{"id":475,"date":"2015-11-26T14:06:54","date_gmt":"2015-11-26T14:06:54","guid":{"rendered":"5ef0b4eba35ab2d6180b0bca7e46b6f9"},"modified":"2015-11-26T14:06:54","modified_gmt":"2015-11-26T14:06:54","slug":"","status":"publish","type":"post","link":"https:\/\/www.xiaobo.li\/notes\/archives\/475","title":{"rendered":"CLOSE_WAIT SYN_RECV Netty \u5206\u6790\u8fc7\u7a0b"},"content":{"rendered":"<p>Netty\u51fa\u73b0\u5927\u91cf\u7684CLOSE_WAIT SYN_RECV\u901a\u8fc7\u4e0b\u9762\u7684\u914d\u7f6e\u89e3\u51b3<\/p>\n<p>net.ipv4.ip_forward = 0<br \/>\nnet.ipv4.conf.default.rp_filter = 1<br \/>\nnet.ipv4.conf.default.accept_source_route = 0<br \/>\nkernel.sysrq = 0<br \/>\nkernel.core_uses_pid = 1<br \/>\nnet.ipv4.tcp_syncookies = 1<br \/>\nkernel.msgmnb = 65536<br \/>\nkernel.msgmax = 65536<br \/>\nkernel.shmmax = 68719476736<br \/>\nkernel.shmall = 4294967296<br \/>\nnet.ipv4.tcp_keepalive_time = 1800<br \/>\nnet.ipv4.tcp_keepalive_intvl = 30<br \/>\nnet.ipv4.tcp_keepalive_probes = 3<br \/>\nnet.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 10<br \/>\nnet.ipv4.tcp_tw_recycle = 1<br \/>\nnet.ipv4.tcp_tw_reuse = 1<br \/>\nnet.ipv4.tcp_fin_timeout = 30<br \/>\nnet.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180<\/p>\n<p style=\"padding-bottom:0px;margin:0px 0px 10px;padding-left:0px;padding-right:0px;padding-top:0px;\">\u7528 netstat \u770b\u53d1\u73b0\u6709\u5927\u91cf\u6765\u81ea\u56fd\u5916 IP \u7684 LAST_ACK \u72b6\u6001\u7684\u8fde\u63a5\u3002<\/p>\n<p style=\"padding-bottom:0px;margin:0px 0px 10px;padding-left:0px;padding-right:0px;padding-top:0px;\">net.ipv4.tcp_syncookies = 1 \u8868\u793a\u5f00\u542fSYN Cookies\u3002\u5f53\u51fa\u73b0SYN\u7b49\u5f85\u961f\u5217\u6ea2\u51fa\u65f6\uff0c\u542f\u7528cookies\u6765\u5904\u7406\uff0c\u53ef\u9632\u8303\u5c11\u91cfSYN\u653b\u51fb\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\uff1b <br \/>\nnet.ipv4.tcp_tw_reuse = 1 \u8868\u793a\u5f00\u542f\u91cd\u7528\u3002\u5141\u8bb8\u5c06TIME-WAIT sockets\u91cd\u65b0\u7528\u4e8e\u65b0\u7684TCP\u8fde\u63a5\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\uff1b <br \/>\nnet.ipv4.tcp_tw_recycle = 1 \u8868\u793a\u5f00\u542fTCP\u8fde\u63a5\u4e2dTIME-WAIT sockets\u7684\u5feb\u901f\u56de\u6536\uff0c\u9ed8\u8ba4\u4e3a0\uff0c\u8868\u793a\u5173\u95ed\u3002 <br \/>\nnet.ipv4.tcp_fin_timeout \u4fee\u6539\u7cfb\u7d71\u9ed8\u8ba4\u7684 TIMEOUT \u65f6\u95f4<\/p>\n<p>\n\u73b0\u8c61:\u5728netstat\u7684\u65f6\u5019\u53d1\u73b0\u5927\u91cf\u5904\u4e8eLAST_ACK\u72b6\u6001\u7684TCP\u8fde\u63a5\uff0c\u8fbe\u5230\u5728ESTABLISHED\u72b6\u6001\u768490%\u4ee5\u4e0a<br \/>\n[root@ccsafe ~]# netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7 CLOSING&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp; 6838 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp; 1037 FIN_WAIT1&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 357 FIN_WAIT2&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp; 5830 LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 276 SYN_RECV&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 71 TIME_WAIT&nbsp;&nbsp; <br \/>\n[root@ccsafe ~]#<br \/>\n\u770b\u770b\u7cfb\u7edf\u72b6\u6001\uff0c\u6027\u80fd\u90fd\u82b1\u5728\u7cfb\u7edf\u4e2d\u65ad\u548c\u4e0a\u4e0b\u6587\u5207\u6362<br \/>\n[root@ccsafe ~]# vmstat 2<br \/>\nprocs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------<br \/>\nr b&nbsp;&nbsp;&nbsp; swpd&nbsp;&nbsp;&nbsp; free&nbsp;&nbsp;&nbsp; buff cache&nbsp;&nbsp;&nbsp; si&nbsp;&nbsp;&nbsp; so&nbsp;&nbsp;&nbsp;&nbsp; bi&nbsp;&nbsp;&nbsp;&nbsp; bo&nbsp;&nbsp;&nbsp; in&nbsp;&nbsp;&nbsp; cs us sy id wa st<br \/>\n1 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 3091812 363032 284132&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 1&nbsp;&nbsp;&nbsp;&nbsp; 1 0 0 100 0 0<br \/>\n0 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 