1, citing common sense kernel parameters and parameters
Linux kernel parameters, can be understood as the Linux kernel during operation, to pass through to the kernel specific variables to achieve different functions.
How to view all current system kernel parameters
sysctl -a current system kernel parameters
sysctl -a | grep ". ^ Net " or view the current system of some sort, such as network like
how to modify kernel parameters
echo 1> / proc / sys / net / ipv4 / ip_forward; sysctl -p temporary changes to take effect, after restarting the system failure
echo "/ proc / sys / net / ipv4 / ip_forward = 1 >> / etc / sysctl.conf" permanent
Common Parameter Description
Kernel panic, automatic restart after 1 second
kernel.panic = 1
Allowing more PIDs (reduce rollover problems); may break some programs 32768
kernel.pid_max = 32768
Size (bytes) the maximum allowed by the kernel shared memory segment
kernel.shmmax = 4294967296
The total amount of shared memory at any given moment, the system can be used (pages)
kernel.shmall = 1073741824
Filename format generated when the core set program
kernel.corepattern = core%e
When oom occurs automatically converted into panic
vm.panic_on_oom = 1
Forced Linux VM represents the lowest number of free memory (Kbytes) Reserved
vm.min_free_kbytes = 1048576
This value is higher than 100, it will tend to lead to the recovery directory, and the kernel inode cache
vm.vfs_cache_pressure = 250
The degree of exchange indicates that the system behavior, values (0-100) higher, the more likely disk swapping
vm.swappiness = 0
Only 10% as the system cache
vm.dirty_ratio = 10
Increase the system file descriptor limit 2 ^ 20-1
fs.file-max = 1048575
Network layer optimization
listen () default parameters, the maximum number of pending requests, default 128
net.core.somaxconn = 1024
Linux increases automatically adjust TCP buffer limit
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
The maximum device into the package queue. The default is 300
net.core.netdev_max_backlog = 2000
*** open SYN flood protection
net.ipv4.tcp_syncookies = 1
Open records and fraud, source routing and redirect packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
Passive routing packet processing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
Open reverse path filtering
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
To ensure that no one can modify the routing table
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
Increase system IP port restrictions
net.ipv4.ip_local_port_range = 9000 65533
TTL
net.ipv4.ip_default_ttl = 64
Increase the maximum buffer size of TCP
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 32768 8388608
Tcp automatic window
net.ipv4.tcp_window_scaling = 1
Entering the maximum request SYN packet queue default 1024
net.ipv4.tcp_max_syn_backlog = 8192
Open reuse TIME-WAIT sockets function is very effective for a large number of Web server connection.
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 0
Expressed in a retransmission whether to enable more accurate than the time-out method (see RFC 1323) to enable calculation of the RTT; in order to achieve better performance should enable this option
net.ipv4.tcp_timestamps = 0
This machine represents a number of outwardly initiates TCP SYN connection timeout retransmission
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
Reduction in time FIN-WAIT-2 connection state, so that the system can handle more connections.
net.ipv4.tcp_fin_timeout = 10
TCP KeepAlive connection to reduce the time of detection, so that the system can handle more connections.
If a TCP connection after idle 300 seconds, the kernel was initiated probe. If the probe 2 times (2 seconds each time) is not successful, the kernel was completely abandon, that the connection has failed.
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_intvl = 2
The system can handle the maximum number of TCP sockets do not belong to any process
net.ipv4.tcp_max_orphans = 262144
System while maintaining maximum number of TIME_WAIT sockets, if more than this number, TIME_WAIT sockets will be cleared immediately and print a warning message.
net.ipv4.tcp_max_tw_buckets = 20000
arp_table optimize the cache limit
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 4096
2, how / proc view the top of the display process status
/ Proc directory on a Linux system is a file system that proc file system. And other common file system is different, / proc is a pseudo-file system (ie, a virtual file system), stored in a series of special files in the current state of the kernel is running, the user can view information about the system hardware through these documents and the current information of running processes, and even can be changed by changing the operating state of the kernel of some files. This directory contains information about the status of each process.
Some parameters and significance
PID: process id, corresponds to / proc / #, / proc directory next to the digital directory named.
USER: owner of the process, / proc / # / status file, the first column of numbers beginning with Uid row.
PR: priority.
NI: nice value.
VIRT: virtual memory set.
RES: Set accounted permanent memory, / proc / # / status file to VmRSS beginning of the line.
SHR: shared memory set, / proc / # / status file line to VmLib beginning.
S: Process Status, / proc / # / status file to begin with State line.
% CPU: CPU time percentage.
% MEM: the percentage of occupied physical memory, / proc / # / status file to VmRSS beginning of the line.
TIME +: long-CPU processes running.
COMMAND: process name, / proc / # / status file to the beginning of the Name of the line.
