Bug #3157: 【c系统】6.2.3.单条策略最大mac数量上限验证，步骤2重载规则：./cli_client '{"action":"rule_reload","file":"../data/rule6"}'报错 - 无频10G - Redmine

Bug #3157

【c系统】6.2.3.单条策略最大mac数量上限验证，步骤2重载规则：./cli_client '{"action":"rule_reload","file":"../data/rule6"}'报错

Added by 天驰王 4 months ago. Updated 4 months ago.

Status:

Closed

Priority:

High

Assignee:

齐刘

Start date:

01/21/2025

Due date:

% Done:

测试版本:

20250208170009

复现概率:

100%

Description

【步骤】
1、使用telnet登录网关,执行命令进入中间件：lxc-attach -n ufw -P /opt/cu/framework,将含有一条配置策略的规则文件rule6传到/opt/apps/tractrl/data目录下（其中rule6文件中的策略只配置mac，不指定ip，mac配置数量用例6.2.1用例中步骤3返回结果中MaxIPSetEntry字段的值）：
2、返回插件目录cd /opt/apps/tractrl/files，重载规则：./cli_client '{"action":"rule_reload","file":"../data/rule6"}'
3、使用步骤1中的配置的下挂设备列表中选取第一个和最后一个下挂设备访问网络，查看访问结果：
4、清空阻断策略：./cli_client '{"action":"rule_flush"}'，再次执行步骤3，查看访问结果：

【实际结果】
/opt/apps/tractrl/files #
/opt/apps/tractrl/files # ./cli_client '{"action":"rule_reload","file":"../data/rule6.txt"}'

[rule 1] api_addIPSets(TRACTRL_mac_1) failed; [rule 1] api_addFirewallTrafficControl(TRACTRL_rule_1) failed
/opt/apps/tractrl/files #
/opt/apps/tractrl/files #

【预期结果】
1、步骤2规则重载成功，无报错：
2、步骤3多台下挂设备访问网络失败：
3、步骤4下挂设备可以正常访问网络：

rule6.txt (156 KB) 天驰王, 01/21/2025 14:46

微信图片_20250121144615.png (13.9 KB) 天驰王, 01/21/2025 14:46

History

#1 Updated by 天驰王 4 months ago

Priority changed from Normal to High

#2 Updated by 齐刘 4 months ago

Status changed from New to In Progress

dbus超时了需要优化，目前可以添加成功，但添加了8000个 IGD_FIREWALL_IPSET_ENTRY_ATTR_CFG_TAB实例，执行了8000次ipset命令行

#3 Updated by 齐刘 4 months ago

Status changed from In Progress to Resolved

/opt/apps/tractrl/files # ./cli_client '{"action":"rule_reload","file":"../data/rule6"}'

/opt/apps/tractrl/files # ./cli_client '{"action":"rule_cap_get"}' {
"MaxTrafficControl": 8,
"MaxIPSet": 4,
"MaxIPSetEntry": 8000
}
/opt/apps/tractrl/files #
/opt/apps/tractrl/files # ./cli_client '{"action":"rule_flush"}'

/opt/apps/tractrl/files # ./cli_client '{"action":"rule_reload","file":"../data/rule6"}'

/opt/apps/tractrl/files # ./cli_client '{"action":"rule_flush"}'

#4 Updated by 天文刘 4 months ago

Status changed from Resolved to Closed
测试版本 changed from _bbf7713_tiangong0_ker_fs_fwk to 20250208170009

新版本正常OK

Also available in: Atom PDF

Project

General

Profile

联通网关 » 无频10G

Issues

Bug #3157

【c系统】6.2.3.单条策略最大mac数量上限验证，步骤2重载规则：./cli_client '{"action":"rule_reload","file":"../data/rule6"}'报错

History

#1 Updated by 天驰王 4 months ago

#2 Updated by 齐刘 4 months ago

#3 Updated by 齐刘 4 months ago

#4 Updated by 天文刘 4 months ago

Project

General

Profile

联通网关 » 无频10G

Issues

Bug #3157

【c系统】6.2.3.单条策略最大mac数量上限验证，步骤2重载规则：./cli_client '{"action":"rule_reload","file":"../data/rule6"}'报错

History

#1 Updated by 天驰 王 4 months ago

#2 Updated by 齐 刘 4 months ago

#3 Updated by 齐 刘 4 months ago

#4 Updated by 天文 刘 4 months ago

#1 Updated by 天驰王 4 months ago

#2 Updated by 齐刘 4 months ago

#3 Updated by 齐刘 4 months ago

#4 Updated by 天文刘 4 months ago