3091812 363032 284132&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 13750 3174 0 5 94 0 0<br \/>\n0 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 3091936 363032 284132&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 13666 3057 1 5 94 0 0<br \/>\n0 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 3092060 363032 284132&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 16 13749 3030 0 5 95 0 0<br \/>\n0 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 3092060 363032 284132&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 13822 3144 0 5 95 0 0<br \/>\n0 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 3092060 363032 284132&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 13390 2961 0 5 95 0 0<br \/>\n0 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 3092060 363032 284132&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 13541 3182 0 6 94 0 0<\/p>\n<p>\u67e5\u770bsocket\u961f\u5217\u4fe1\u606f<br \/>\n[root@ccsafe ~]# sar -n SOCK 5<br \/>\nLinux 2.6.18-53.1.13.el5PAE (ccsafe)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10\/21\/2008<br \/>\n06:31:43 PM&nbsp;&nbsp;&nbsp;&nbsp; totsck&nbsp;&nbsp;&nbsp;&nbsp; tcpsck&nbsp;&nbsp;&nbsp;&nbsp; udpsck&nbsp;&nbsp;&nbsp;&nbsp; rawsck&nbsp;&nbsp;&nbsp; ip-frag&nbsp;&nbsp;&nbsp;&nbsp; tcp-tw<br \/>\n06:31:48 PM&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6951&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 13868&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 430<br \/>\nAverage:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6951&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 13868&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 430<br \/>\n\u6839\u636eTCP\u72b6\u6001\u7684\u53d8\u5316\u8fc7\u7a0b\u6765\u5206\u6790\uff0cLAST_ACK\u5c5e\u4e8e\u88ab\u52a8\u5173\u95ed\u8fde\u63a5\u8fc7\u7a0b\u4e2d\u7684\u72b6\u6001<br \/>\nESTABLISHED-&gt;CLOSE_WAIT-&gt;\uff08\u53d1\u9001ACK\uff09-&gt;LAST_ACK-&gt;(\u53d1\u9001FIN+\u63a5\u6536ACK)-&gt;CLOSED<br \/>\n\u73b0\u5728\u72b6\u6001\u90fd\u5806\u79ef\u5230LAST_ACK\uff0c\u521d\u6b65\u5224\u65ad\u95ee\u9898\u4ece\u4e0a\u4e0b\u4e24\u4e2a\u72b6\u6001\u7740\u624b<br \/>\n\u8c03\u8282\u4e00\u4e0bLAST_ACK\u65f6\u95f4...<br \/>\n[root@ccsafe ~]# sysctl -a |grep last_ack<br \/>\nnet.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30<br \/>\n[root@ccsafe ~]# sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack=10<br \/>\nnet.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 10<br \/>\n[root@ccsafe ~]# sysctl -p<br \/>\n[root@ccsafe ~]# watch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 5.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 9 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 6420 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 693 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 391 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 5081 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 203 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 66 TIME_WAIT<br \/>\n\u68c0\u67e5\u4e00\u4e0bLAST_ACK\u6240\u5bf9\u5e94\u7684\u5e94\u7528<br \/>\n[root@ccsafe ~]# netstat -ant|fgrep \"LAST_ACK\"|cut -b 49-75|cut -d \":\" -f1|sort |uniq -c|sort -nr --key=1,7|head -5<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 101 220.160.210.6<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 46 222.75.65.69<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 31 221.0.91.118<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 24 222.210.8.160<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 22 60.161.81.28<br \/>\n[root@ccsafe ~]#<br \/>\n[root@ccsafe ~]# netstat -an|grep \"220.160.210.6\"<br \/>\ntcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 17280 10.1.1.145:80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 