| 编号 | 丢包信息 | 丢包模块 | 丢包原因 |
| 1 | trace filter, drop this session | 应用审计 | SMTP发送邮件过滤或者网页内容关键字过滤导致丢包,请检查上网策略中是否配置了邮件过滤或者网页内容关键字过滤规则。 |
| 2 | scap, this session must be droped | 应用审计 | SMTP发送邮件过滤或者网页内容关键字过滤导致丢包,请检查上网策略中是否配置了邮件过滤或者网页内容关键字过滤规则。 |
| 3 | drop all packet send to local:8000-8007 in pre-routing | 上网加速 | 该数据包发往本设备的保留端口8000-8007,将被丢弃。(此连接使用的端口被系统占用) |
| 4 | session have been sign MUST_DROP, need drop | 用户认证 | 数据包被丢弃,请检查组织结构中该IP对应的用户是否被禁用或过期了,或者被加入了冻结列表,或者在认证策略中对IP地址配置了密码认证或不允许新用户认证或IP(MAC)被其他用户双向绑定了。 |
| 5 | session user had been freezed, need drop | 用户认证 | 该用户已被冻结,不允许访问网络 |
| 6 | estabish packet, user had been freezed | 用户认证 | 该用户已被冻结,不允许访问网络 |
| 7 | new packet, check bind mac error:0x%08x%04x" | 用户认证 | 检查数据包的MAC地址(xx-xx-xx-xx-xx-xx)时发现错误,请检查是否已经有其他用户双向绑定了该MAC地址 |
| 8 | session has been signed as MUST_DROP in StampContrackFlags, drop | 用户认证 | 数据包被丢弃,请检查组织结构中该IP对应的用户是否被禁用或过期了,或者被加入了冻结列表,或者在认证策略中对IP地址配置了密码认证或不允许新用户认证或IP(MAC)被其他用户双向绑定了。 |
| 9 | new packet, user had been freezed | 用户认证 | 该用户已被冻结,不允许访问网络 |
| 10 | estabish packet, user had been freezed | 用户认证 | 该用户已被冻结,不允许访问网络 |
| 11 | need web authen, not allow dns, drop | 用户认证 | 该用户尚未认证,不允许访问DNS服务,请检查认证选项中的其他认证选项是否开启了“用户未通过认证前,允许访问DNS服务” |
| 12 | new udp packet, need web authen, drop | 用户认证 | 该用户尚未认证,不允许访问基于UDP协议的服务 |
| 13 | new packet,tcp but not 80 port packet, need web authen, drop | 用户认证 | 该用户尚未认证,不允许访问基于tcp协议的服务,请检查认证选项中的其他认证选项是否开启了“未通过认证用户可以访问基本服务(根组权限,HTTP除外)” |
| 14 | new unknow prot packet, need web authen, drop | 用户认证 | 该用户尚未认证,不允许访问除基于TCP、UDP和ICMP协议以外的协议的服务 |
| 15 | estabish packet, check bind mac error | 用户认证 | 检查数据包的MAC地址(xx-xx-xx-xx-xx-xx)时发现错误,请检查是否已经有其他用户双向绑定了该MAC地址 |
| 16 | session has been signed as MUST_DROP in StampContrackFlags, drop | 用户认证 | 数据包被丢弃,请检查组织结构中该IP对应的用户是否被禁用或过期了,或者被加入了冻结列表,或者在认证策略中对IP地址配置了密码认证或不允许新用户认证或IP(MAC)被其他用户双向绑定了。 |
| 17 | estabish packet, user had been freezed | 用户认证 | 该用户已被冻结,不允许访问网络 |
| 18 | estabish packet, user had been freezed | 用户认证 | 该用户已被冻结,不允许访问网络 |
| 19 | estabish packet, not tcp, need web authen | 用户认证 | 该用户尚未认证,不允许访问基于tcp协议的服务,请检查认证选项中的其他认证选项是否开启了“未通过认证用户可以访问基本服务(根组权限,HTTP除外)” |
| 20 | estabish packet, not http, need web authen | 用户认证 | 该用户尚未认证,不允许访问基于http协议的服务 |
| 21 | estabish packet, http, nDataLen=0 | 用户认证 | 该用户尚未认证,不允许访问基于http协议的服务 |
| 22 | insert new user, have no user node | 用户认证 | 该用户尚未认证,但系统内存不足,认证失败 |
| 23 | time is too short to redirect | 用户认证 | 该用户尚未认证,但刷新页面频率太快,不返回认证页面,直接丢包 |
| 24 | redirect to login page | 用户认证 | 该用户属于密码认证用户并且尚未认证,返回认证页面 |
| 25 | 0, NULL, NULL, skb, "FluxCtrl" | 流控 | 不能正确匹配到流量通道的数据包过多,丢弃一部分 |