Write an infinite loop to observe
##### endless loop script
#! / Bin / bash
to true the while
do
echo "Hello" &> / dev / null
DONE
##### Top view command script running status
the PID the USER the NI PR VIRT the SHR the RES MEM the TIME% S% + the COMMAND the CPU
11885 113.18 thousand the root 20 is 0 R & lt 100.0 0.0 10 1212 1028 : 25.56 SH
##### View at / proc directory process state
[root @ node01 11885] # pwd
/ proc / process directory 11885 #
[root @ node01 11885] # LS
attr clear_refs cpuset fd Limits MEM STAT NET oom_score projid_map sessionid Task
autogroup cmdline CWD fdinfo loginuid mountinfo ns oom_score_adj root setgroups statm timers
COMM Environ gid_map map_files mounts numa_maps of pagemap sched smaps Status uid_map auxv
cgroup coredump_filter EXE IO Maps mountstats oom_adj Personality schedstat Stack syscall WCHAN
[root @ node01 11885] #
The meaning of each file ##### represented
cmdline - start full command of the current process, but zombie process directory file does not contain any information;
[root @ node01 11885] # More cmdline
SH
CWD - point to the current processes running directory a symbolic link;
[root @ node01 11885] # LS the -l CWD
lrwxrwxrwx 1 root root 0 1 Yue 20:21 CWD 21 -> / root / scripts.
Environ - list of environment variables for the current process, with each other with a space character (NULL ) apart; variable uppercase letters, lowercase letters value;
EXE - starting point to the current process executable file (full path) is a symbolic link, a copy of the current process can be initiated by the / proc / N / exe;
fd - this is a directory that contains the file descriptor of the current process every file open (file descriptor), the file descriptor is a symbolic link to the actual file;
[root @ node01 11885] # cd fd
[root @ node01 fd ] # ls -l
total amount of 0
. LRWX the root the root. 1 ------ 64 0 20:36, January 21 -> / dev / PTS / 0
. LRWX the root. 1 ------ January 21, the root 64 . 1 20:36 -> / dev / PTS / 0
. LRWX the root 64 the root. 1 ------ . 1 dated 21 20:36 2 -> / dev / pts / 0
. lr-x ------ 1 root root 64 . 1 20:36 255 dated 21 is -> /root/scripts/while.sh
Limits - the current process used by each of a limited resource soft limit and a hard limit management unit; this document only by actual users start UID current process of reading; (kernel version 2.6.24 later support this feature);
MEM - the current process memory space occupied by calling used by open, read and lseek systems , a user can not be read;
STAT - current process state information, the data sequence comprises a formatting system, poor readability, typically used by the ps command;
statm - current process memory occupancy status information, generally "page" (page) represents;
Status - stat information provided with similar, but better readability, as shown, each row represents attribute information; its details see the proc man page;
[@ amdha01 the root 11885] # More Status
the Name: SH
Umask for: 0022
State: R & lt (running)
TGID: 11885
Ngid: 0
the Pid: 11885
PPID: 7573
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 256
Groups: 0
VmPeak: 113 180 kB
VmSize: 113 180 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 1212 kB
VmRSS: 1212 kB
RssAnon: 184 kB
RssFile: 1028 kB
RssShmem: 0 kB
VmData: 208 kB
VmStk: 132 kB
VmExe: 884 kB
VmLib: 2092 kB
VmPTE: 60 kB
VmSwap: 0 kB
Threads: 1
SigQ: 0/15077
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000004
SigCgt: 0000000000010000
CapInh: 0000000000000000
CapPrm: 0000001fffffffff
CapEff: 0000001fffffffff
CapBnd: 0000001fffffffff
CapAmb: 0000000000000000
Seccomp: 0
Cpus_allowed: 3
Cpus_allowed_list: 0-1
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,000
00000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 1
nonvoluntary_ctxt_switches: 152160
3, respectively while, for loop detection IP address subnet 10.0.0.1/24 survival
#! /usr/bin/env bash
for subip in seq 1 254; do
ip=10.0.0.${subip}
if ping -W 1 -c 1 ${ip} &> /dev/null; then
echo "${ip} is alive"
fi
done
#! /usr/bin/env bash
Subip = 1
while [ ${subip} -lt 255 ]; do
ip=10.0.0.${subfix}
if ping -W 1 -c 1 ${ip} &> /dev/null; then
echo "${ip} is alive"
fi
subip=$[$subip+1]
done
4, the operation of the initrd
Speaking of the role of initrd startup process we look under the Linux server:
POST -> BOOT Sequence (the BIOS) -> the Boot Loader (the MBR) -> Kernel (ramdisk) -> rootfs -> swichroot -> / sbin / init -> (. etc / inittab, / etc / init / * conf) -> set the default operating level -> system initialization scripts -> shut down or start at the corresponding level of service -> start terminal
and inird role is to be used in Kernel start-up phase.
In fact, initrd-release.img is an image file, similar to the ramdisk, a program package to the img, and then open up some areas in memory at boot time, which are included in some initialization procedures, such as sisc_mod, ext3, sd_mod modules and insmod, nash commands. Different kernel, initialization img may be the same or different, if not, can be added in the NO initrd grub.conf where it is detected and skipped initrd performed. Its role is in no mount / partition before the system to perform some operations, such as mount scsi drive, it took initrd released into the memory, make a virtual /, then execute a script in the root directory "linuxrc" , and run insmod nash mount command module. Why do we sometimes grub configuration file does not join the rows can boot normally do? This is because we generally do not have a PC using a scsi hard disk drive needs to load its devices, so even if there is no initrd-release.img can boot normally.
Overall this sub-steps
a. Loading the kernel starts initrd img, mount is /
B. Linuxrc instructions executed by / general hardware scanning system, found in the current file system driver of installation.
C. Mounting system the real /
Reproduced in: https: //blog.51cto.com/14387464/2410920