People who watch their logs closely (or who drive to the datacenter and end up looking at the console on a front-end webserver) may occasionally see messages like “TCP treason uncloaked” on Linux boxes.<\/p>\n
The conspiracy theorists say that it’s hacking attempts and that it crashes Apache. Most of these conversations are at least 5 years old.<\/p>\n
The networking experts point out that this is nonsense, and it’s actually just a notification that the remote host shrunk its receive window size more than expected. It’s kind of a nonsensical condition, but it’s not exactly, well, treason.<\/p>\n
But here’s a new one: it’s also sometimes caused by a kernel bug<\/a>. It’s been fixed since 2.6.14 (based on the last comment here<\/a>), but many, many people run old versions in production. Though actually, the systems I’m seeing this error on are newer than that, meaning it’s not affected by the kernel bug.<\/p>\n So for people seeing the error, it’s usually pretty much worthless data. (Similarly, lp0 is not actually on fire<\/a>.)<\/p>","protected":false},"excerpt":{"rendered":" People who watch their logs closely (or who drive to the datacenter and end up looking at the console on a front-end webserver) may occasionally see messages like “TCP treason uncloaked” on Linux boxes. The conspiracy theorists say that it’s … Continue reading