 16:13:26 +451 [notice] intercept version:0.9.9
	2014/05/15 16:13:26 +451 [notice] intercept internal version:5
	2014/05/15 16:13:26 +451 [notice] TCPCOPY_SINGLE mode
	2014/05/15 16:13:26 +451 [notice] INTERCEPT_COMBINED mode
	2014/05/15 16:13:26 +451 [notice] msg listen socket:4
	2014/05/15 16:13:26 +451 [notice] firewall socket:5
	2014/05/15 16:13:56 +454 [notice] total resp packs:0, all:0, route:0
	2014/05/15 16:14:26 +454 [notice] total resp packs:0, all:0, route:0
	2014/05/15 16:14:51 +368 [notice] it adds fd:6
	2014/05/15 16:14:51 +368 [notice] it adds fd:7
	2014/05/15 16:14:56 +455 [notice] total resp packs:0, all:0, route:0
	2014/05/15 16:15:14 +423 [notice] recv length 0,fd:7
	2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:7
	2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:7
	2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:7
	2014/05/15 16:15:14 +423 [notice] destroy event:7
	2014/05/15 16:15:14 +423 [notice] recv length 0,fd:6
	2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:6
	2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:6
	2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:6
	2014/05/15 16:15:14 +423 [notice] destroy event:6
	2014/05/15 16:15:21 +346 [warn] sig 2 received
	2014/05/15 16:15:21 +346 [notice] release_resources begin
	2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:4
	2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:5
	2014/05/15 16:15:21 +346 [notice] release_resources end except log file


	Gryphon信息

	TcpCopy版本号：0.2.0
	内核版本号：2.6.18-164.el5
	安装规则：
	./configure --enable-single
	启动命令：/usr/local/bin/gryphon -x 80-10.16.15.118:80 -f ./118.pcap -s 10.16.15.122 -u 100 -c 10.16.15.*

	日志打印[error_gryphon.log]：

	2014/05/15 16:14:51 +363 [notice] gryphon version:0.2.0
	2014/05/15 16:14:51 +363 [notice] target:80-10.16.15.118:80
	2014/05/15 16:14:51 +363 [notice] GRYPHON_SINGLE mode
	2014/05/15 16:14:51 +363 [notice] keepalive timeout:120
	2014/05/15 16:14:51 +363 [notice] set global port for gryphon
	2014/05/15 16:14:51 +363 [notice] parallel connections per target:2
	2014/05/15 16:14:51 +363 [notice] throughput factor: 1,interval:0 ms
	2014/05/15 16:14:51 +363 [notice] init connections speed:1024
	2014/05/15 16:14:51 +363 [notice] s parameter:10.16.15.122
	2014/05/15 16:14:51 +363 [notice] set only ip for gryphon
	2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
	2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
	2014/05/15 16:14:51 +363 [notice] add dr tunnels for exchanging info:2047807498:36524
	2014/05/15 16:14:51 +363 [notice] read over from file:./118.pcap
	2014/05/15 16:14:51 +363 [notice] pool size:72900718
	2014/05/15 16:14:51 +363 [notice] stop, null from pcap_next
	2014/05/15 16:14:51 +363 [info] total packets: 992007, needed packets:495965
	2014/05/15 16:14:51 +363 [notice] pool used:61630692
	2014/05/15 16:14:51 +363 [info] enter tc_build_users
	2014/05/15 16:14:51 +363 [notice] users:100, sessions:99178, total packets needed sent:400
	2014/05/15 16:14:51 +363 [info] leave tc_build_users
	2014/05/15 16:14:52 +865 [notice] total is larger than size of users
	2014/05/15 16:14:56 +364 [notice] active conns:0
	2014/05/15 16:14:56 +364 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:14:56 +364 [notice] reset sent:0, fin sent:0
	2014/05/15 16:14:56 +364 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:14:56 +364 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:01 +367 [notice] active conns:0
	2014/05/15 16:15:01 +367 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:01 +367 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:01 +367 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:01 +367 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:06 +369 [notice] active conns:0
	2014/05/15 16:15:06 +369 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:06 +369 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:06 +369 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:06 +369 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:11 +371 [notice] active conns:0
	2014/05/15 16:15:11 +371 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:11 +371 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:11 +371 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:11 +371 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:14 +406 [warn] sig 2 received
	2014/05/15 16:15:14 +406 [notice] active conns:0
	2014/05/15 16:15:14 +406 [notice] reject:0, reset recv:0,fin recv:0
	2014/05/15 16:15:14 +406 [notice] reset sent:0, fin sent:0
	2014/05/15 16:15:14 +406 [notice] conns:0,resp packs:0,c-resp packs:0
	2014/05/15 16:15:14 +406 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
	2014/05/15 16:15:14 +406 [notice] remove timer over
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] connection fails:32768
	2014/05/15 16:15:14 +406 [notice] send 100 reset packs to release tcp resources
	2014/05/15 16:15:14 +406 [notice] valid sessions:99126
	2014/05/15 16:15:14 +406 [notice] tc_event_loop_finish over

	补充信息：
	intercept安装在 10.16.15.122
	gryphon安装在 10.16.15.113
	测试服务器是 10.16.15.118
	在测试机上抓包使用的命令：tcpdump -i any tcp and port 80 -w xxx.pcap