220.160.210.6:52787&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ESTABLISHED<br \/>\ntcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 14401 10.1.1.145:80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 220.160.210.6:52513&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\ntcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 14401 10.1.1.145:80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 220.160.210.6:52769&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\ntcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 14401 10.1.1.145:80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 220.160.210.6:52768&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\ntcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp; 8184 10.1.1.145:80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 220.160.210.6:52515&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\ntcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 14401 10.1.1.145:80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 220.160.210.6:52514&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\ntcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp;&nbsp; 8184 10.1.1.145:80&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 220.160.210.6:52781&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <\/p>\n<p>\u662fTCP80\u7aef\u53e3\u7684\u5e94\u7528\uff0c\u8c03\u8282\u4e00\u4e0bnginx\u7684keepalive\u65f6\u95f4...<br \/>\n[root@ccsafe ~]# \/usr\/local\/nginx\/sbin\/nginx -t -c \/usr\/local\/nginx\/conf\/nginx.conf<br \/>\n2008\/10\/21 19:15:31 [info] 21352#0: the configuration file \/usr\/local\/nginx\/conf\/nginx.conf syntax is ok<br \/>\n2008\/10\/21 19:15:31 [info] 21352#0: the configuration file \/usr\/local\/nginx\/conf\/nginx.conf was tested successfully<br \/>\n[root@ccsafe ~]# ps aux|egrep '(PID|nginx)'<br \/>\nUSER&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PID %CPU %MEM&nbsp;&nbsp;&nbsp;&nbsp; VSZ&nbsp;&nbsp;&nbsp; RSS TTY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; STAT START&nbsp;&nbsp;&nbsp; TIME COMMAND<br \/>\nroot&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 8290 0.0 0.0&nbsp;&nbsp;&nbsp; 7572 1124 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Ss&nbsp;&nbsp;&nbsp; Oct04&nbsp;&nbsp;&nbsp; 0:00 nginx: master process \/usr\/local\/nginx\/sbin\/nginx<br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8291 0.2 0.3 19704 13776 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 71:35 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8292 0.3 0.2 17604 11680 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 77:26 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8293 0.2 0.4 22528 16636 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 58:13 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8294 0.3 0.4 24944 19020 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 94:07 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8295 0.3 0.5 27496 21508 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 84:41 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8296 0.3 0.1 13388 7496 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 84:14 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8297 0.2 0.0&nbsp;&nbsp;&nbsp; 9196 3268 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 58:21 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnobody&nbsp;&nbsp;&nbsp;&nbsp; 8298 0.3 0.2 15392 9504 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; S&nbsp;&nbsp;&nbsp;&nbsp; Oct04 75:16 nginx: worker process&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nroot&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 21354 0.0 0.0&nbsp;&nbsp;&nbsp; 3896&nbsp;&nbsp;&nbsp; 720 pts\/0&nbsp;&nbsp;&nbsp;&nbsp; S+&nbsp;&nbsp;&nbsp; 19:15&nbsp;&nbsp;&nbsp; 0:00 egrep (PID|nginx)<br \/>\n\uff08\u52a8\u6001\u52a0\u8f7d\u65b0\u914d\u7f6e\uff09<br \/>\n[root@ccsafe ~]# kill -HUP 8290<br \/>\n[root@ccsafe ~]#<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90 |sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp; 1138 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 7161 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp; 1427 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 396 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 5740 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 350 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 148 TIME_WAIT<br \/>\n...