{"id":69,"date":"2014-11-11T02:21:39","date_gmt":"2014-11-10T18:21:39","guid":{"rendered":"http:\/\/www.zhuyanbin.com\/?p=69"},"modified":"2014-11-11T02:23:35","modified_gmt":"2014-11-10T18:23:35","slug":"%e9%98%b2%e6%ad%a2linux%e5%87%ba%e7%8e%b0%e5%a4%a7%e9%87%8f-fin_wait1%e6%8f%90%e9%ab%98%e6%80%a7%e8%83%bd","status":"publish","type":"post","link":"https:\/\/www.yanbin888.com\/?p=69","title":{"rendered":"\u9632\u6b62linux\u51fa\u73b0\u5927\u91cf FIN_WAIT1,\u63d0\u9ad8\u6027\u80fd"},"content":{"rendered":"
\n
\u5f53\u8fde\u63a5\u6570\u591a\u65f6\uff0c\u7ecf\u5e38\u51fa\u73b0\u5927\u91cfFIN_WAIT1,\u53ef\u4ee5\u4fee\u6539 \/etc\/sysctl.conf<\/div>\n
\u4fee\u6539<\/div>\n

net.ipv4.tcp_fin_timeout = 10
\nnet.ipv4.tcp_keepalive_time = 30
\nnet.ipv4.tcp_window_scaling = 0
\nnet.ipv4.tcp_sack = 0<\/p><\/blockquote>\n

\u7136\u540e:<\/div>\n

\/sbin\/sysctl -p<\/p><\/blockquote>\n

\u4f7f\u4e4b\u751f\u6548<\/div>\n<\/div>\n
#######################################################################################<\/div>\n
apache\u670d\u52a1\u5668\u7684time_wait\u8fc7\u591a fin_wait1\u8fc7\u591a\u7b49\u95ee\u9898<\/div>\n
1\u3002time_wait\u72b6\u6001\u8fc7\u591a\u3002<\/div>\n
\u00a0\u00a0\u00a0 \u901a\u5e38\u8868\u73b0\u4e3aapache\u670d\u52a1\u5668\u8d1f\u8f7d\u9ad8\uff0cw\u547d\u4ee4\u663e\u793aload average\u53ef\u80fd\u4e0a\u767e\uff0c\u4f46\u662fweb\u670d\u52a1\u57fa\u672c\u6ca1\u6709\u95ee\u9898\u3002\u540c\u65f6ssh\u80fd\u591f\u767b\u9646\uff0c\u4f46\u662f\u53cd\u5e94\u975e\u5e38\u8fdf\u949d\u3002<\/div>\n
\u539f\u56e0\uff1a\u6700\u53ef\u80fd\u7684\u539f\u56e0\u662fhttpd.conf\u91cc\u9762keepalive\u6ca1\u6709\u5f00\uff0c\u5bfc\u81f4\u6bcf\u6b21\u8bf7\u6c42\u90fd\u8981\u5efa\u7acb\u65b0\u7684tcp\u8fde\u63a5\uff0c\u8bf7\u6c42\u5b8c\u6210\u4ee5\u540e\u5173\u95ed\uff0c\u589e\u52a0\u4e86\u5f88\u591a time_wait\u7684\u72b6\u6001\u3002\u53e6\uff0ckeepalive\u53ef\u80fd\u4f1a\u589e\u52a0\u4e00\u90e8\u5206\u5185\u5b58\u7684\u5f00\u9500\uff0c\u4f46\u662f\u95ee\u9898\u4e0d\u5927\u3002\u4e5f\u6709\u4e00\u4e9b\u6587\u7ae0\u8ba8\u8bba\u5230\u4e86sysctl\u91cc\u9762\u4e00\u4e9b\u53c2\u6570\u7684\u8bbe\u7f6e\u53ef\u4ee5\u6539\u5584\u8fd9\u4e2a\u95ee\u9898\uff0c\u4f46\u662f\u8fd9\u5c31\u820d\u672c\u9010\u672b\u4e86\u3002<\/div>\n
