正常情况下,TIME_WAIT是需要存在的
为了保证客户端发送的最后一个ACK报文能够到达服务器,因为这个ACK可能丢失,从而导致处在LAST-ACK状态的服务器收不到对FIN-ACK的确认报文,服务器会超时重传这个FIN-ACK,接着客户端再重传一次确认,重新启动时间等待计时器,确保两端正确的断开连接,并且允许老的重复字节在网络中消逝
一个MSL默认时长为两分钟
但是如果服务器上TIME_WAIT过多会影响进程占用,使其他客户端无法正常连接,而且有可能正在遭受攻击,这时可以通过修改内核参数来调整
[root@master ~]# cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.tcp_syncookies = 1 # net.ipv4.tcp_tw_reuse = 1 #开启重用 允许TIME-WAIT sockets重新用于新的TCP连接 net.ipv4.tcp_tw_recycle = 1 #开启TCP连接中TIME-WAIT sockets的快速回收 net.ipv4.tcp_fin_timeout = 30 #修改系统默认的TIMEOUT时间 单位/秒 [root@master ~]# /sbin/sysctl -p #让参数生效