TCP：太多孤立套接字是什么意思？

Question 1

/proc/sys/net/ipv4/tcp_max_orphans

Maximal number of TCP sockets not attached to any user file handle, 
held by system. If this number is exceeded orphaned connections are
reset immediately and warning is printed. This limit exists only to
prevent simple DoS attacks, you _must_ not rely on this or lower the
limit artificially, but rather increase it (probably, after increasing
installed memory), if network conditions require more than default value,
and tune network services to linger and kill such states more aggressively.

Let me remind you again: each orphan eats up to  64K of unswappable memory.

限制孤儿数量功能的实现是这里。

Answer

来自拉拉训练中心如何：

/proc/sys/net/ipv4/tcp_max_orphans

Maximal number of TCP sockets not attached to any user file handle, 
held by system. If this number is exceeded orphaned connections are
reset immediately and warning is printed. This limit exists only to
prevent simple DoS attacks, you _must_ not rely on this or lower the
limit artificially, but rather increase it (probably, after increasing
installed memory), if network conditions require more than default value,
and tune network services to linger and kill such states more aggressively.

Let me remind you again: each orphan eats up to  64K of unswappable memory.

限制孤儿数量功能的实现是这里。

Question 2

此错误的可能原因是系统耗尽套接字内存。您需要增加套接字内存（net.ipv4.tcp_mem）或找出内存消耗的原因

        [root@test ~]# cat /proc/sys/net/ipv4/tcp_mem
         362688  483584  725376

因此在我的系统中您可以看到 725376（页）*4096=2971140096 字节/1024*1024=708 兆字节

因此，这 708 兆字节的内存被应用程序用于发送和接收数据，同时也被我的环回接口使用。如果在任何阶段达到了这个值，就不能再建立套接字，直到这块内存从保持套接字打开的应用程序释放出来，您可以使用 netstat -antulp 来确定这一点。

Answer

此错误的可能原因是系统耗尽套接字内存。您需要增加套接字内存（net.ipv4.tcp_mem）或找出内存消耗的原因

        [root@test ~]# cat /proc/sys/net/ipv4/tcp_mem
         362688  483584  725376

因此在我的系统中您可以看到 725376（页）*4096=2971140096 字节/1024*1024=708 兆字节

因此，这 708 兆字节的内存被应用程序用于发送和接收数据，同时也被我的环回接口使用。如果在任何阶段达到了这个值，就不能再建立套接字，直到这块内存从保持套接字打开的应用程序释放出来，您可以使用 netstat -antulp 来确定这一点。

TCP：太多孤立套接字是什么意思？

答案1

答案2

相关内容