当我使用 dmesg 查看 linux 内核消息时,我看到大量....
TCP:太多孤立的套接字
消息。我的猜测是,这是在关闭后在 TIME_WAIT 中等待清除的套接字。我很想知道这是否会影响在这些服务器上运行的服务。
来自LARTC HOWTO:
/proc/sys/net/ipv4/tcp_max_orphans
Maximal number of TCP sockets not attached to any user file handle,
held by system. If this number is exceeded orphaned connections are
reset immediately and warning is printed. This limit exists only to
prevent simple DoS attacks, you _must_ not rely on this or lower the
limit artificially, but rather increase it (probably, after increasing
installed memory), if network conditions require more than default value,
and tune network services to linger and kill such states more aggressively.
Let me remind you again: each orphan eats up to 64K of unswappable memory.
限制孤儿数量的功能的实现在这里。
| 归档时间: |
|
| 查看次数: |
32636 次 |
| 最近记录: |