2\u3002fin_wait1\u72b6\u6001\u8fc7\u591a\u3002fin_wait1\u72b6\u6001\u662f\u5728server\u7aef\u4e3b\u52a8\u8981\u6c42\u5173\u95edtcp\u8fde\u63a5\uff0c\u5e76\u4e14\u4e3b\u52a8\u53d1\u9001fin\u4ee5\u540e\uff0c\u7b49\u5f85client\u7aef\u56de\u590dack\u65f6\u5019\u7684\u72b6\u6001\u3002fin_wait1\u7684\u4ea7\u751f\u539f\u56e0\u6709\u5f88\u591a\uff0c\u9700\u8981\u7ed3\u5408netstat\u7684\u72b6\u6001\u6765\u5206\u6790\u3002<\/div>\n
netstat -nat|awk ‘{print awk $NF}’|sort|uniq -c|sort -n<\/div>\n
\u4e0a\u9762\u7684\u547d\u4ee4\u53ef\u4ee5\u5e2e\u52a9\u5206\u6790\u54ea\u79cdtcp\u72b6\u6001\u6570\u91cf\u5f02\u5e38<\/div>\n
netstat -nat|grep “:80″|awk ‘{print $5}’ |awk -F: ‘{print $1}’ | sort| uniq -c|sort -n
\n\u5219\u53ef\u4ee5\u5e2e\u52a9\u4f60\u5c06\u8bf7\u6c4280\u670d\u52a1\u7684client ip\u6309\u7167\u8fde\u63a5\u6570\u6392\u5e8f\u3002<\/div>\n
\u56de\u5230fin_wait1\u8fd9\u4e2a\u8bdd\u9898\uff0c\u5982\u679c\u53d1\u73b0fin_wait1\u72b6\u6001\u5f88\u591a\uff0c\u5e76\u4e14client ip\u5206\u5e03\u6b63\u5e38\uff0c\u90a3\u53ef\u80fd\u662f\u6709\u4eba\u7528\u8089\u9e21\u8fdb\u884cddos\u653b\u51fb\u3001\u53c8\u6216\u8005\u6700\u8fd1\u7684\u7a0b\u5e8f\u6539\u52a8\u5f15\u8d77\u4e86\u95ee\u9898\u3002\u4e00\u822c\u8bf4\u6765\u540e\u8005\u53ef\u80fd\u6027\u66f4\u5927\uff0c\u5e94\u8be5\u4e3b\u52a8\u8054\u7cfb\u7a0b\u5e8f\u5458\u89e3\u51b3\u3002<\/div>\n
\u4f46\u662f\u5982\u679c\u6709\u67d0\u4e2aip\u8fde\u63a5\u6570\u975e\u5e38\u591a\uff0c\u5c31\u503c\u5f97\u6ce8\u610f\u4e86\uff0c\u53ef\u4ee5\u8003\u8651\u7528iptables\u76f4\u63a5\u5c01\u4e86\u4ed6\u3002<\/div>\n
<\/div>\n
\n
\u89e3\u51b3linux\u4e0b\u5927\u91cf\u7684time_wait\u95ee\u9898
\n<\/span><\/div>\n
vi \/etc\/sysctl.conf
\n\u7f16\u8f91\/etc\/sysctl.conf\u6587\u4ef6\uff0c\u589e\u52a0\u4e09\u884c\uff1a<\/span><\/div>\n
\u5f15\u7528<\/span><\/div>\n
net.ipv4.tcp_fin_timeout = 30
\nnet.ipv4.tcp_keepalive_time = 1200
\nnet.ipv4.tcp_syncookies = 1
\nnet.ipv4.tcp_tw_reuse = 1
\nnet.ipv4.tcp_tw_recycle = 1
\nnet.ipv4.ip_local_port_range = 1024\u00a0\u00a0\u00a0 65000
\nnet.ipv4.tcp_max_syn_backlog = 8192
\nnet.ipv4.tcp_max_tw_buckets = 5000
\nnet.ipv4.route.gc_timeout = 100
\nnet.ipv4.tcp_syn_retries = 1
\nnet.ipv4.tcp_synack_retries = 1<\/span><\/div>\n
\u8bf4\u660e\uff1a
\nnet.ipv4.tcp_syncookies = 1 \u8868\u793a\u5f00\u542fSYN Cookies\u3002\u5f53\u51fa\u73b0SYN\u7b49\u5f85\u961f\u5217\u6ea2\u51fa\u65f6\uff0c\u542f\u7528cookies\u6765\u5904\u7406\uff0c\u53ef\u9632\u8303\u5c11\u91cfSYN\u653b\u51fb\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\uff1b
