Receive queue 和 Send queue 理解说明

2017-01-11 08:02:07来源:作者:人点击

第七城市
1、关于netstat -anq 的 Recv-Q与Send-Q说明[root@zayhu01-mb ~]# netstat -anp | headActive Internet connections (servers and established)Proto Recv-Q Send-Q Local AddressForeign Address State PID/Program nametcp00 0.0.0.0:220.0.0.0:* LISTEN2742/sshdtcp00 0.0.0.0:8888 0.0.0.0:* LISTEN29931/rubytcp00 0.0.0.0:4505 0.0.0.0:* LISTEN15776/python2.6tcp00 0.0.0.0:4506 0.0.0.0:* LISTEN15783/python2.6tcp00 0.0.0.0:280270.0.0.0:* LISTEN2880/bin/mongodtcp00 0.0.0.0:504910.0.0.0:* LISTEN2567/rpc.statdtcp00 0.0.0.0:242240.0.0.0:* LISTEN29931/rubytcp00 0.0.0.0:100500.0.0.0:* LISTEN31248/zabbix_agentd[root@zayhu01-mb ~]#What It Means"Proto" is short for protocol, which is either TCP or UDP. "Recv-Q" and "Send-Q" mean receiving queue and sending queue. These should always be zero; if they're not you might have a problem. Packets should not be piling up in either queue, except briefly, as this example shows: tcp 0 593 192.168.1.5:34321 venus.euao.com:smtp ESTABLISHED That happened when I hit the "check mail" button in KMail; a brief queuing of outgoing packets is normal behavior. If the receiving queue is consistently jamming up, you might be experiencing a denial-of-service attack. If the sending queue does not clear quickly, you might have an application that is sending them out too fast, or the receiver cannot accept them quickly enough. "Local address" is either your IP and port number, or IP and the name of a service. "Foreign address" is the hostname and service you are connected to. The asterisk is a placeholder for IP addresses, which of course cannot be known until a remote host connects. "State" is the current status of the connection. Any TCP state can be displayed here, but these three are the ones you want to see大致意思如下:Recv-Q Send-Q分别表示网络接收队列,发送队列。Q是Queue的缩写。这两个值通常应该为0,如果不为0可能是有问题的。packets在两个队列里都不应该有堆积状态。可接受短暂的非0情况。如下中的示例,短暂的Send-Q队列发送pakets非0是正常状态。如果接收队列Recv-Q一直处于阻塞状态,可能是遭受了拒绝服务 denial-of-service 攻击。如果发送队列Send-Q不能很快的清零,可能是有应用向外发送数据包过快,或者是对方接收数据包不够快。Recv-Q:表示收到的数据已经在本地接收缓冲,但是还有多少没有被进程取走,recv()Send-Q:对方没有收到的数据或者说没有Ack的,还是本地缓冲区.通过netstat的这两个值就可以简单判断程序收不到包到底是包没到还是包没有被进程recv。例如:[root@zayhu01-mb ~]# netstat -anp|grep 16715 | grep 7070 | grep -v LISTENsctp 00 172.34.11.11:7070172.34.28.118:37733 ESTABLISHED 16715/javasctp 0 604 172.34.11.11:7070172.34.0.206:36314 ESTABLISHED 16715/javasctp 0 839 172.34.11.11:7070172.34.17.191:44516 ESTABLISHED 16715/javasctp 0 483 172.34.11.11:7070172.34.5.72:38376ESTABLISHED 16715/javasctp 0 482 172.34.11.11:7070172.34.23.190:60160 ESTABLISHED 16715/javasctp 00 172.34.11.11:7070172.34.8.26:41579ESTABLISHED 16715/javasctp 00 172.34.11.11:7070172.34.8.151:60199 ESTABLISHED 16715/javasctp 00 172.34.11.11:7070172.34.27.100:38005 ESTABLISHED 16715/javasctp 0 607 172.34.11.11:7070172.34.11.11:36616 ESTABLISHED 