[ I suppose this is not the best place to ask this, but
comp.os.linux.networking couldn't come up with a good answer and I can't
think of any intermediate step between these two groups ;-( ]
I'd like (as root, obviously) to kill some of the TCP connections visible
in netstat. I've found `tcpkill' and `cutter' but `cutter' only kills TCP
connections that go *though* the machine (in my case, the machine is not
a router, so there aren't any such thu connections anyway) and `tcpkill'
can only kill the conection after seeing some activity (and it doesn't know
to exit when the connections are killed). Also those 2 tools seem
just overkill.
I'd like simply to do (metaphorically)
rm /tcpfs/<foo>
so it should not need to involve *any* use of the TCP protocol: just kill it
locally, warn the associated process(es), free the resources and let the
other end deal with it.
The main use for me is to deal with dangling connections due to taking
network interfaces up&down with different IP addresses (typically the wlan0
interface where the IP is different because I've modes from an AP to
another). Of course, maybe there's another way to solve this particular
problem, in case I'd like to hear about it as well.
Stefan
Stefan Monnier <[email protected]> writes:
>
> The main use for me is to deal with dangling connections due to taking
> network interfaces up&down with different IP addresses (typically the wlan0
> interface where the IP is different because I've modes from an AP to
> another). Of course, maybe there's another way to solve this particular
> problem, in case I'd like to hear about it as well.
Long ago I did a 2.4 patch that solved exactly this problem. It introduced
a new ifconfig flag "dynamic" and when a dynamic address went down
all TCP connections originating from it were killed. It's still available
in older SUSE releases. I might post a forward port later.
-Andi
Andi Kleen <[email protected]> wrote:
> Stefan Monnier <[email protected]> writes:
>> The main use for me is to deal with dangling connections due to taking
>> network interfaces up&down with different IP addresses (typically the wlan0
>> interface where the IP is different because I've modes from an AP to
>> another). Of course, maybe there's another way to solve this particular
>> problem, in case I'd like to hear about it as well.
>
> Long ago I did a 2.4 patch that solved exactly this problem. It introduced
> a new ifconfig flag "dynamic" and when a dynamic address went down
> all TCP connections originating from it were killed. It's still available
> in older SUSE releases. I might post a forward port later.
There is a /proc/sys/net/ipv4/ip_dynaddr sysctl in 2.6.21.
--
If at first you don't succeed, call it version 1.0
Fri?, Spammer: [email protected]
[email protected] [email protected]
>> The main use for me is to deal with dangling connections due to taking
>> network interfaces up&down with different IP addresses (typically the wlan0
>> interface where the IP is different because I've modes from an AP to
>> another). Of course, maybe there's another way to solve this particular
>> problem, in case I'd like to hear about it as well.
> Long ago I did a 2.4 patch that solved exactly this problem. It introduced
> a new ifconfig flag "dynamic" and when a dynamic address went down
> all TCP connections originating from it were killed. It's still available
> in older SUSE releases. I might post a forward port later.
Actually, I'm pretty happy sometimes with the current behavior: if the
interface goes down and back up with the same AP within a short enough time,
it typically gets the same IP and the router's NAT table still has the TCP
connection live and things "just work".
So I'd want to kill the connections not when the interface goes down, but in
comes back up with a different IP.
Stefan
> There is a /proc/sys/net/ipv4/ip_dynaddr sysctl in 2.6.21.
Actually, it does look promising, thanks.
Stefan
On Tue, Oct 16, 2007 at 01:50:55AM +0200, Bodo Eggert wrote:
> Andi Kleen <[email protected]> wrote:
> > Stefan Monnier <[email protected]> writes:
>
> >> The main use for me is to deal with dangling connections due to taking
> >> network interfaces up&down with different IP addresses (typically the wlan0
> >> interface where the IP is different because I've modes from an AP to
> >> another). Of course, maybe there's another way to solve this particular
> >> problem, in case I'd like to hear about it as well.
> >
> > Long ago I did a 2.4 patch that solved exactly this problem. It introduced
> > a new ifconfig flag "dynamic" and when a dynamic address went down
> > all TCP connections originating from it were killed. It's still available
> > in older SUSE releases. I might post a forward port later.
>
> There is a /proc/sys/net/ipv4/ip_dynaddr sysctl in 2.6.21.
That only handles SYN_SENT and does something different (it rewrites
the source address)
-Andi
Stefan Monnier wrote:
> [ I suppose this is not the best place to ask this, but
> comp.os.linux.networking couldn't come up with a good answer and I can't
> think of any intermediate step between these two groups ;-( ]
>
> I'd like (as root, obviously) to kill some of the TCP connections visible
> in netstat. I've found `tcpkill' and `cutter' but `cutter' only kills TCP
> connections that go *though* the machine (in my case, the machine is not
> a router, so there aren't any such thu connections anyway) and `tcpkill'
> can only kill the conection after seeing some activity (and it doesn't know
> to exit when the connections are killed). Also those 2 tools seem
> just overkill.
> I'd like simply to do (metaphorically)
>
> rm /tcpfs/<foo>
>
> so it should not need to involve *any* use of the TCP protocol: just kill it
> locally, warn the associated process(es), free the resources and let the
> other end deal with it.
>
> The main use for me is to deal with dangling connections due to taking
> network interfaces up&down with different IP addresses (typically the wlan0
> interface where the IP is different because I've modes from an AP to
> another). Of course, maybe there's another way to solve this particular
> problem, in case I'd like to hear about it as well.
>
I'd like a way to just close TCP connections which are misbehaving in
some way, not necessarily due to bad intent. I envision some tool which
would take either IP or IP+port and send an RST to both ends. Yes, I
could write one, but I bet someone already has. I did something similar
a few years ago, but the requestor owns the code.
--
Bill Davidsen <[email protected]>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot