How do I get rid of sockets in FIN_WAIT1 state?

Question

I have a port that is blocked by a process I needed to kill. (a little telnet daemon that crashed). The process was killed successfully but the port is still in a 'FIN_WAIT1' state. It doesn't come out of it, the timeout for that seems to be set to 'a decade'.

The only way I've found to free the port is to reboot the entire machine, which is ofcourse something I do not want to do.

$ netstat -tulnap | grep FIN_WAIT1 
tcp        0  13937 10.0.0.153:4000         10.0.2.46:2572          FIN_WAIT1  -

Does anyone know how I can get this port unblocked without rebooting?

score 25 · Accepted Answer · edited Jan 04 '17 at 03:40

25

# record what tcp_max_orphans's current value
original_value=$(cat /proc/sys/net/ipv4/tcp_max_orphans)

#set the tcp_max_orphans to 0 temporarily
echo 0 > /proc/sys/net/ipv4/tcp_max_orphans

# watch /var/log/messages
# it will split out "kernel: TCP: too many of orphaned sockets"
# it won't take long for the connections to be killed

# restore the value of tcp_max_orphans whatever it was before. 
echo $original_value > /proc/sys/net/ipv4/tcp_max_orphans

# verify with 
netstat -an|grep FIN_WAIT1

edited Jan 04 '17 at 03:40

unpythonic

103
3

answered Oct 15 '14 at 14:54

IdaWong

366
3
6

2

it would improve the answer to first make note of `$whateveritwas` before overwriting it. – haventchecked May 02 '16 at 05:43
Tried it, even modified the code to wait before restoring the value (until no FIN_WAIT1 connections remain) and it does not do anything. – Everyone May 31 '22 at 02:10

score 7 · Answer 2 · answered May 13 '09 at 09:32

7

You should be able to set the timeout with /proc/sys/net/ipv4/tcp_fin_timeout.

There really doesn't seem to be any way to clear the socket manually.

answered May 13 '09 at 09:32

innaM

1,428
9
9

7

This answer is not correct. tcp_orphan_retries affects FIN_WAIT1, tcp_fin_timeout affects FIN_WAIT2. – suprjami Jun 26 '13 at 04:49
suprjami is correct, tcp_fin_timeout affects FIN_WAIT2. Which is only triggered when using SO_LINGER. – hookenz May 15 '14 at 02:32
@innaM Can you please remove this answer? It is not correct and accumulating downvotes. I see that you are still active, therefore it seems to make the most sense to remove the answer. – Andrew B Sep 10 '14 at 14:07
@Andrew B: Seems that it's not possible to delete accepted answers. – innaM Oct 11 '14 at 12:40

score 6 · Answer 3 · answered Dec 28 '10 at 11:35

6

It seems that tcp_orphan_retries setting controls how many attempts will be done before a server-less port is released. It was 0 here, after setting it to 1 the ports were gone.

HTH

answered Dec 28 '10 at 11:35

user64877

61
1
1

1

Closely related: 0 is a default which means 8. http://serverfault.com/a/408882/152073 – Andrew B Sep 10 '14 at 16:44

score 5 · Answer 4 · edited Nov 12 '12 at 19:21

5

/proc/sys/net/ipv4/tcp_fin_timeout is the timeout of the FIN-WAIT-2 state, not FIN-WAIT-1. You should go with the tcpkill route or you can try to play with the keepalive times under /proc/sys/net/ipv4/tcp_keepalive_* to force a kill by the SO.

edited Nov 12 '12 at 19:21

Ryan Ahearn

317
2
10

answered Oct 14 '09 at 14:15

score 2 · Answer 5 · edited Jul 23 '15 at 07:41

2

Running these steps under root ID and it cleared for me:

Capture the kernel setting to change in a variable

$ orig_orphans=$(sysctl -a|grep tcp_max_orph|cut -f3 -d' ')

Temporarily set the max orphans to 0

$ sysctl -w net.ipv4.tcp_max_orphans=0

Check to make sure that problematic port is no longer in use

$ netstat -np|grep 9716

Wait a bit and repeat above step if needed until above command returns no lines

Reset the tcp_max_orphans kernel parameter back to the original value from the variable above

$ sysctl -w net.ipv4.tcp_max_orphans=$orig_orphans

edited Jul 23 '15 at 07:41

Richard

719
8
15

answered Jul 22 '15 at 22:46

Rad Mandapati

21
1

Hi, Welcome to Serverfault. I edited your post to make the formatting of your answer more consistent with other answers on this site. For your next answer please do not use as much titles as you did here and consider taking other answers as a template for your own answers. Thanks for your contribution though. Enjoy your ride on serverfault. – Richard Jul 23 '15 at 05:43

score 1 · Answer 6 · answered May 13 '09 at 11:15

FIN_WAIT1

The application on local machine has closed the connection. Indication of this has been sent to the remote machine.

You application has closed its side of the connection, the socket is now waiting for the remote side to confirm that close. If you have a problem with a lot of those sockets being held in FIN_WAIT1 then you should follow Manni's advice above.

score 1 · Answer 7 · answered Jul 09 '19 at 10:55

1

On linux kernel >= 4.9 you can use the ss command from iproute2 with key -K

ss -K dst 192.168.1.214 dport = 49029 the kernel have to be compiled with CONFIG_INET_DIAG_DESTROY option enabled.

via https://unix.stackexchange.com/a/511691/43898

answered Jul 09 '19 at 10:55

eri

274
2
4
15

score -1 · Answer 8 · answered May 13 '09 at 10:18

-1

Maybe tcpkill would help? More here: http://www.cyberciti.biz/howto/question/linux/kill-tcp-connection-using-linux-netstat.php

answered May 13 '09 at 10:18

Kazimieras Aliulis

2,324
2
26
45

score -4 · Answer 9 · edited Mar 23 '13 at 07:10

-4

this may help:

net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_retries2 = 2
net.ipv4.tcp_orphan_retries = 1
net.ipv4.tcp_reordering = 5
net.ipv4.tcp_retrans_collapse = 0

edited Mar 23 '13 at 07:10

user9517

114,104
20
206
289

answered Mar 23 '13 at 06:01

wkf1436

1
1

8

It may help if you explain what all that is. We are professionals, and as such, we do not blindly paste stuff in and hope it helps. – Michael Hampton Mar 23 '13 at 06:38

How do I get rid of sockets in FIN_WAIT1 state?

9 Answers9