What does tcp_orphan_retries set to 0 mean?

linux networking tcp sysctl
7,234

Solution 1

It doesn't mean "try forever", it means "don't try at all." This is the server trying to politely tell the client that the server is getting ready to close his socket, and if it would please do an orderly disconnect, or send some more data, that would be wonderful. It will try X times to get the client to respond, and after X, it reclaims the socket on the system side.

Setting that number to 0 would suggest to me that that server is heavily utilized, with a zero tolerance policy for orphans. It may also have been a response to a DDOS: lot of DDOS' work by opening a socket connection and then hanging on to it, doing nothing.

Solution 2

Setting tcp_orphan_retries to 0 is a special case, see tcp_timer.c

 98 /* Calculate maximal number or retries on an orphaned socket. */
 99 static int tcp_orphan_retries(struct sock *sk, int alive)
 100 {
 101         int retries = sysctl_tcp_orphan_retries; /* May be zero. */
 102 
 103         /* We know from an ICMP that something is wrong. */
 104         if (sk->sk_err_soft && !alive)
 105                 retries = 0;
 106 
 107         /* However, if socket sent something recently, select some safe
 108          * number of retries. 8 corresponds to >100 seconds with minimal
 109          * RTO of 200msec. */
 110         if (retries == 0 && alive)
 111                 retries = 8;
 112         return retries;
 113 }
Share:
7,234

Related videos on Youtube

ajianzheng
Author by

ajianzheng

Updated on September 18, 2022

Comments

  • ajianzheng
    ajianzheng over 1 year

    Does setting tcp_orphan_retries to 0 mean there is no limit to retries, or does it mean that it won't retry at all?

  • jjrv
    jjrv about 12 years
    I had that number set to 0 by default and the result was that the orphans stick around forever. Had to set it to a larger number to make them go away.
  • hookenz
    hookenz almost 10 years
    Which supports what the man page says. "tcp_orphan_retries (integer; default: 8; since Linux 2.4)"
  • Andrew B
    Andrew B over 9 years
    This comment is for tcp_out_of_resources(), and "an administratively configured limit" is closer in definition to tcp_max_orphans.
  • Massimo
    Massimo over 8 years
    it means "don't try at all." : incorrect. see the answer with the kernel function tcp_orphan_retries()
  • Elad Nava
    Elad Nava almost 8 years
    This answer is incorrect! Setting tcp_orphan_retries to 0 means 8. See xrtgavin's answer below.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

sysctl setting for maximum connections from ip address
Netstat -s showing (and growing) "packets pruned from receive queue" and "packets collapsed in receive queue"
what is the command in linux to kill tcp connection or session?
How to avoid java.net.BindException: Address already in use
Trouble on state FIN_WAIT_1
How to make all outgoing RST drop
minimal TCP MSS in Linux
opening port 7 (echo port) on Linux/Debian
Send TCP with incorrect checksums
Capture only TCP SYN-ACK packets with tcpdump