One . Query command
netstat -n | awk ‘/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}’
Query results
ESTABLISHED Indicates communication in progress ,TIME_WAIT Indicates active close ,CLOSE_WAIT Indicates passive off
Two . Supplement of relevant knowledge
because socket It’s full duplex , One socket The closing of the , It takes four handshakes .
The party that actively closes the connection , call close(); Protocol layer send FIN package
Received by the passive Closing Party FIN After package , Protocol layer reply ACK; Then the passive Closing Party , Get into CLOSE_WAIT state , The active Closing Party waits for the other party to close , entering FIN_WAIT_2 state ; here , Active Closing Party
wait for
Passively shut down one party’s Application , call close operation
After the passive shutdown party completes all data transmission , call close() operation ; here , Protocol layer send FIN Package to active shutdown party , Waiting for each other’s ACK, Passive Closing Party entry LAST_ACK state ;
Received by the active Closing Party FIN package , Protocol layer reply ACK; here , The party that actively closes the connection , Get into TIME_WAIT state ; And the passive Closing Party , Get into CLOSED state
wait for 2MSL Time , Active Closing Party , end TIME_WAIT, Get into CLOSED state
Through one of the above socket Close operation , You can get the following points :
The party that actively closes the connection – Active call socket Of close Party to the operation , Will eventually enter TIME_WAIT state
The party that passively closes the connection , There is an intermediate state , namely CLOSE_WAIT, Because the protocol layer is waiting for the upper application , Active call close Actively close this connection after operation
TIME_WAIT Will wait by default 2MSL After time , Before finally entering CLOSED state ;
In a connection not entered CLOSED Before status , This connection cannot be reused !
3、 … and .socket Knowledge about
Socket What is the concept of connection ?
You often mention socket, that , What is a socket? Actually ,socket It’s just one.
Quintuples , Include :
Source IP
Source port
Purpose IP
Destination port
type :TCP or UDP
This quintuple , Identifies an available connection . Be careful , A lot of people put one socket Defined as a quadruple , That is to say
Source IP: Source port + Purpose IP: Destination port , This definition is incorrect .
for example , If your local export IP yes 180.172.35.150, So your browser is connecting to a certain Web The server , For example, when Baidu , This article socket The connected quadruple may be :
[180.172.35.150:45678, tcp, 180.97.33.108:80]
Source IP For your exit IP Address 180.172.35.150, Source port is random port 45678, Purpose IP For a load balancing server of Baidu IP 180.97.33.108, Port is HTTP The standard 80 port .
If this time , You open another browser , Visit Baidu , A new connection will be created :
[180.172.35.150:43678, tcp, 180.97.33.108:80]
The source port of this new connection is a new random port 43678.
Related articles :
https://blog.oldboyedu.com/tcp-wait/
Four .close_wait
CLOSE_WAIT quite a lot , It means that either your application has a problem , No proper shutdown socket; Or say , Your server CPU Can’t handle it (CPU Too busy ) Or your app sleeps all the way to other places ( lock , Or documents I/O wait ), Your app doesn’t get the right scheduling time , Cause your program can’t really execute close operation .
CLOSE_WAIT The solution is summed up in one sentence, which is : Check code . Because the problem is in the server program
5、 … and .TIME_WAIT
TIME_WAIT Is the state maintained by the party actively closing the connection , For a crawler server, it is “ client ”, After completing a crawling task , accept another job Initiate active connection closure , To enter TIME_WAIT The state of , And keep it that way 2MSL(max segment lifetime) After time , Close recycling completely . Why do you do this ? It’s already closed. Why keep the resources for a while ? This is TCP/IP Designer’s regulations Of , Mainly for the following two aspects :
1. Prevent packages in the last connection , Reappear when lost , Affect new connections ( after 2MSL, All duplicate packets in the last connection will disappear )
2. Reliable shutdown TCP Connect . Last sent by active shutdown party ack(fin) , Possible loss , Then the passive party will resend fin, If the active party is in CLOSED state , Will respond rst instead of ack. So the initiative should be TIME_WAIT state , And can’t be CLOSED . Another design TIME_WAIT Recycle resources regularly , It won’t take up a lot of resources , Unless a large number of requests are received or attacked in a short time .
value I have to say that , Based on TCP Of HTTP agreement , close TCP The connection is Server End , such ,Server End access TIME_WAIT state , As one can imagine , For the visit Ask a lot of questions Web Server, There will be a lot of TIME_WAIT state , If server One second reception 1000 A request , Then there will be a backlog 240*1000=240,000 individual TIME_WAIT The record of , Maintain these states to Server Burden . Of course, modern operating systems use fast search algorithms to manage these TIME_WAIT, So for the new TCP Connection request , Determine whether hit In a TIME_WAIT It won’t take long , But it’s always bad to have so many states to maintain .
6、 … and .tcp Three and four waves of
netstat -n | awk ‘/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}’
7、 … and . close_wait Too much harm
Reference article
https://www.zhihu.com/question/298214130
So when there are a lot of CLOSE_WAIT It will occupy the server fd. And a machine can turn on fd There’s a limit to that , Because it can’t be assigned fd, You can’t create a new connection !
fd yes (file descriptor), This is generally BSD Socket Usage of , Use in Unix/Linux On the system . stay Unix/Linux Under the system , One socket Handle , It can be seen as a file , stay socket Send and receive data , Equivalent to reading and writing a file , So a socket Handle , It is also used to represent the fd To express .