最新消息:

__ratelimit: N callbacks suppressed

kernel admin 638浏览 0评论
Jan 29 15:47:09 topjishu kernel: __ratelimit: 1729 callbacks suppressed
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:09 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: __ratelimit: 1805 callbacks suppressed
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow
Jan 29 15:47:14 topjishu kernel: TCP: time wait bucket table overflow

__ratelimit: N callbacks suppressed表示内核阻止了N条syslog消息,这是因为系统重复的日志过多(频率过高),太快输出,被内核中的net_ratelimit()限制了syslog消息。

源码参考:http://fxr.watson.org/fxr/source/lib/ratelimit.c?v=linux-2.6

这个rate limit也是Linux为了避免DoS攻击的一种机制,避免每个消息都被记录(会导致存储空间撑爆)。当内核记录消息,使用printk()通过这种机制来检查是否输出日志。
这个限制可以通过/proc/sys/kernel/printk_ratelimit和/proc/sys/kernel/printk_ratelimit_burst来调优。默认配置(RHEL6)分别是5和10。也就是说,内核允许每5秒记录10条消息。超过这个限制,内核就会抛弃日志,并记录ratelimit N: callbacks suppressed。

[root@web_server_01 ~]#  cat /proc/sys/kernel/printk_ratelimit
5
[root@web_server_01 ~]#  cat /proc/sys/kernel/printk_ratelimit_burst
10
[root@web_server_01 ~]# 

然而,在内核的网络代码中有自己的限制配置(逻辑相同,但是是独立的配置) /proc/sys/net/core/message_cost和/proc/sys/net/core/message_burst,默认配置也是5和10。这里message_cost也是日志采样时间。

[root@web_server_01 ~]# cat /proc/sys/net/core/message_cost
5
[root@web_server_01 ~]# cat /proc/sys/net/core/message_burst
10
[root@web_server_01 ~]#

如果要关闭ratelimit机制,也就是允许每个消息都记录下来,则可以设置message_cost值为0

sysctl -w net.core.message_cost=0

不过,一旦关闭ratelimit,系统就可能存在被日志攻击的风险。

转载请注明:热门技术 » __ratelimit: N callbacks suppressed

发表我的评论
取消评论
表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址