dmesg -a提示大量“drop session, too many entries”错误信息

weixin_38052002 2007-12-14 10:53:46

直接输入dmesg命令显示内容为空。
输入dmesg -a提示大量“drop session, too many entries”错误信息

cat /var/log/messages，内容如下：
Dec 11 11:22:31 www kernel: Copyright (c) 1992-2007 The FreeBSD Project.
Dec 11 11:22:31 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 19 91, 1992, 1993, 1994
Dec 11 11:22:31 www kernel: The Regents of the University of California. All rig hts reserved.
Dec 11 11:22:31 www kernel: FreeBSD is a registered trademark of The FreeBSD Fou ndation.
Dec 11 11:22:31 www kernel: FreeBSD 6.2-RELEASE #0: Mon Dec 3 16:53:10 CST 2007
Dec 11 11:22:31 www kernel: root@www.*。*:/usr/src/sys/i386/compile/mykernel
Dec 11 11:22:31 www kernel: Timecounter "i8254" frequency 1193182 Hz quality 0
Dec 11 11:22:31 www kernel: CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz (2998.50-MHz 686-class CPU)
Dec 11 11:22:31 www kernel: Origin = "GenuineIntel" Id = 0xf43 Stepping = 3
Dec 11 11:22:31 www kernel: Features=0xbfebfbff<FPU>
Dec 11 11:22:31 www kernel: Features2=0x649d<SSE3,RSVD2,MON,DS_CPL,EST,CNTX-ID,C X16,<b14>>
Dec 11 11:22:31 www kernel: AMD Features=0x20100000<NX>
Dec 11 11:22:31 www kernel: Logical CPUs per core: 2
Dec 11 11:22:31 www kernel: real memory = 1072144384 (1022 MB)
Dec 11 11:22:31 www kernel: avail memory = 1044385792 (996 MB)
Dec 11 11:22:31 www kernel: kbd1 at kbdmux0
Dec 11 11:22:31 www kernel: acpi0: <INTEL> on motherboard
Dec 11 11:22:31 www kernel: acpi0: Power Button (fixed)
Dec 11 11:22:31 www kernel: Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
Dec 11 11:22:31 www kernel: acpi_timer0: <24> port 0x40 8-0x40b on acpi0
Dec 11 11:22:31 www kernel: cpu0: <ACPI> on acpi0
Dec 11 11:22:31 www kernel: acpi_perf0: <ACPI> on cpu0
Dec 11 11:22:31 www kernel: acpi_perf0: failed in PERF_STATUS attach
Dec 11 11:22:31 www kernel: device_attach: acpi_perf0 attach returned 6
Dec 11 11:22:31 www kernel: acpi_perf0: <ACPI> on cpu0
Dec 11 11:22:31 www kernel: acpi_perf0: failed in PERF_STATUS attach
Dec 11 11:22:31 www kernel: device_attach: acpi_perf0 attach returned 6
Dec 11 11:22:31 www kernel: acpi_button0: <Sleep> on acpi0
Dec 11 11:22:31 www kernel: pcib0: <ACPI> port 0xcf8-0xcff on ac pi0
Dec 11 11:22:31 www kernel: pci0: <ACPI> on pcib0
Dec 11 11:22:31 www kernel: pcib1: <ACPI> at device 28.0 on pci0
Dec 11 11:22:31 www kernel: pci1: <ACPI> on pcib1
Dec 11 11:22:31 www kernel: pcib2: <ACPI> at device 28.4 on pci0
Dec 11 11:22:31 www kernel: pci2: <ACPI> on pcib2
Dec 11 11:22:31 www kernel: pcib3: <ACPI> at device 28.5 on pci0
Dec 11 11:22:31 www kernel: pci3: <ACPI> on pcib3
Dec 11 11:22:31 www kernel: em0: <Intel> port 0x2000-0x201f mem 0x48100000-0x4811ffff irq 9 at device 0.0 on pci3
Dec 11 11:22:31 www kernel: em0: Ethernet address: 00:13:20:d5:05:37
Dec 11 11:22:31 www kernel: pci0: <serial> at device 29.0 (no driver at tached)
Dec 11 11:22:31 www kernel: pci0: <serial> at device 29.1 (no driver at tached)
Dec 11 11:22:31 www kernel: pci0: <serial> at device 29.2 (no driver at tached)
Dec 11 11:22:31 www kernel: pci0: <serial> at device 29.3 (no driver at tached)
Dec 11 11:22:31 www kernel: pci0: <serial> at device 29.7 (no driver at tached)
Dec 11 11:22:31 www kernel: pcib4: <ACPI> at device 30.0 on pci0
Dec 11 11:22:31 www kernel: pci4: <ACPI> on pcib4
Dec 11 11:22:31 www kernel: pci4: <display> at device 4.0 (no driver attach ed)
Dec 11 11:22:31 www kernel: em1: <Intel> port 0x1100-0x113f mem 0x48020000-0x4803ffff,0x48000000-0x4801ffff irq 9 at device 5.0 on pci4