| 26 | 0, NULL, NULL, skb, "FluxCtrl" | 流控 | 流控中缓存的数据包过多,并且不能通过丢弃之前缓存的数据包来提供足够的空间保存新的数据包,所以丢新来数据包 |
| 27 | NULL, NULL, skb, "FluxCtrl" | 流控 | 网卡发包失败,重新进入流控的数据包过多,丢弃一部分 |
| 28 | 0, NULL, NULL, skb, "FluxCtrl" | 流控 | 流控通道缓存数据包过多,或者是流控预测缓存数据包过多,需要丢弃一部分 |
| 29 | 0, NULL, NULL, skb, "FluxCtrl" | 流控 | 内存不足或者是长度大于1600的数据包太多 |
| 30 | 0, NULL, NULL, skb_drop, "FluxCtrl | 流控 | 开启了单用户上限并且某个用户缓存的数据包过多,需要丢弃一部分之前缓存的数据包来提供足够空间存新包 |
| 31 | 0, NULL, NULL, skb, "FluxCtrl" | 流控 | 开启了单用户上限并且某个用户缓存的数据包过多,需要丢弃一部分之前缓存的数据包来提供足够空间存新包,所以丢新来数据包 |
| 32 | 0, NULL, NULL, skb, "FluxCtrl", "sch_ucfq, qlen: %u B, backlog skb may be too much", | 流控 | 流控根据预测结果判断是否用户是否缓存数据包过多, 而需要丢弃当前数据包 |
| 33 | NF_IP_FORWARD, 0, 0, skb, "netsafe", "plugin valid" | 插件过滤 | 被禁止的插件 |
| 34 | NF_IP_FORWARD, 0, 0, skb, "netsafe", "plugin valid" | 插件过滤 | 在黑名单关键字列表中 |
| 35 | hook, indev, outdev, skb, "netsafe", "netsafe_hook_func | 插件过滤与脚本过滤 | 路由模式,此连接打上被拦截标志,后续流程进来时直接DROP |
| 36 | hook, indev, outdev, skb, "netsafe", "netsafe_hook_func_retcheck | 插件过滤与脚本过滤 | 路由模式,此连接打上被拦截标志,第一次判断出来了 |
| 37 | NF_IP_FORWARD, 0, 0, skb, "netsafe", "bypass_hook | 插件过滤与脚本过滤 | 网桥模式,此连接打上被拦截标志,后续流程进来时直接DROP |
| 38 | NF_IP_FORWARD, 0, 0, skb, "netsafe", "bypass_hook-retcheck" | 插件过滤与脚本过滤 | 网桥模式,此连接打上被拦截标志,第一次判断出来了 |
| 39 | NF_IP_FORWARD, 0, 0, skb, "netsafe", "plugin last packet | 插件过滤 | 插件重发的最后一人上数据包,在重组后发现应该DROP |
| 40 | NF_IP_FORWARD, 0, 0, skb, "netsafe", "plugin last packet" | 插件过滤 | 插件重发的最后一人上数据包,在重组后发现应该DROP |
| 41 | NF_IP_FORWARD, 0, 0, skb, "netsafe", "script risk packet" | 脚本过滤 | 脚本重发的最后一人上数据包,在重组后发现应该DROP |
| 42 | "port_scan_detect(mail spam)", "droped by port scan detector for mail spam" | 危险行为 | 异常邮件阻断 |
| 43 | "port_scan_detect", "droped by port scan detector" | 危险行为 | 检测到端口扫描 |
| 44 | "port_scan_detect", "droped by port scan detector" | 危险行为 | 检测到端口扫描 |
| 45 | "risk detect", "http post" | 危险行为 | HTTP post协议异常 |
| 46 | "risk detect", "http response" | 危险行为 | HTTP Response协议异常 |
| 47 | "risk detect", "http get" | 危险行为 | HTTP GET协议异常 |
| 48 | hooknum, in, out, skb, | 危险行为 | HTTP user-agent异常 |
| 49 | "risk detect", "http advanced post" | 危险行为 | 高级POST异常 |
| 50 | "risk detect", "http advanced post" | 危险行为 | 高级POST异常 |
| 51 | "risk detect", "smtp xmailer and msgid" | 危险行为 | SMTP XMAILER或MSGID异常 |
| 52 | "RISK DETECT", "NOT HTTP" | 危险行为 | 非标准HTTP协议异常 |
| 53 | "RISK DETECT", "NOT SMTP" | 危险行为 | 非标准SMTP协议异常 |
| 54 | "RISK DETECT", "NOT FTP" | 危险行为 | 非标准FTP协议异常 |
| 55 | "RISK DETECT", "NOT POP3" | 危险行为 | 非标准POP3协议异常 |
| 56 | "RISK DETECT", "NOT SSL" | 危险行为 | 非标准SSL协议异常 |
