在Linux上,“ net_ratelimit:抑制了44个回调”是什么意思?


19

我正在尝试在基于Debian的路由器上调整Snort的性能。我看到的东西是:

snort packet recv contents failure: No buffer space available

因此,根据http://fasterdata.es.net/fasterdata/host-tuning/linux/上的调优指南,我将缓冲区增加到8M,当不起作用时我尝试了16M :

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# Increase TCP Buffers to 16 MB
sysctl -w net.core.rmem_default='16777216'
sysctl -w net.core.wmem_default='16777216'
sysctl -w net.core.rmem_max='16777216'
sysctl -w net.core.wmem_max='16777216'
sysctl -w net.ipv4.tcp_wmem='1048576 4194304 16777216'
sysctl -w net.ipv4.tcp_rmem='1048576 4194304 16777216'
sysctl -w net.core.netdev_max_backlog='30000'
exit 0

现在,我看不到“没有缓冲区空间”日志条目,但是我有了一个新条目:

net_ratelimit: 44 callbacks suppressed

同一时间范围内仅有的其他消息是这些mart难者,也许这就是被压制的东西?

Jun  4 07:09:36 ilium ntpd_intres[3575]: host name not found: 0.us.pool.ntp.org
Jun  4 14:17:36 ilium kernel: [25743.259951] net_ratelimit: 44 callbacks suppressed
Jun  4 14:17:36 ilium kernel: [25743.259955] martian source 216.59.11.21 from 127.0.0.1, on dev eth0
Jun  4 14:17:36 ilium kernel: [25743.259956] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:17:58 ilium kernel: [25765.055449] martian source 216.59.11.21 from 127.0.0.1, on dev eth0
Jun  4 14:17:58 ilium kernel: [25765.055451] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:18:43 ilium kernel: [25809.998978] martian source 216.59.11.21 from 127.0.0.1, on dev eth0
Jun  4 14:18:43 ilium kernel: [25809.998980] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:24:11 ilium kernel: [26138.700143] martian source 216.59.11.71 from 127.0.0.1, on dev eth0
Jun  4 14:24:11 ilium kernel: [26138.700145] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00
Jun  4 14:28:42 ilium kernel: [26409.130701] martian source 216.59.11.71 from 127.0.0.1, on dev eth0
Jun  4 14:28:42 ilium kernel: [26409.130703] ll header: 00:30:48:7c:f8:10:00:24:c4:49:8d:00:08:00

Answers:


20

' net_ratelimit()'用于限制来自内核的系统日志消息。
此“抑制回叫”消息表示它抑制了44条系统日志消息的大部分。
这是为了避免加载系统日志日志路径。

如果您有兴趣,可以参考以下源代码:《
FreeBSD / Linux内核交叉参考》。SYS /网/核心/ utils.c
它调用SYS / lib目录/ ratelimit.c -___ratelimit()

您可能想调查您的“ 火星来源 ”,
但是我想如果忽略它,速率限制将处理日志
(通常是修复未知日志来源的好主意)。

在您的情况下,看起来就像您的火星数据包一样,

或目标地址在127.0.0.0/8范围内的传入或传出数据包,保留用于主机内的环回。


1
这也是一本好书:zszsit.blogspot.com.br/2012/10/…很好的故障排除__ratelimit: # callbacks supressed
Marcel
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.