dmesg中經常看到這類信息
QUOTE:TCP: Treason uncloaked! Peer 220.181..9.31:80/55624 shrinks window 407894503:407895975. Rep.ai.red.电脑
T.CP: Treason uncloaked! Peer 220.181.9..31:80/55624 shrinks window 407894503:407895975. Rep.aired.<性病>
網絡中的解釋是:
QUOTE:The remote host decided to shrin.k the TCP window size without negotia.ting .such with your Linux box. .The message is of the informational level, meaning Linux doesn't like what it is seeing but will .cope with it an.d carry on.服务器
大.致意.思.是说:这是一段一般性提示信息,说明远程主机在未经Linux主机"同意"就收缩了TCP window size,虽然Linux主机不喜欢这类举动,但是仍将继续处理这类请求..
这是一种解释,也就是这类信息可能并非危.险. 建材
另.外一段解释来自Debian的邮件列表,首先回复者引用了一段源代码说明错误.的来源:--- 印刷
QUOTE: >>F.rom /usr/src/linux/net/ipv4/t.cp_timer.c:服务器
i.f (tp->snd_wnd == 0 && !sk->dead &.&电脑
!((1<<sk-.>state)&(.TCPF_SYN_SENT|TCPF_SYN_RECV))) {教育
. /*. Receiver dastardly shrinks window. Our retransmits 女人
* b.ecome zero probes, but we should not. timeout this 外汇
. * connection. If the socket is an orphan, t.ime it out, 健康
. * we cannot allo.w such beasts to hang infinitely..
. */ 电子
.#ifdef TCP_DEBUG 杀毒
. . if (net_ratelimit()) 鲜花
. printk(KER.N_DEBUG "TCP: Treason uncloaked! Peer<性病>
%u.%u.%u.%u:%u/%u shrinks wind.ow %u:%u. Repaired.\n.",.
. NIPQUAD(sk->daddr), htons(sk->dp.ort)., sk->num, 健康
. tp->snd_una, tp-.>snd_nxt); 外汇
#endif
具体的解释是:
QUOTE: So it appears that someone. is running s.ome sort of "tar-pit". system that is 美容
desig.ne.d to keep sockets in a bad state .and run you out of kernel memory.( 游戏 )
I suspect that this ties in with the spam bloc.king. things we recently 鲜花
.d.iscussed. Maybe you should tell your ISP that they are to blame fo.r such.
actions be.ing done to you and that they sh.ould "give. you face" (I think that域名
was the term you us.ed) by clos.ing their open relays..
作者认为这可能和tar-pi.t攻击相关.并且建议联系I.SP提供解决方案. 健康
还有如下的解释:
QU.OTE:The reason Linux is .printing such messages is .because your client guy is sh.rinking the TCP Window to 0, and the server has something to retransmit. There is something ser.iously wrong with your client's stack. Which .Stack/OS are you using on he client side, a.nd which browser? 建材
That could explain .your browser showing some html tags as the server fails to send the whole page across and based on what browser .you are usi.ng. it is failing to parse it out.教育
意思是,这类.错误也.可能是客户端Stack错误引起的..
另一段同样引用了.源代码的解释似乎直指了问题的本质:.
QUOTE:> Treason uncloaked! Peer [IP address]:5.15/1022. shrinks window 健康
> 3957222.360:3957222379. Repaired..<性病>
> Our researc.hes so far indicate .the problem may be a buggy TCP stack<性病>
> in the client, that i.s i.n the DP301P+. But we still do not know[成人用品]
> ex.actly what cau.sed the problem, nor how to prevent it happening教育
> again.
T.hat comes from the kernel tcp code below. Looks like the DLi.nk has( 游戏 )
returned info.rmatio.n yielding a transmit window smaller than it投资
previously did; specifically it returned a window of zero plus.. an ack 女人
of up to byte 3957222360, th.us indicatin.g that it can accept nothing--------------彩票
after that byte. Pr.eviously it had sent some ac.k+wnd values电影
indicating that it would accept up to byt.e 395.7222379.[成人用品]
The Linux si.de is now supposed to s.end a packet every now and then 建材
for.e.ver until the returned window is nonzero. It does. .
H.owever, the dlink is apparently not responding in. a timely manner.学习
Any r.esponse would either open the window or u.pdate the rcv timestamp 女人
suc.h that the thing will ret.ransmit forever. It may be responding电脑
very slowly, or j.ust not respo.nding at all. 婚庆
The kernel prints the message after it expected. but did not .see a学习
response to the probe packet it sent to check for .a n.onzero window. 乙肝
The kernel implements exponential backof.f retransmission.s until it.
ha.sn't. seen any response in 2m, then it will bail and close the( 游戏 )
connection. This is reasonable. It's unclear from. your report. if the.
conne.ctions are failing outright or just sometimes hav.ing to 女人
retransmit a probe against a peer that shran.k the wind.ow..
http://www.eygle.com/archives/20 ... ason_uncloaked.html.
做個記錄。
