服務var/log/messages出現幾種日志:
kernel: TCP: time wait bucket table overflow
kernel: __ratelimit: 5400 callbacks suppressed
kernel: possible SYN flooding on port 80. Sending cookies.
根據網上部分資料:
kernel: TCP: time wait bucket table overflow
是因為net.ipv4.tcp_max_tw_buckets過小導致。調整/etc/sysctl.conf中net.ipv4.tcp_max_tw_buckets值。
kernel: __ratelimit: 5400 callbacks suppressed
是因為kernel: TCP: time wait bucket table overflow錯誤過多導致。
含義是:限制了一些系統日志輸出。避免加載日志路徑。這里的5400條就已經很多了,也說明系統log信息太多導致,需要注意。
可以參見:
'net_ratelimit()' is used to limit syslog messages from kernel.
This "callbacks suppressed" message implies it suppressed a bulk of 44 syslog messages.
This is an attempt to avoid loading your syslog logging path.Here is the source reference if you are interested,
FreeBSD/Linux Kernel Cross Reference; sys/net/core/utils.c,
It calls sys/lib/ratelimit.c --___ratelimit()
以及
int ___ratelimit(struct ratelimit_state *rs, const char *func) { unsigned long flags; 31 int ret; 32 33 if (!rs->interval) 34 return 1; 35 36 /* 37 * If we contend on this state's lock then almost 38 * by definition we are too busy to print a message, 39 * in addition to the one that will be printed by 40 * the entity that is holding the lock already: 41 */ 42 if (!raw_spin_trylock_irqsave(&rs->lock, flags)) 43 return 0; 44 45 if (!rs->begin) 46 rs->begin = jiffies; 47 48 if (time_is_before_jiffies(rs->begin + rs->interval)) { 49 if (rs->missed) 50 printk(KERN_WARNING "%s: %d callbacks suppressed\n", 51 func, rs->missed); 52 rs->begin = 0; 53 rs->printed = 0; 54 rs->missed = 0; 55 }
參考資料:
http://serverfault.com/questions/277009/what-does-net-ratelimit-44-callbacks-suppressed-mean-on-a-linux-based-router
http://fxr.watson.org/fxr/source/lib/ratelimit.c?v=linux-2.6
http://lxr.oss.org.cn/source/lib/ratelimit.c?v=2.6.30