linux服务器,发现大量TIME_WAIT
今天登陆linux服务器,发现大量TIME_WAIT
参考资料:http://coolnull.com/3605.html 酷喃|coolnull| » 大量TIME_WAIT解决办法
[root@webserver ~]# netstat -anltp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1886/php-fpm tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3556/nginx tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 3556/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1208/sshd tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN 3556/nginx tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1287/master tcp 0 0 192.168.1.80:38326 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38274 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38290 192.168.1.98:3310 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7970 TIME_WAIT - tcp 0 0 192.168.1.80:38302 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38282 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38330 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38310 192.168.1.98:3310 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7934 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9082 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7950 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9080 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7918 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9076 TIME_WAIT - tcp 0 0 192.168.1.80:38246 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38298 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38278 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38250 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38262 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38266 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9074 TIME_WAIT - tcp 0 0 192.168.1.80:38314 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38318 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38258 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:38294 192.168.1.98:3310 TIME_WAIT - tcp 0 0 192.168.1.80:80 192.168.1.253:9078 TIME_WAIT - tcp 0 2752 192.168.1.80:22 192.168.1.253:63163 ESTABLISHED 26740/sshd tcp 0 0 192.168.1.80:38334 192.168.1.98:3310 TIME_WAIT - tcp 0 0 127.0.0.1:9000 127.0.0.1:7986 TIME_WAIT - tcp 0 0 :::3306 :::* LISTEN 3508/mysqld tcp 0 0 :::22 :::* LISTEN 1208/sshd tcp 0 0 ::1:25 :::* LISTEN 1287/master tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11372 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11368 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11348 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11336 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11396 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11412 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11400 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11356 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11380 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11404 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11364 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11332 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11344 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11388 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11416 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11408 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11384 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11352 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11420 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11340 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11376 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11392 TIME_WAIT - tcp 0 0 ::ffff:192.168.1.80:3306 ::ffff:192.168.1.80:11360 TIME_WAIT - [root@webserver ~]#
解决:发现系统存在大量TIME_WAIT状态的连接,通过调整内核参数解决
# vi /etc/sysctl.conf //加入以下内容,net.ipv4.tcp_syncookies默认就有,不需要再添加 # Controls the use of TCP syncookies cat >>/etc/sysctl.conf<<"EOF" net.ipv4.tcp_syncookies = 1 # The TIME-WAIT sockets for new connections can be reused net.ipv4.tcp_tw_reuse = 1 # Enable fast recycling of TIME-WAIT sockets status net.ipv4.tcp_tw_recycle = 1 # Decrease the time default value for tcp_fin_timeout connection net.ipv4.tcp_fin_timeout = 30 EOF #然后执行 /sbin/sysctl -p 让参数生效 /sbin/sysctl -p
修改之后,过一会再看发现大量的TIME_WAIT 已不存在.
以上只是暂时的解决方法
附录:
附录1.参数说明
net.ipv4.tcp_syncookies = 1 表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理可防范少量SYN攻击,默认为0表示关闭;
net.ipv4.tcp_tw_reuse = 1 表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭;
net.ipv4.tcp_tw_recycle = 1 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭。
net.ipv4.tcp_fin_timeout = 30 修改系統默认的TIMEOUT时间,改为30s