| 57 | "risk detect", "risk_detect_hook" | 危险行为 | 路由模式,连接被打上拦截标志,后续包进入情况 |
| 58 | "risk detect", "bypass_hook" | 危险行为 | 网桥模式,连接被打上拦截标志,后续包进入情况 |
| 59 | "ingress","have been redirected,drop ack" | 准入策略通用配置 | 违反准入策略或者未安装准入客户端 |
| 60 | "ingress",szGwCmd | 准入策略通用配置 | 客户端正在找准入网关 |
| 61 | "ingress","not nld udp data format!" | 准入策略-》组织外上网线路检测 | 客户端组织外上网线路检测数据包格式错误 |
| 62 | "ingress","invalid nld udp data!" | 准入策略-》组织外上网线路检测 | 客户端组织外上网线路检测数据包格式错误 |
| 63 | "ingress","nld data" | 准入策略-》组织外上网线路检测 | 客户端组织外上网线路检测成功 |
| 64 | "ingress",pRedirWeb | 准入策略通用配置 | 客户端正在找准入网关 |
| 65 | "ingress","get restore.htm,redirect" | 准入策略通用配置 | 客户端重定向到上次访问的url |
| 66 | "ingress","get restore.htm,redirect" | 准入策略通用配置 | 客户端通过准入检测,重定向到上次访问的url |
| 67 | "ingress","need ingress" | 准入策略通用配置 | 客户端未通过准入认证,连接断开 |
| 68 | "ingress","need ingress" | 准入策略通用配置 | 客户端未通过准入认证,连接断开 |
| 69 | "ingress","not http get,need ingress" | 准入策略通用配置 | 客户端未通过准入认证,断开连接(非http get连接) |
| 70 | "ingress","have no user node" | 准入策略通用配置 | 准入用户超限,不能将该客户端加入到准入用户列表 |
| 71 | "ingress", "%s", pRedirWeb | 准入策略通用配置 | 客户端未通过准入认证,web访问被重定向 |
| 72 | "Behavior"," acket droped! Priority---%d\n",pSinforAC->riority | 无 | 行为识别测试时使用。当行为识别打开自己的丢包开关后将丢弃P2P行为特定优先级以下的数据。 |
| 73 | "br_policy_drv", "current br_policy drops it!" | 无 | 网桥策略丢包,该模块可以通过字符设备来控制网桥某个网口方向的丢包,比如ech0->eth1方向的数据包全部丢弃。 |
| 74 | ,"firewall","this packet has been dropped by firewall rule! | 防火墙过
滤规则 | 防火墙规则丢包 |
| 75 | "firewall","this packet has been dropped by Internet access rule,policy name:%s! | 上网权限端口控制 | 端口控制丢包 |
| 76 | "firewall","this packet has been dropped by Internet access rule! | 上网权限
端口控制 | 端口控制丢包 |
| 77 | "firewall","(line:%d)this connect has been dropped by session flag:%d! | 防火墙过滤规则或者上网权限端口控制 | 防火墙规则或者端口控制丢包。这个丢包标记是由前面防火墙规则匹配或者端口控制规则匹配打上的。 |
| 78 | "firewall","this packet has been dropped by AppControl rule:%s! | | 非TCP的数据匹配了应用服务控制中的某个规则导致丢包,这里实际没有丢包,只是输出到droplist,所以有歧义。 |
| 79 | "firewall","this packet has been dropped by default AppControl rule!\n | | 非TCP的数据匹配了应用服务控制的缺省规则导致丢包,这里实际没有丢包,只是输出到droplist,所以有歧义。 |
| 80 | "firewall","this packet has been dropped by AppControl rule:%s!\n" | 应用控制
丢包 | 除了非TCP第一包之外所有数据匹配了应用服务控制的某条规则而导致丢包。 |
| 81 | "firewall","this packet has been dropped by default AppControl rule! | 应用控制
丢包 | 除了非TCP第一包之外所有数据匹配了应用服务控制的缺省规则二导致丢包。 |
| 82 | "Behavior Control","this packet has been dropped by Behavior rule:%s,priority:%d! | 应用控制
丢包 | 匹配了应用服务控制中的P2P规则而丢包 |
| 83 | "firewall","(line:%d)this connect has been dropped by session flag:%d! | 应用控制
丢包 | 由于连接前面的包被打了应用控制丢包标记而丢包 |
| 84 | "firewall","Drop this packet because the protocol is not HTTP or SSL,Status:%d! | 代理控制
