系统日志 time wait、__ratelimit、 SYN flooding含义
服务var/log/messages出现几种日志:
kernel: TCP: time wait bucket table overflow
kernel: __ratelimit: 5400 callbacks suppressed
kernel: possible SYN flooding on port 80. Sending cookies.
根据网上部分资料:
kernel: TCP: time wait bucket table overflow
是因为net.ipv4.tcp_max_tw_buckets过小导致。调整/etc/sysctl.conf中net.ipv4.tcp_max_tw_buckets值。
kernel: __ratelimit: 5400 callbacks suppressed
是因为kernel: TCP: time wait bucket table overflow错误过多导致。
含义是:限制了一些系统日志输出。避免加载日志路径。这里的5400条就已经很多了,也说明系统log信息太多导致,需要注意。
可以参见:
'net_ratelimit()' is used to limit syslog messages from kernel.
This "callbacks suppressed" message implies it suppressed a bulk of 44 syslog messages.
This is an attempt to avoid loading your syslog logging path.Here is the source reference if you are interested,
FreeBSD/Linux Kernel Cross Reference; sys/net/core/utils.c,
It calls sys/lib/ratelimit.c --___ratelimit()
以及
int ___ratelimit(struct ratelimit_state *rs, const char *func) { unsigned long flags; 31 int ret; 32 33 if (!rs->interval) 34 return 1; 35 36 /* 37 * If we contend on this state's lock then almost 38 * by definition we are too busy to print a message, 39 * in addition to the one that will be printed by 40 * the entity that is holding the lock already: 41 */ 42 if (!raw_spin_trylock_irqsave(&rs->lock, flags)) 43 return 0; 44 45 if (!rs->begin) 46 rs->begin = jiffies; 47 48 if (time_is_before_jiffies(rs->begin + rs->interval)) { 49 if (rs->missed) 50 printk(KERN_WARNING "%s: %d callbacks suppressed\n", 51 func, rs->missed); 52 rs->begin = 0; 53 rs->printed = 0; 54 rs->missed = 0; 55 }
参考资料:
http://serverfault.com/questions/277009/what-does-net-ratelimit-44-callbacks-suppressed-mean-on-a-linux-based-router
http://fxr.watson.org/fxr/source/lib/ratelimit.c?v=linux-2.6
http://lxr.oss.org.cn/source/lib/ratelimit.c?v=2.6.30
posted on 2014-04-14 15:05 magic.xiao 阅读(27571) 评论(0) 编辑 收藏 举报