<br \/>\n[root@ccsafe ~]# netstat -ant|fgrep \":\"|cut -b 77-90 |sort |uniq -c<br \/>\n&nbsp;&nbsp;&nbsp; 1151 CLOSING&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp; 8506 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp; 1452 FIN_WAIT1&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 666 FIN_WAIT2&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp; 6568 LAST_ACK&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 429 SYN_RECV&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 92 TIME_WAIT&nbsp;&nbsp; <br \/>\n...<\/p>\n<p>LAST_ACK\u4e0d\u4e0b\uff0c\u800c\u4e14CLOSING \u548cFIN_WAIT\u7a81\u589e<br \/>\n\u7740\u91cd\u770b\u770b\u53ef\u5f71\u54cd\u4e3b\u52a8\u65ad\u5f00TCP\u8fde\u63a5\u65f6\u51e0\u4e2a\u53c2\u6570<br \/>\ntcp_keepalive_intvl:\u63a2\u6d4b\u6d88\u606f\u53d1\u9001\u7684\u9891\u7387<br \/>\ntcp_keepalive_probes:TCP\u53d1\u9001keepalive\u63a2\u6d4b\u4ee5\u786e\u5b9a\u8be5\u8fde\u63a5\u5df2\u7ecf\u65ad\u5f00\u7684\u6b21\u6570<br \/>\ntcp_keepalive_time:\u5f53keepalive\u6253\u5f00\u7684\u60c5\u51b5\u4e0b\uff0cTCP\u53d1\u9001keepalive\u6d88\u606f\u7684\u9891\u7387<br \/>\n[root@ccsafe ~]# sysctl -a|grep tcp_keepalive<br \/>\nnet.ipv4.tcp_keepalive_intvl = 30<br \/>\nnet.ipv4.tcp_keepalive_probes = 2<br \/>\nnet.ipv4.tcp_keepalive_time = 160<br \/>\ntcp_retries2:\u5728\u4e22\u5f03\u6fc0\u6d3b(\u5df2\u5efa\u7acb\u901a\u8baf\u72b6\u51b5)\u7684TCP\u8fde\u63a5\u4e4b\u524d?\u9700\u8981\u8fdb\u884c\u591a\u5c11\u6b21\u91cd\u8bd5<br \/>\n[root@ccsafe ~]# sysctl -a |grep tcp_retries<br \/>\nnet.ipv4.tcp_retries2 = 15<br \/>\nnet.ipv4.tcp_retries1 = 3<br \/>\n\u52a0\u901f\u5904\u7406\u90a3\u4e9b\u7b49\u5f85ACK\u7684LAST_ACK\uff0c\u51cf\u5c11\u7b49\u5f85ACK\u7684LAST_ACK\u7684\u91cd\u8bd5\u6b21\u6570<br \/>\n[root@ccsafe ~]# sysctl -w net.ipv4.tcp_retries2=5<br \/>\nnet.ipv4.tcp_retries2 = 5<br \/>\n\u51cf\u5c11keepalive\u53d1\u9001\u7684\u9891\u7387<br \/>\n[root@ccsafe ~]# sysctl -w net.ipv4.tcp_keepalive_intvl=15<br \/>\nnet.ipv4.tcp_keepalive_intvl = 15<br \/>\n[root@ccsafe ~]# sysctl -p<br \/>\n\u6392\u9664syncookies\u7684\u5f71\u54cd<br \/>\n[root@ccsafe ~]# !ec<br \/>\necho \"0\" &gt;\/proc\/sys\/net\/ipv4\/tcp_syncookies<br \/>\n[root@ccsafe ~]# echo \"1\" &gt;\/proc\/sys\/net\/ipv4\/tcp_syncookies<br \/>\n[root@ccsafe ~]# sysctl -a|grep tcp_keepalive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnet.ipv4.tcp_keepalive_intvl = 30<br \/>\nnet.ipv4.tcp_keepalive_probes = 2<br \/>\nnet.ipv4.tcp_keepalive_time = 160<br \/>\n[root@ccsafe ~]# sysctl -a|grep syncookies<br \/>\nnet.ipv4.tcp_syncookies = 1<br \/>\n\u5ef6\u957fkeepalive\u68c0\u6d4b\u5468\u671f\uff0c\u4fdd\u7559ESTABLISHED\u6570\u91cf<br \/>\n[root@ccsafe ~]# echo \"1800\" &gt;\/proc\/sys\/net\/ipv4\/tcp_keepalive_time<br \/>\n[root@ccsafe ~]# echo \"5\" &gt;\/proc\/sys\/net\/ipv4\/tcp_keepalive_probes<br \/>\n[root@ccsafe ~]# echo \"15\" &gt;\/proc\/sys\/net\/ipv4\/tcp_keepalive_intvl<br \/>\n[root@ccsafe ~]# sysctl -a|grep tcp_keepalive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\nnet.ipv4.tcp_keepalive_intvl = 15<br \/>\nnet.ipv4.tcp_keepalive_probes = 5<br \/>\nnet.ipv4.tcp_keepalive_time = 1800<br \/>\n[root@ccsafe ~]# !wat<br \/>\nwatch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 363 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5145 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp; 1073 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 174 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 6042 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 301 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 85 TIME_WAIT<\/p>\n<p>LAST_ACK\u4e0d\u4e0b\uff0c\u4f46\u662fCLOSING\u6709\u6240\u56de\u843d<br \/>\ntcp_orphan_retries:\u5728\u8fd1\u7aef\u4e22\u5f03TCP\u8fde\u63a5\u4e4b\u524d?