Linux message日志出现大量 “net_ratelimit: N callbacks suppressed” 信息

逆流の鱼, 13 十一月, 2015

Linux has a mechanism to avoid a DoS attack – with regard to logging – called rate limit. Every message logged by the kernel (including its modules), with printk(), is checked if it’s allowed to be actually printed through this mechanism.

The limits can be configured by tuning the files /proc/sys/kernel/printk_ratelimit and /proc/sys/kernel/printk_ratelimit_burst. In my machine, the values for these files are 5 and 10, respectively, meaning: It’s allowed 10 messages every 5 seconds. Exceeding this will make the kernel discard the message and print something like “ratelimit N: callbacks suppressed”.

However, the networking code in the kernel has its own limit configuration. They obey the same logic above, they use a different path just to allow independence from the generic logging functions. The files are: /proc/sys/net/core/message_cost and /proc/sys/net/core/message_burst. They are similar to their generic “parents” mentioned above.

The message_cost file contains the interval and message_burst contains the maximum number of messages allowed in that interval.

To disable this mechanism and allow every message to be logged, simply set the interval to 0:

       # sysctl -w net.core.message_cost=0

Write “net.core.message_cost=0” to /etc/sysctl.d/some-file to make this change persistent to reboots.

This will make the message “net_ratelimit: N callbacks suppressed” go away. It’s up to you do disable this mechanism. Sometimes it’s just necessary, right?