\nnet.ipv4.tcp_tw_reuse = 1 \u8868\u793a\u5f00\u542f\u91cd\u7528\u3002\u5141\u8bb8\u5c06TIME-WAIT sockets\u91cd\u65b0\u7528\u4e8e\u65b0\u7684TCP\u8fde\u63a5\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\uff1b
\nnet.ipv4.tcp_tw_recycle = 1 \u8868\u793a\u5f00\u542fTCP\u8fde\u63a5\u4e2dTIME-WAIT sockets\u7684\u5feb\u901f\u56de\u6536\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002
\n\u518d\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u8ba9\u4fee\u6539\u7ed3\u679c\u7acb\u5373\u751f\u6548\uff1a<\/span><\/div>\n
<\/div>\n
\u5f15\u7528
\n\/sbin\/sysctl -p<\/span><\/div>\n
\n\u7528\u4ee5\u4e0b\u8bed\u53e5\u770b\u4e86\u4e00\u4e0b\u670d\u52a1\u5668\u7684TCP\u72b6\u6001\uff1a<\/div>\n
\n\u5f15\u7528
\nnetstat -n | awk ‘\/^tcp\/ {++S[$NF]} END {for(a in S) print a, S[a]}’
\n\u8fd4\u56de\u7ed3\u679c\u5982\u4e0b\uff1a
\nESTABLISHED 1423
\nFIN_WAIT1 1
\nFIN_WAIT2 262
\nSYN_SENT 1
\nTIME_WAIT 962
\n\u6548\u679c\uff1a\u5904\u4e8eTIME_WAIT\u72b6\u6001\u7684sockets\u4ece\u539f\u6765\u768410000\u591a\u51cf\u5c11\u52301000\u5de6\u53f3\u3002\u5904\u4e8eSYN_RECV\u7b49\u5f85\u5904\u7406\u72b6\u6001\u7684sockets\u4e3a0\uff0c\u539f\u6765\u7684\u4e3a50\uff5e300\u3002<\/div>\n
\n\u901a\u8fc7\u4e0a\u9762\u7684\u8bbe\u7f6e\u4ee5\u540e\uff0c\u4f60\u53ef\u80fd\u4f1a\u53d1\u73b0\u4e00\u4e2a\u65b0\u7684\u95ee\u9898\uff0c\u5c31\u662fnetstat\u65f6\u53ef\u80fd\u4f1a\u51fa\u73b0\u8fd9\u6837\u7684\u8b66\u544a\uff1a<\/div>\n
\n\u5f15\u7528
\nwarning, got duplicate tcp line
\n\u8fd9\u6b63\u662f\u4e0a\u9762\u5141\u8bb8tcp\u590d\u7528\u4ea7\u751f\u7684\u8b66\u544a\uff0c\u4e0d\u8fc7\u8fd9\u4e0d\u7b97\u662f\u4ec0\u4e48\u95ee\u9898\uff0c\u603b\u6bd4\u4e0d\u5141\u8bb8\u590d\u7528\u800c\u7ed9\u670d\u52a1\u5668\u5e26\u6765\u5f88\u5927\u7684\u8d1f\u8f7d\u5408\u7b97\u7684\u591a<\/div>\n
\u5c3d\u7ba1\u5982\u6b64\uff0c\u8fd8\u662f\u6709\u89e3\u51b3\u529e\u6cd5\u7684\uff1a
\n1\u3001 \u5b89\u88c5rpm\u5305\uff1a
\n[root@root2 opt]# rpm -Uvh net-tools-1.60-62.1.x86_64.rpm
\nPreparing…\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ########################################### [100%]
\n1:net-tools\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ########################################### [100%]
\n[root@root2 opt]#<\/div>\n
\u5bf9\u4e8e\u4e0b\u8f7d\u7684\u662f\u6e90\u7801\u7684rpm\u5219\u9700\u8981\u4f7f\u7528\u4ee5\u4e0b\u65b9\u6cd5\u5b89\u88c5\uff1a<\/div>\n
<\/div>\n
2\u3001 \u5b89\u88c5rpm\u6e90\u7801\u5305\u65b9\u6cd5\uff1a
