Linux

“net_ratelimit:44 個回調被抑制”在 Linux 上是什麼意思?

  • November 8, 2016

我正在嘗試在基於 Debian 的路由器上調整 Snort 性能。我看到了類似的東西:

snort packet recv contents failure: No buffer space available

所以我將緩衝區提高到 8M,當這不起作用時,我嘗試了 16M,根據http://fasterdata.es.net/fasterdata/host-tuning/linux/上的調整指南:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# Increase TCP Buffers to 16 MB
sysctl -w net.core.rmem_default='16777216'
sysctl -w net.core.wmem_default='16777216'
sysctl -w net.core.rmem_max='16777216'
sysctl -w net.core.wmem_max='16777216'
sysctl -w net.ipv4.tcp_wmem='1048576 4194304 16777216'
sysctl -w net.ipv4.tcp_rmem='1048576 4194304 16777216'
sysctl -w net.core.netdev_max_backlog='30000'
exit 0

現在我看不到“無緩衝區空間”日誌條目,但我有一個新條目:

net_ratelimit: 44 callbacks suppressed

來自同一時間框架的唯一其他資訊是這些火星人,也許這就是被壓制的東西?

Jun  4 07:09:36 ilium ntpd_intres[3575]: host name not found: 0.us.pool.ntp.org
Jun  4 14:17:36 ilium kernel: [25743.259951] net_ratelimit: 44 callbacks suppressed
Jun  4 14:17:36 ilium kernel: [25743.259955] martian source 216.59.11.21 from 127.0.0.1, on dev eth0
Jun  4 14:17:36 ilium kernel: [25743.259956] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:17:58 ilium kernel: [25765.055449] martian source 216.59.11.21 from 127.0.0.1, on dev eth0
Jun  4 14:17:58 ilium kernel: [25765.055451] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:18:43 ilium kernel: [25809.998978] martian source 216.59.11.21 from 127.0.0.1, on dev eth0
Jun  4 14:18:43 ilium kernel: [25809.998980] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:24:11 ilium kernel: [26138.700143] martian source 216.59.11.71 from 127.0.0.1, on dev eth0
Jun  4 14:24:11 ilium kernel: [26138.700145] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:28:42 ilium kernel: [26409.130701] martian source 216.59.11.71 from 127.0.0.1, on dev eth0
Jun  4 14:28:42 ilium kernel: [26409.130703] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00

net_ratelimit()’ 用於限制來自核心的 syslog 消息。

這個“回調被抑制”消息意味著它抑制了 44 條系統日誌消息。

這是為了避免載入您的 syslog 日誌記錄路徑。

如果您有興趣,這裡是原始碼參考,

FreeBSD/Linux Kernel Cross Reference;sys/net/core/utils.c ,

它呼叫sys/lib/ratelimit.c___ratelimit()

您可能想調查您的“火星來源”,

但我猜如果您忽略它,速率限制將處理日誌

(修復未知日誌來源通常是個好主意)。

在你的情況下,它看起來就像你的火星包

一個傳入或傳出數據包,其或目標地址在 127.0.0.0/8 範圍內,保留用於主機內的環回。

引用自:https://serverfault.com/questions/277009