Dec 11 11:22:31 www kernel: em1: Ethernet address: 00:13:20:d5:05:38
Dec 11 11:22:31 www kernel: isab0: <PCI> at device 31.0 on pci0
Dec 11 11:22:31 www kernel: isa0: <ISA> on isab0
Dec 11 11:22:31 www kernel: atapci0: <Intel> port 0x1f0- 0x1f7,0x3f6,0x170-0x177,0x376,0x30b0-0x30bf irq 11 at device 31.1 on pci0
Dec 11 11:22:31 www kernel: ata0: <ATA> on atapci0
Dec 11 11:22:31 www kernel: ata1: <ATA> on atapci0
Dec 11 11:22:31 www kernel: atapci1: <Intel> port 0x30c8 -0x30cf,0x30e4-0x30e7,0x30c0-0x30c7,0x30e0-0x30e3,0x30a0-0x30af mem 0x48200000-0 x482003ff irq 11 at device 31.2 on pci0
Dec 11 11:22:31 www kernel: ata2: <ATA> on atapci1
Dec 11 11:22:31 www kernel: ata3: <ATA> on atapci1
Dec 11 11:22:31 www kernel: pci0: <serial> at device 31.3 (no driver attached)
Dec 11 11:22:31 www kernel: pmtimer0 on isa0
Dec 11 11:22:31 www kernel: orm0: <ISA> at iomem 0xc0000-0xcafff on i sa0
Dec 11 11:22:31 www kernel: sc0: <System> at flags 0x100 on isa0
Dec 11 11:22:31 www kernel: sc0: VGA <16>
Dec 11 11:22:31 www kernel: vga0: <Generic> at port 0x3c0-0x3df iomem 0x a0000-0xbffff on isa0
Dec 11 11:22:31 www kernel: atkbdc0: <Keyboard> at port 0x60, 0x64 on isa0
Dec 11 11:22:31 www kernel: atkbd0: <AT> irq 1 on atkbdc0
Dec 11 11:22:31 www kernel: kbd0 at atkbd0
Dec 11 11:22:31 www kernel: atkbd0: [GIANT-LOCKED]
Dec 11 11:22:31 www kernel: RTC BIOS diagnostic error 80<clock_battery>
Dec 11 11:22:31 www kernel: Timecounter "TSC" frequency 2998496670 Hz quality 80 0
Dec 11 11:22:31 www kernel: Timecounters tick every 1.000 msec
Dec 11 11:22:31 www kernel: ipfw2 (+ipv6) initialized, divert loadable, rule-bas ed forwarding disabled, default to accept, logging limited to 10 packets/entry b y default
Dec 11 11:22:31 www kernel: ad6: 305245MB <WDC> at at a3-master SATA150
Dec 11 11:22:31 www kernel: Trying to mount root from ufs:/dev/ad6s1a
Dec 11 11:22:32 www kernel: em0: link state changed to UP
Dec 11 11:22:32 www kernel: em1: link state changed to UP
Dec 11 11:22:35 www kernel: ipfw: limit 5 reached on entry 60000
Dec 11 11:36:04 www kernel: stray irq7
Dec 11 11:40:18 www kernel: stray irq7
Dec 11 11:42:39 www kernel: stray irq7
Dec 11 11:53:11 www kernel: arp: 00:11:2f:fb:0a:b4 attempts to modify permanent entry for 222.88.x.x on em0
Dec 11 11:53:42 www last message repeated 9964 times
Dec 11 11:55:43 www last message repeated 38242 times
Dec 11 12:01:58 www last message repeated 117934 times
Dec 11 12:01:58 www kernel: stray irq7
Dec 11 12:01:58 www kernel: arp: 00:11:2f:fb:0a:b4 attempts to modify permanent entry for 222.88.x.x on em0
Dec 11 12:02:29 www last message repeated 9938 times
Dec 11 12:04:30 www last message repeated 38450 times
Dec 11 12:04:57 www last message repeated 8665 times
Dec 11 12:04:57 www kernel: too many stray irq 7's: not logging anymore
Dec 11 12:04:57 www kernel: arp: 00:11:2f:fb:0a:b4 attempts to modify permanent entry for 222.88.*.* on em0
Dec 11 12:05:28 www last message repeated 9907 times
Dec 11 12:07:29 www last message repeated 38665 times
Dec 11 12:17:30 www last message repeated 189895 times
Dec 11 12:27:31 www last message repeated 193629 times
Dec 11 12:37:32 www last message repeated 201017 times
Dec 11 12:47:33 www last message repeated 198596 times
Dec 11 12:53:10 www last message repeated 111126 times
Dec 11 14:53:13 www kernel: arp: 00:11:2f:fb:0a:b4 attempts to modify permanent entry for 222.88.x.x on em0
Dec 11 15:00:00 www last message repeated 180271 times
Dec 11 15:00:00 www kernel: arp: 00:11:2f:fb:0a:b4 attempts to modify permanent entry for 222.88.x.x on em0

