IPTables 记录大量“TCP INCOMPLETE”消息

IPTables 记录大量“TCP INCOMPLETE”消息

目前正在尝试调查与 Web 服务器负载相关的问题,我发现了大量来自 IPTables 的我不认识的日志。它们都看起来像这样:

2 月 26 日 12:03:52 dop002 警告 [2559556.039033] IN=eth1 OUT= MAC=剪掉来源=88.115.48.62 DST=剪掉 LEN=56 TOS=0x00 PREC=0x00 TTL=54 ID=14166 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=88.115.48.1 [SRC=剪掉 DST=88.115.60.143 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=42868 DF PROTO=TCP INCOMPLETE [8 字节] ]

有人能告诉我这行日志是什么意思吗?/var/log/messages 里有很多这样的日志。

谢谢。

答案1

这是 ICMP 类型 5 消息。

RFC 792

描述

 The gateway sends a redirect message to a host in the following
 situation.  A gateway, G1, receives an internet datagram from a
 host on a network to which the gateway is attached.  The gateway,
 G1, checks its routing table and obtains the address of the next
 gateway, G2, on the route to the datagram's internet destination
 network, X.  If G2 and the host identified by the internet source
 address of the datagram are on the same network, a redirect
 message is sent to the host.  The redirect message advises the
 host to send its traffic for network X directly to gateway G2 as
 this is a shorter path to the destination.  The gateway forwards
 the original datagram's data to its internet destination.

 For datagrams with the IP source route options and the gateway
 address in the destination address field, a redirect message is
 not sent even if there is a better route to the ultimate
 destination than the next address in the source route.

 Codes 0, 1, 2, and 3 may be received from a gateway.

相关内容