16715/javasctp 00 172.34.11.11:7070172.34.10.26:45828 ESTABLISHED 16715/javasctp 0 787 172.34.11.11:7070172.34.2.121:53356 ESTABLISHED 16715/javasctp 0 752 172.34.11.11:7070172.34.28.86:37574 ESTABLISHED 16715/javasctp 0 483 172.34.11.11:7070172.34.16.161:35600 ESTABLISHED 16715/javasctp 00 172.34.11.11:7070172.34.0.206:45765 ESTABLISHED 16715/javasctp 00 172.34.11.11:7070172.34.17.191:42716 ESTABLISHED 16715/java[root@zayhu01-mb ~]# netstat -anp|grep 16715 | grep 7070 | grep -v LISTEN | awk '{sum+=$2}END{print sum}' Recv-Q的总和0[root@zayhu01-mb ~]# netstat -anp|grep 16715 | grep 7070 | grep -v LISTEN | awk '{sum+=$3}END{print sum}' Send-Q的总和4503[root@zayhu01-mb ~]#
2、关于 /proc/net/sctp/assocs 文件说明[root@zayhu01-mb ~]# awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs
ASSOC SOCKSTY SST ST HBKT ASSOC-ID TX_QUEUE RX_QUEUE UID INODE LPORT RPORT LADDRS <-> RADDRS HBINT INS OUTS MAXRT T1X T2X RTXC wmema wmemq sndbuf rcvbufffff88036c975000 ffff88073bf05c00 213 26138697020 501 925943431 7070 41343 172.34.11.11 <-> *172.34.16.161 7500 10 1010 0 00 1529 1280212992212992ffff880003223000 ffff88073bf07300 213 351310600 501 903426908 7070 37788 172.34.11.11 <-> *172.34.21.131 7500 10 1010 0 0010212992212992解释:awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs 输出LPORT列包含7070的行awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs |awk '{for(i=1;i<NF;i++)if($i~/RX_QUEUE/)k=i;print $k}'输出 RX_QUEUE列awk '{for(i=1;i<NF;i++)if($i~/LPORT/)l=i;if($l~/7070|LPORT/)print }' /proc/net/sctp/assocs |awk '{for(i=1;i<NF;i++)if($i~/RX_QUEUE/)k=i;print $k}'|grep -v "RX_QUEUE"|awk '{sum+=$1}'END'{print sum}' 计算这一列的总和assoc: 表示assoc的内存地址。sock:表示sock的内存地址。STY:表示sctp sock的类型。SCTP_SOCKET_UDP= 0, SCTP_SOCKET_UDP_HIGH_BANDWIDTH= 1, SCTP_SOCKET_TCP= 2,SST: 表示sock的状态。sctp的sock状态延续了tcp协议的状态。 sctp中sock的状态: SCTP_SS_CLOSED = TCP_CLOSE, //7 SCTP_SS_LISTENING= TCP_LISTEN, //10 SCTP_SS_ESTABLISHING= TCP_SYN_SENT, //2 SCTP_SS_ESTABLISHED = TCP_ESTABLISHED, //1 SCTP_SS_CLOSING= TCP_CLOSING, //11ST: 表示assoc的状态。 assoc的状态取值如下: /* SCTP state defines for internal state machine */ SCTP_STATE_EMPTY= 0, SCTP_STATE_CLOSED= 1, SCTP_STATE_COOKIE_WAIT= 2, SCTP_STATE_COOKIE_ECHOED = 3, SCTP_STATE_ESTABLISHED= 4, SCTP_STATE_SHUTDOWN_PENDING = 5, SCTP_STATE_SHUTDOWN_SENT = 6, SCTP_STATE_SHUTDOWN_RECEIVED = 7, SCTP_STATE_SHUTDOWN_ACK_SENT = 8,HBKT: 表示该assoc在hash表中的hash值。ASSOC-ID:表示该连接的ID值。TX_QUEUE: 表示发送缓存的内存使用量,单位:字节。RX_QUEUE: 表示接收队列的内存使用量,单位:字节。UID INODE: 分别表示sock所对应的uid和inode值。LPORT RPORT:分别表示本地端口和远端端口。LADDRS <-> RADDRS :分别表示本地IP地址和远端IP地址。HBINT:表示assoc发送heartbeat的间隔时间OUTS:同INS类似,表示该assoc可以允许发送的最大 stream数,默认值是10。MAXRT:表示该assoc允许的最大重传数,默认值是10T1X:表示该assoc重传的INIT chunk的次数。T2X:表示该assoc重传的SHUTDOWN chunk的次数。RTXC:表示该assoc重传的DATA chunk的次数。本文出自 “WorkNote” 博客,请务必保留此出处http://caiyuanji.blog.51cto.com/11462293/1889693
第七城市

最新文章

123

最新摄影

微信扫一扫

第七城市微信公众平台