丢包 | 检查是否在http协议的标准端口80传输其他协议数据或者使用SSL协议标准端口443传输其他协议数据。 |
| 85 | "firewall","this packet has been dropped by http proxy rule! | 代理控制
丢包 | 拒绝http代理而丢包 |
| 86 | "firewall","this packet has been dropped by sock5/sock4 proxy rule! | 代理控制
丢包 | 禁止使用sock4/sock5代理而丢包 |
| 87 | "firewall","(line:%d)this connect has been dropped by session flag | 代理控制丢包 | 由于使用了在标准端口传输非标准协议内容或者使用了http代理或者使用了sock4/sock5代理而丢包 |
| 88 | "firewall","this packet has been dropped by the url get filter,policy name | http url
过滤,浏览网页过滤 | http url过滤,匹配了某个“浏览网页过滤”中的规则而丢包 |
| 89 | "firewall","this packet has been dropped by the url get filter! | http url
过滤,浏览网页过滤 | http url过滤,匹配了某个“浏览网页过滤”中的规则而丢包 |
| 90 | "firewall","this packet has been dropped by default url http get group action,policy name:%s! | http url
过滤,浏览网页过滤 | http url过滤,匹配了“浏览网页过滤”中的缺省规则而丢包 |
| 91 | "firewall","this packet has been dropped by default url http get group action! | http url
过滤,浏览网页过滤 | http url过滤,匹配了“浏览网页过滤”中的缺省规则而丢包 |
| 92 | "firewall","this packet has been dropped by the url get filter! | http url过滤,POST过滤 | http url过滤,匹配了POST过滤中的规则而丢包 |
| 93 | "firewall","this packet has been dropped by default url group action! | http url过滤,POST过滤 | http url过滤,匹配了“POST过滤”中的缺省规则而丢包 |
| 94 | "firewall","this connect has been dropped, because URL contains IP address! | 高级配置->日志记录选项->禁止直接以IP地址形式访问网站,除非URL库中已包含该IP地址 | 由于URL中包含了IP地址而丢包 |
| 95 | "firewall","this packet has been dropped by file type Filter rule! | 文件类型过滤,上传或下载 | 由于匹配了文件类型过滤中的上传或下载规则而丢包 |
| 96 | "firewall","This packet has been dropped because of matching url get sense keyword! | 关键字过滤,搜索引擎搜索词 | 由于http get数据包的URL中匹配了关键字而丢包 |
| 97 | "firewall","this packet has been dropped by Post content filter! | 关键字过滤,http上传 | 由于http post包中匹配了关键字而丢包 |
| 98 | "firewall","(line:%d)this connect has been dropped by session flag:%d! | | 打了丢包标记 |
| 99 | "firewall","(line:%d)this packet has been dropped by firewall rule! | 防火墙过
滤规则 | 由于打了防火墙规则丢包 |
| 100 | "Behavior Control","(line:%d)this packet has been dropped by Behavior rule:%s,priority:%d! | 应用控制
丢包 | 由于打了应用服务控制中的P2P丢包标记而丢包 |
| 101 | "firewall","(line:%d)this packet has been dropped by AppControl rule:%s! | 应用控制丢包 | 由于打了应用服务控制中的非P2P丢包标记而丢包 |
| 102 | "firewall","(line:%d)this packet has been dropped by default AppControl rule | 应用控制丢包 | 由于打了应用服务控制空的缺省丢包标记而丢包 |
| 103 | "firewall","(line:%d)this packet has been dropped by Internet access rule! | 端口控制丢包 | 由于打了端口控制丢包标记而丢包 |
| 104 | "firewall","(line:%d)this packet has been dropped by http proxy rule! | 代理控制丢包 | 由于打了http代理丢包标记而丢包 |