\na)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u5b89\u88c5src.rpm:
\n# [root@root1 opt]# rpm -i net-tools-1.60-62.1.src.rpm
\n\u2026\u2026
\nb)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u5236\u4f5crpm\u5b89\u88c5\u5305\uff1a
\n[root@root1 opt]# cd \/usr\/src\/redhat\/SPECS\/
\n[root@root1 SPECS]# rpmbuild -bb net-tools.spec
\nc)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 rpm\u5305\u7684\u5347\u7ea7\u5b89\u88c5\uff1a
\n[root@root1 SPECS]# pwd
\n\/usr\/src\/redhat\/SPECS
\n[root@root1 SPECS]# cd ..\/RPMS\/x86_64\/
\n[root@root1 x86_64]# rpm -Uvh net-tools-1.60-62.1.x86_64.rpm<\/div>\n
3\u3001 \u518d\u4f7f\u7528netstat\u6765\u68c0\u67e5\u65f6\u7cfb\u7edf\u6b63\u5e38\uff1a
\n\u8bf4\u660e\uff1a
\nnet.ipv4.tcp_syncookies = 1 \u8868\u793a\u5f00\u542fSYN Cookies\u3002\u5f53\u51fa\u73b0SYN\u7b49\u5f85\u961f\u5217\u6ea2\u51fa\u65f6\uff0c\u542f\u7528cookies\u6765\u5904\u7406\uff0c\u53ef\u9632\u8303\u5c11\u91cfSYN\u653b\u51fb\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\uff1b
\nnet.ipv4.tcp_tw_reuse = 1 \u8868\u793a\u5f00\u542f\u91cd\u7528\u3002\u5141\u8bb8\u5c06TIME-WAIT sockets\u91cd\u65b0\u7528\u4e8e\u65b0\u7684TCP\u8fde\u63a5\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\uff1b
\nnet.ipv4.tcp_tw_recycle = 1 \u8868\u793a\u5f00\u542fTCP\u8fde\u63a5\u4e2dTIME-WAIT sockets\u7684\u5feb\u901f\u56de\u6536\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002
\nnet.ipv4.tcp_fin_timeout = 30 \u8868\u793a\u5982\u679c\u5957\u63a5\u5b57\u7531\u672c\u7aef\u8981\u6c42\u5173\u95ed\uff0c\u8fd9\u4e2a\u53c2\u6570\u51b3\u5b9a\u4e86\u5b83\u4fdd\u6301\u5728FIN-WAIT-2\u72b6\u6001\u7684\u65f6\u95f4\u3002
\nnet.ipv4.tcp_keepalive_time = 1200 \u8868\u793a\u5f53keepalive\u8d77\u7528\u7684\u65f6\u5019\uff0cTCP\u53d1\u9001keepalive\u6d88\u606f\u7684\u9891\u5ea6\u3002\u7f3a\u7701\u662f2\u5c0f\u65f6\uff0c\u6539\u4e3a20\u5206\u949f\u3002
\nnet.ipv4.ip_local_port_range = 1024\u00a0\u00a0\u00a0 65000 \u8868\u793a\u7528\u4e8e\u5411\u5916\u8fde\u63a5\u7684\u7aef\u53e3\u8303\u56f4\u3002\u7f3a\u7701\u60c5\u51b5\u4e0b\u5f88\u5c0f\uff1a32768\u523061000\uff0c\u6539\u4e3a1024\u523065000\u3002
\nnet.ipv4.tcp_max_syn_backlog = 8192 \u8868\u793aSYN\u961f\u5217\u7684\u957f\u5ea6\uff0c\u9ed8\u8ba4\u4e3a1024\uff0c\u52a0\u5927\u961f\u5217\u957f\u5ea6\u4e3a8192\uff0c\u53ef\u4ee5\u5bb9\u7eb3\u66f4\u591a\u7b49\u5f85\u8fde\u63a5\u7684\u7f51\u7edc\u8fde\u63a5\u6570\u3002
