問題原因:公司監控一直有告警,經排查,發現zookeeper連接監控采集機為SYN_RECV半連接狀態 ,而且這個節點已經停止采集,需要釋放這個tcp連接,但是嘗試了使用lsof命令,無法定位進程號
解決方案:網上查到一個工具 killcx,使用 killcx 工具來關閉TCP連接
killcx是一個在linux下可以關閉TCP連接的 Perl 腳本,厲害之處在於:無論該TCP連接處於什么狀態,都可以有效關閉TCP連接。
安裝:
去官網 ( http://killcx.sourceforge.net/ ) 下載安裝包,以下是官網的使用方法以及介紹,我直接復制下來了
-------------------------------------------------------------------------------------------------開始分割線-------------------------------------------------------------------------------------------
Killcx : close a TCP connection (for Linux)
Killcx is a Perl script to close a TCP connection under Linux, whatever its state is (half-open, established, waiting or closing state).
I - Overview :
Under Windows, closing a TCP connection is quite an easy task (see wKillcx), but under Linux, it's a bit more complicated : one needs to sniff the connection and extract the magic Acknowlegment and Sequence numbers from a TCP packet.
Killcx works by creating a fake SYN packet with a bogus SeqNum, spoofing the remote client IP/port and sending it to the server. It will fork a child process that will capture the server response, extract the 2 magic values from the ACK packet and use them to send a spoofed RST packet. The connection will then be closed.
Note that the fake SYN packet is sent because even if the connection was somehow stuck (no incoming/outgoing packets), killcx would still be able to close it.
II - Parameters :
- syntax : killcx [dest_ip:dest_port] {interface}
dest_ip : remote IP
dest_port : remote port
interface (optional) : network interface (eth0, lo etc).
- example : killcx 120.121.122.123:1234
killcx 120.121.122.123:1234 eth0
III - Perl modules needed :
You need the following modules to run killcx :
* Net::RawIP : needed to create spoofed packets.
* Net::Pcap : needed to capture TCP packets.
* NetPacket::Ethernet : needed to decode TCP/IP packets.
IV - Various :
- interface : the interface parameter is optional. If not given, killcx will use the first one it can find. Note that in many cases, you will get much better results by using 'lo' (loopback interface), specially if the connection is not yet or no longer in the ESTABLISHED state, for instance SYN_RECV or TIME_WAIT.
- closing connection : killcx will close the connection on both sides, your server and the remote IP, only if it is in the ESTABLISHED state. For all other states, the connection will only be closed on your server side. This doesn't matter too much because if the remote client sent another TCP packet your server would reply with a RST one anyway, except if it was a SYN packet of course.
- verboseness : killcx, both the parent and its child, will ouput all operations to the screen.
VI - Download :
killcx.tgz - v1.0.3 - (c) Jerome Bruandet
View source
-------------------------------------------------------------------------------------------------結束分割線-----------------------------------------------------------------------------------------------
官網明確指出需要安裝幾個perl依賴的庫,
You need the following modules to run killcx :
* Net::RawIP : needed to create spoofed packets. * Net::Pcap : needed to capture TCP packets. * NetPacket::Ethernet : needed to decode TCP/IP packets.
如果你的服務器可以聯網,那么你只需要做以下操作,利用CPAN安裝這幾個模塊
# perl -MCPAN -e shell cpan> install Net::RawIP cpan> install Net::Pcap cpan> install NetPacket::Ethernet
直接下載也行
cpan -i Net::RawIP Net::Pcap NetPacket::Ethernet
我執行的時候報錯,如下
# perl -MCPAN -e shell Can't locate CPAN.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .). BEGIN failed--compilation aborted.
說明你的服務器沒有安裝perl-CPAN
yum -y install perl-CPAN
安裝成功以后,直接執行以上操作,繼續安裝即可,但是我的服務器沒有網,我們需要去官網給的三個模塊的鏈接手動下載,然后進行源碼編譯安裝
直接去這個網站( https://metacpan.org/ )下載即可,而且官網有安裝模塊的教程,請自行查看
今天閑來無事,補充一下安裝過程,沒有連接互聯網的情況,其實挺簡單的
首先去官網下載三個perl的依賴庫
搜索到之后,每個依賴有安裝教程,比如這樣的
按照別人給的命令安裝就行,但是安裝Net::Packet 和 Net::Pcap的時候報錯了
CPAN installing Net::Pcap and Packet module failed due to lpcap
looking for -lpcap... no - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - You appear to lack the pcap(3) library. If it is installed in a non-standard locatio n, please try setting the LIBS and INC values on the command line. Or get the sources and install the pcap library from http://www.tcpdump.org/ If you install the pcap library using a system package, make sure to also install the corresponding -devel package, which contains the C headers needed to compile this module.
網上查到解決方法
回答1:
The README file for Net::Pcap shows how to tell Makefile.PL where to find the pcap library:
perl Makefile.PL INC=-I/opt/local/include/pcap LIBS='-L/opt/local/lib -lpcap'
(I've inserted your paths into the example.)
However, getting the cpan shell to pass those arguments to Makefile.PL is rather more complicated. You'd have to use the Distroprefs system and create a YAML file to supply the arguments. If you're not already familiar with Distroprefs, it'll probably be easier to just install Net::Pcap by hand.
回答2:
This fixed my issue:
yum -y install perl-Net-Pcap libpcap-devel
回答3:
On Ubuntu, just install libnet-pcap-perl.
第一個是回答原因,第二個是解決方法,需要聯網下載 perl-Net-Pcap libpcap-devel
通過 yum --downloadonly --downloaddir 下載,不會的自行百度,需配置epel源
自己去清華的yum源( https://mirrors.tuna.tsinghua.edu.cn/epel/ )下載也行,自己選擇方法
下載 killcx 安裝包並解壓,直接得到 killcx 腳本
----------------------------------分割線-----------------------------------------------
到這里就已經下載並且安裝完成,就是使用辦法了,官網已經有了
來個全局軟鏈方便使用: ln -s /path_for_killcx /usr/bin/killcx
我已經驗證了,有用的
參考:
https://www.e-learn.cn/content/wangluowenzhang/334934
http://www.blogdaren.com/post-2466.html