| 105 | "firewall","(line:%d)this packet has been dropped by sock5/sock4 proxy rule! | 代理控制丢包 | 由于打了sock4/sock5丢包标记而丢包 |
| 106 | "firewall","(line:%d)Drop this packet because the protocol is not HTTP or SSL,Status:%d | 代理控制丢包 | 由于打了在http或者ssl标准端口传输非标准的数据而丢包 |
| 107 | "firewall","(line:%d)this packet had been dropped by flux_log! | 流量配额与时长控制策略->流量配
额,上网时长控制,并发连接数控制 | 由于打了流审丢包标记而丢包(流量配额,连接数控制,上网时长控制) |
| 108 | "firewall","(line:%d)this packet had been dropped, flag %d | | 所有其他因为打了丢包标记而导致的丢包 |
| 110 | "DOS", "IP NOT in LAN network! | 防DOS攻击 | 数据包源IP地址不在内网网段列表内,识别为攻击行为 |
| 111 | "DOS", "IP in SYN(IP) deny list1! | 防DOS攻击 | 源IP地址发包过于频繁[正在计数初始攻击次数] |
| 112 | "DOS", "IP in SYN(IP) deny list! | 防DOS攻击 | 源IP地址发包过于频繁[IP已在黑名单中] |
| 113 | "DOS", "IP log to SYN(IP) deny list! | 防DOS攻击 | 源IP地址发包过于频繁[IP已在黑名单中,记录次数] |
| 114 | "DOS", "Random SYN(IP) attack!" | 防DOS攻击 | 源IP地址变化的的可疑攻击行为[系统PPS过大] |
| 115 | "DOS", "IP add to SYN(IP) deny list! | 防DOS攻击 | 源IP地址发包过于频繁[IP加入黑名单中] |
| 116 | "DOS", "Random SYN(IP) attack! | 防DOS攻击 | 源IP地址变化的的可疑攻击行为[系统PPS过大] |
| 117 | "DOS", "IP in SYN(MAC) deny list1! | 防DOS攻击 | 源MAC地址发包过于频繁[正在计数初始攻击次数] |
| 118 | "DOS", "IP in SYN(MAC) deny list! | 防DOS攻击 | 源MAC地址发包过于频繁[MAC已在黑名单中] |
| 119 | "DOS", "IP log to SYN(MAC) deny list!" | 防DOS攻击 | 源MAC地址发包过于频繁[MAC已在黑名单中,记录次数] |
| 120 | "DOS", "Random SYN(MAC) attack!" | 防DOS攻击 | 源MAC地址变化的的可疑攻击行为[系统PPS过大] |
| 121 | "DOS", "IP add to SYN(MAC) deny list!" | 防DOS攻击 | 源MAC地址发包过于频繁[MAC加入黑名单中] |
| 122 | "DOS", "Random SYN(MAC) attack!" | 防DOS攻击 | 源MAC地址变化的的可疑攻击行为[系统PPS过大] |
| 123 | "DOS", "IP in DOS deny list!" | 防DOS攻击 | 源IP地址建立连接过于频繁[IP已在黑名单中] |
| 125 | "DOS", "IP add to DOS deny list!" | 防DOS攻击 | 源IP地址建立连接过于频繁[IP加入黑名单中] |
| 127 | "kvfilter", "get_sessinfo says drop." | 网关杀毒 | FTP-RETR命令后必须传输数据[丢弃重复的FTP控制命令] |
| 128 | "kvfilter", "pretransmit packet is droped!" | 网关杀毒 | 抓包缓冲区满并且后台杀毒级别设置为异常从严 |
| 129 | "kvfilter", "URL cache say: virus FOUND!" | 网关杀毒 | 抓包缓冲区满并且当前数据包携带的开始杀毒指令同时丢失 |
| 130 | "kvfilter", "Dump URL: buffer is full and policydrop!" | 网关杀毒 | 杀毒中,正在缓存数据包并暂停转发 |
| 137 | "fluxlog", "droped by flux manager" | 流量配额与时长控制 | 流量配额已用完 |
| 138 | "fluxlog", "droped by flux manager" | 流量配额与时长控制 | 流量配额已用完 |
| 139 | "fluxlog", "droped by sess control" | 流量配额与时长控制 | 连接数超限 |
| 140 | "fluxlog", "droped by time control" | 流量配额与时长控制 | 上网时长超时 |
| 141 | "IPS", "Drop the IP address!" | 无 | IPS检测丢包(源IP,目标IP,协议) |
| 142 | "IPS", "Drop the IP ORT!" | 无 | IPS检测丢包(源IP,目标IP,协议,目标端口) |
发表于 2023-8-4 09:52
发表于 2015-9-6 16:47
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
技术研究员2级 
