我有一個奇怪的問題,net.ipv4.tcp_syncookies設定為零。但我的 /var/log/messages 中仍然有以下警告
TCP: Possible SYN flooding on port 80. Dropping request.
sysctl -a | grep cooki
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_cookie_size = 0
=========================================
net.ipv4.tcp_max_syn_backlog=500000
=========================================
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
=========================================
Centos 6.2 64bit
Linux 3.0.0+ #1 SMP Fri Oct 26 07:55:47 EEST 2012 x86_64 x86_64 x86_64 GNU/Linux
/var/log/訊息
net_ratelimit: 6168 callbacks suppressed
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
TCP: Possible SYN flooding on port 80. Dropping request.
答案1
每個應用程式在進行偵聽呼叫以偵聽連接埠時都會傳遞一個積壓參數。如果應用程式處理連線請求的速度很慢,您最終可能會收到一些有點誤導性的訊息。此參數類似於每個連接埠的 tcp_max_syn_backlog。