正常情況下,TIME_WAIT是需要存在的
為了保證客戶端發送的最后一個ACK報文能夠到達服務器,因為這個ACK可能丟失,從而導致處在LAST-ACK狀態的服務器收不到對FIN-ACK的確認報文,服務器會超時重傳這個FIN-ACK,接着客戶端再重傳一次確認,重新啟動時間等待計時器,確保兩端正確的斷開連接,並且允許老的重復字節在網絡中消逝
一個MSL默認時長為兩分鍾
但是如果服務器上TIME_WAIT過多會影響進程占用,使其他客戶端無法正常連接,而且有可能正在遭受攻擊,這時可以通過修改內核參數來調整
[root@master ~]# cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.tcp_syncookies = 1 # net.ipv4.tcp_tw_reuse = 1 #開啟重用 允許TIME-WAIT sockets重新用於新的TCP連接 net.ipv4.tcp_tw_recycle = 1 #開啟TCP連接中TIME-WAIT sockets的快速回收 net.ipv4.tcp_fin_timeout = 30 #修改系統默認的TIMEOUT時間 單位/秒 [root@master ~]# /sbin/sysctl -p #讓參數生效