\nnet.ipv4.tcp_max_tw_buckets = 5000 \u8868\u793a\u7cfb\u7edf\u540c\u65f6\u4fdd\u6301TIME_WAIT\u5957\u63a5\u5b57\u7684\u6700\u5927\u6570\u91cf\uff0c\u5982\u679c\u8d85\u8fc7\u8fd9\u4e2a\u6570\u5b57\uff0cTIME_WAIT\u5957\u63a5\u5b57\u5c06\u7acb\u523b\u88ab\u6e05\u9664\u5e76\u6253\u5370\u8b66\u544a\u4fe1\u606f\u3002\u9ed8\u8ba4\u4e3a180000\uff0c\u6539\u4e3a5000\u3002\u5bf9\u4e8eApache\u3001Nginx\u7b49\u670d\u52a1\u5668\uff0c\u4e0a\u51e0\u884c\u7684\u53c2\u6570\u53ef\u4ee5\u5f88\u597d\u5730\u51cf\u5c11TIME_WAIT\u5957\u63a5\u5b57\u6570\u91cf\uff0c\u4f46\u662f\u5bf9\u4e8eSquid\uff0c\u6548\u679c\u5374\u4e0d\u5927\u3002\u6b64\u9879\u53c2\u6570\u53ef\u4ee5\u63a7\u5236TIME_WAIT\u5957\u63a5\u5b57\u7684\u6700\u5927\u6570\u91cf\uff0c\u907f\u514dSquid\u670d\u52a1\u5668\u88ab\u5927\u91cf\u7684TIME_WAIT\u5957\u63a5\u5b57\u62d6\u6b7b\u3002
\nnet.ipv4.route.gc_timeout = 100\u00a0 \u8def\u7531\u7f13\u5b58\u5237\u65b0\u9891\u7387\uff0c \u5f53\u4e00\u4e2a\u8def\u7531\u5931\u8d25\u540e\u591a\u957f\u65f6\u95f4\u8df3\u5230\u53e6\u4e00\u4e2a
\n\u9ed8\u8ba4\u662f300
\nnet.ipv4.tcp_syn_retries = 1\u00a0 \u5bf9\u4e8e\u4e00\u4e2a\u65b0\u5efa\u8fde\u63a5\uff0c\u5185\u6838\u8981\u53d1\u9001\u591a\u5c11\u4e2a SYN \u8fde\u63a5\u8bf7\u6c42\u624d\u51b3\u5b9a\u653e\u5f03\u3002\u4e0d\u5e94\u8be5\u5927\u4e8e255\uff0c\u9ed8\u8ba4\u503c\u662f5\uff0c\u5bf9\u5e94\u4e8e180\u79d2\u5de6\u53f3\u3002<\/p>\n

netstat -n | awk ‘\/^tcp\/ {++S[$NF]} END {for(a in S) print a, S[a]}’<\/p><\/div>\n<\/div>\n

link:\u00a0http:\/\/blog.chinaunix.net\/uid-8786588-id-3663436.html<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"

\u5f53\u8fde\u63a5\u6570\u591a\u65f6\uff0c\u7ecf\u5e38\u51fa\u73b0\u5927\u91cfFIN_WAIT1,\u53ef\u4ee5\u4fee\u6539 \/etc\/sysctl.conf \u4fee\u6539 net.ipv …<\/span> Read More →<\/span><\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[23],"class_list":["post-69","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux"],"_links":{"self":[{"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=\/wp\/v2\/posts\/69","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=69"}],"version-history":[{"count":2,"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions"}],"predecessor-version":[{"id":71,"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions\/71"}],"wp:attachment":[{"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yanbin888.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}