全部博文(1144)
分类: LINUX
2005-06-13 09:06:25
服务器console的屏幕上一直会有这样的信息刷屏(这个信息作为kernel日志写入了/var/log/messages文件中):
xxx.xxx.xxx.xxx sent an invalid ICMP type 11, code 0 error to a broadcast: xxx.xxx.xxx.xxx
这个问题其实很早就发现了,只是一直不以为意,今天决定要把这个问题给解决了。
先是设置iptables把发出的icmp包抛弃掉,可是这样做并没有效果。那就只好google喽。
google 这些关键字sent an invalid "icmp type 11"。
一个结果是一个新闻组/邮件列表的内容,有人也遇到了这个问题(看来这个问题还是典型的),也有人提出解决方案:
I don't know what's going on either, but I added the line:
net.ipv4.icmp_ignore_bogus_error_responses = 1
to /etc/sysctl.conf, which doesn't deal with the underlying cause
(whatever it is) but does get the kernel to shut up about it and stop
flooding the logs. I haven't noticed any ill effects so far.
Ewan
另一个结果是,是redhat的官方网站,说明这是一个bug。接下来的comment还提到了原因:
I've also seen this on 2.4.21-4.EL. The problem is that you have
some device on your network that incorrectly sends a ICMP time
exceeded response to broadcasts where ttl == 0. The linux kernel
reports such bogus messages in the system log by default.
The code that actually does the logging was updated to be more
verbose sometime between 2.4.19 and 2.4.21 I think, but unfortunately
the update introduced a bug so that the log message incorrectly list
the destination address as the source address of the bogus message !
So you cannot find the bad device with the information in the log
message. You have to use a network packet sniffer instead.
To get the correct address of the bad packet the kernel must be fixed
(see included mail below)
You can also try to find the bad device with send out the packages
It is also possible to turnoff logging of bad ICMP packages in the
linux kernel if you just think the messages are annoying.
Do:
# /sbin/sysctl –w net.ipv4.icmp_ignore_bogus_error_response=1
or put it in /etc/sysctl.conf if you want it if permanently.
/Leif
该bug已经在kernel-2.4.21-9.EL中得到了纠正。可以升级内核或者打补丁包来解决它。