i4box’s Blog

What, Why, How ?



19:08:01.196965 IP > Flags [S], seq 475071557, win 1460, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
19:08:01.197002 IP > Flags [S.], seq 2477638798, ack 475071558, win 1460, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
19:08:01.197216 IP > Flags [.], ack 1, win 2, length 0
19:08:03.032342 IP > Flags [F.], seq 1, ack 1, win 2, length 0
19:08:03.032505 IP > Flags [R.], seq 2, ack 1, win 2, length 0
19:08:03.032515 IP > Flags [F.], seq 1, ack 2, win 2, length 0
19:08:03.032845 IP > Flags [R], seq 475071559, win 0, length 0


net.ipv4.tcp_max_orphans = 0


Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed. This limit exists only to prevent simple DoS attacks, you must not rely on this or lower the limit artificially, but rather increase it (probably, after increasing installed memory), if network conditions require more than default value, and tune network services to linger and kill such states more aggressively. Let me to remind again: each orphan eats up to ~64 KB of unswappable memory.


How may times to retry before killing TCP connection, closed by our side. Default value 7 corresponds to 50sec-16min depending on RTO. If your machine is a loaded WEB server, you should think about lowering this value, such sockets may consume significant resources. Cf. tcp_max_orphans