\u8981\u8fdb\u884c\u591a\u5c11\u6b21\u91cd\u8bd5\u3002<br \/>\n[root@ccsafe ~]# sysctl -a|grep tcp_orphan<br \/>\nnet.ipv4.tcp_orphan_retries = 0<br \/>\n\u5173\u952e\uff0c\u4e22TCP\u592a\u9891\u7e41\u4e86\uff0c\u4ee5\u81f3\u4e8e\u540e\u52e4\u90fd\u8ddf\u4e0d\u4e0a\u3002\u8bbe\u7f6e\u4e22\u5f03\u4e4b\u524d\u7684\u91cd\u8bd5\u6b21\u6570<br \/>\n[root@ccsafe ~]# echo \"3\" &gt;\/proc\/sys\/net\/ipv4\/tcp_orphan_retries<br \/>\n[root@ccsafe ~]# !wat<br \/>\nwatch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 24 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5422 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 279 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 214 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 1966 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 269 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 74 TIME_WAIT<br \/>\n\u4e0a\u4e0b\u8c03\u8282\u8be5\u503c\uff0c\u627e\u4e2a\u5408\u9002\u7684\u4e34\u754c\u70b9<br \/>\n[root@ccsafe ~]# echo \"7\" &gt;\/proc\/sys\/net\/ipv4\/tcp_orphan_retries&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n[root@ccsafe ~]# !wat<br \/>\nwatch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 175 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5373 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 436 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 209 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 3184 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 283 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 110 TIME_WAIT<br \/>\n\u6062\u590d\uff0c\u540c\u65f6FIN_WAIT1\u7684\u503c\u8fc7\u9ad8\u3002\u8003\u8651\u51cf\u5c11tcp_fin_timeout\u65f6\u95f4<br \/>\n[root@ccsafe ~]# echo \"2\" &gt;\/proc\/sys\/net\/ipv4\/tcp_orphan_retries&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n[root@ccsafe ~]# sysctl -a|grep tcp_fin<br \/>\nnet.ipv4.tcp_fin_timeout = 10<br \/>\n[root@ccsafe ~]# echo \"5\" &gt;\/proc\/sys\/net\/ipv4\/tcp_fin_timeout<br \/>\n[root@ccsafe ~]# !wat<br \/>\nwatch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 17 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5665 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 145 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 141 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 1068 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 287 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 68 TIME_WAIT<br \/>\n\u76f8\u6bd4FIN_WAIT\uff0cSYN_RECV\u7684\u503c\u504f\u9ad8\u3002\u52a0\u5927\u53d1\u9001synack\u7684\u8d28\u91cf<br \/>\n[root@ccsafe ~]# sysctl -a|grep synack<br \/>\nnet.ipv4.tcp_synack_retries = 1<br \/>\n[root@ccsafe ~]# echo \"2\" &gt;\/proc\/sys\/net\/ipv4\/tcp_synack_retries<br \/>\n[root@ccsafe ~]# !wat<br \/>\nwatch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 16 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5317 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 200 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 158 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 1001 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 303 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 78 TIME_WAIT<br \/>\n[root@ccsafe ~]# sysctl -a|grep keepalive<br \/>\nnet.ipv4.tcp_keepalive_intvl = 15<br \/>\nnet.ipv4.tcp_keepalive_probes = 5<br \/>\nnet.ipv4.tcp_keepalive_time = 1800<br \/>\n[root@ccsafe ~]# watch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5356 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 175 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 136 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 1045 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 345 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 64 TIME_WAIT<br \/>\n\u51cf\u5c11keepalive\u7684\u68c0\u6d4b\u5468\u671f\uff0cLAST_ACK\u4e0a\u5347<br \/>\n[root@ccsafe ~]# echo \"10\" &gt;\/proc\/sys\/net\/ipv4\/tcp_keepalive_intvl<br \/>\n[root@ccsafe ~]# echo \"1\" &gt;\/proc\/sys\/net\/ipv4\/tcp_synack_retries&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n[root@ccsafe ~]# !wat<br \/>\nwatch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 13 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5605 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 212 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 131 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 1143 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 252 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 79 TIME_WAIT<br \/>\n\u6062\u590d<br \/>\n[root@ccsafe ~]# echo \"15\" &gt;\/proc\/sys\/net\/ipv4\/tcp_keepalive_intvl&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n[root@ccsafe ~]# watch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 14 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 5862 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 230 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 205 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp; 1064 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 244 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 59 TIME_WAIT<\/p>\n<p>[root@ccsafe ~]# watch -n 10 \"netstat -ant|fgrep \":\"|cut -b 77-90|sort |uniq -c\"<br \/>\nEvery 10.0s: netstat -ant|fgrep :|cut -b 77-90|sort |uniq -c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3 CLOSE_WAIT<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 26 CLOSING<br \/>\n&nbsp;&nbsp;&nbsp; 6712 ESTABLISHED<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 270 FIN_WAIT1<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 230 FIN_WAIT2<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 994 LAST_ACK<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 LISTEN<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp; 254 SYN_RECV<br \/>\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 73 TIME_WAIT<\/p>\n<p>[root@ccsafe ~]#<br \/>\n\u76ee\u524dLAST_ACK\u5360ESTABLISHED\u7684\u91cf\u572815%\u5de6\u53f3<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Netty\u51fa\u73b0\u5927\u91cf\u7684CLOSE_WAIT SYN_RECV\u901a\u8fc7\u4e0b\u9762\u7684\u914d\u7f6e\u89e3\u51b3<\/p>\n<p>net.ipv4.ip_forward = 0<br \/>\nnet.ipv4.conf.default.rp_filter = 1<br \/>\nnet.ipv4.conf.default.accept_source_route = 0<br \/>\nkernel.sysrq = 0<br \/>\nkernel.core_uses_pid = 1<br \/>\nnet.ipv4.tcp_syncookies = 1<br \/>\nkernel.msgmnb = 65536<br \/>\nkernel.msgmax = 65536<br \/>\nkernel.shmmax = 68719476736<br \/>\nkerne...<\/p>\n<p> <a href=\"https:\/\/www.xiaobo.li\/notes\/archives\/475\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[291],"tags":[223,224],"class_list":["post-475","post","type-post","status-publish","format-standard","hentry","category-network","tag-CLOSE_WAIT","tag-SYN_RECV"],"_links":{"self":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/comments?post=475"}],"version-history":[{"count":0,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/475\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/media?parent=475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/categories?post=475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/tags?post=475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}