netstat -m 提示如下：
1858/2147/4005 mbufs in use (current/cache/total)
515/131/646/32768 mbuf clusters in use (current/cache/total/max)
515/125 mbuf+clusters out of packet secondary zone in use (current/cache)
0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/0 9k jumbo clusters in use (current/cache/total/max)
0/0/0/0 16k jumbo clusters in use (current/cache/total/max)
1494K/798K/2293K bytes allocated to network (current/cache/total)
0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
1252/2496/2496 sfbufs in use (current/peak/max)
11 requests for sfbufs denied
1057094 requests for sfbufs delayed
122636 requests for I/O initiated by sendfile
760 calls to protocol drain routines

ipfw.rules的内容如下：

ipfw -q -f flush
cmd="ipfw -q add"
#DNS
dns="222.88.x.x"

pif="em0"
#loopback[127.0.0.1]
$cmd 00100 allow all from any to any via lo0
#
$cmd 00200 check-state
### 80 http
$cmd 00300 allow tcp from any to any 80 out via $pif setup keep-state
$cmd 00350 allow tcp from any to me 80 in via $pif setup limit src-addr 10

### 53 DNS
$cmd 00400 allow udp from any to $dns 53 out via $pif keep-state
$cmd 00500 allow tcp from any to $dns 53 out via $pif setup keep-state

### 443 https
#$cmd 00700 allow tcp from any to any 443 out via $pif setup keep-state
#$cmd 00800 allow tcp from any to me 443 in via $pif setup limit src-addr 10
#
### 25 smtp mail
$cmd 00900 allow tcp from any to any 25 out via $pif setup keep-state
#$cmd 01000 allow tcp from any to me 25 in via $pif setup limit src-addr 5
#
### 110 pop mail
#$cmd 01100 allow tcp from any to any 110 out via $pif setup keep-state
#$cmd 01101 allow tcp from any to me 110 in via $pif setup limit src-addr 5
#
### PING
$cmd 01200 allow icmp from any to any out via $pif keep-state
#$cmd 01300 allow icmp from any to any in via $pif keep-state
#
### FTP
$cmd 01400 allow tcp from any to any 21 out via $pif setup keep-state
$cmd 01500 allow tcp from any to any 21 in via $pif setup limit src-addr 3
#
### SSH
$cmd 01600 allow tcp from any to any 33890 out via $pif setup keep-state
$cmd 01700 allow tcp from any to any 33890 in via $pif setup limit src-addr 2
#
#Allow out FBSD (make install & CVSUP) functions
$cmd 01800 allow tcp from me to any out via $pif setup keep-state uid root
#
$cmd 60000 deny log all from any to any

另这段时间内网的arp攻击比较厉害。（一台电脑中了arp病毒）不知道和这个关系大不大

...全文